| RE: Re: AMSKs for MIPv6 | <– Date –> <– Thread –> |
From: Avi Lior (avi bridgewatersystems.com)
|
|
| Date: Thu, 3 Nov 2005 21:42:55 -0500 (EST) | |
Hi Bernard, > -----Original Message----- > From: eap-admin [at] lists.frascone.com > [mailto:eap-admin [at] lists.frascone.com] On Behalf Of Bernard Aboba > Sent: Thursday, November 03, 2005 8:46 PM > To: eap [at] frascone.com > Subject: [eap] Re: AMSKs for MIPv6 > > >MN <------> HA <-------> AAA > > >So we'll need exchange between MN and HA and between HA and AAA. No. There is an EAP exchange between the MN and the AAA. So the call flow looks like this: MN NAS HA AAA Access Request (EAP) +++++++++---------------------> Normal EAP Authentication Access Accept (EAP Success + keys) +++++++++<--------------------- MIPv6 Binding Update ====================> Access Request ----------> Access Accept MIPv6 Binding Answer <---------- <===================== As shown above we do normal EAP based access request. The NAS is the authenticator. When that is completed, the MN performs a MIPv6 Binding Update. The HA receives the BU and because it doesn't know the MN it uses the NAI and consults with the AAA server. We would like to use the EAP keys or Keys derived from the EAP for the MIPv6 part. > Is an EAP exchange being run between the MN and AAA server, > with the HA serving as the "EAP authenticator"? If so, the > end result of this exchange is that the MN, HA and AAA server > share a key. > > >The EAP peer and server derive MSK and EMSK. The AAA server > requests to > >the EAP server an 'AMSK for Mobile IPv6'. > > > >A mobility management entity (not the EAP lower layer) on the mobile > >node requests locally the 'AMSK for Mobile IPv6' to the EAP layer. > > Assuming that the HA is acting as an "EAP authenticator" > here, the end result of this is that the MN and the EAP > server/AAA server now have mutually authenticated to each > other and have derived an AMSK that they know > is fresh, and which is known only to them. The HA and AAA > server now > mutually authenticate and derive a cryptographically secure > channel. The AMSK is now transported to the HA, which can > use it in a mutual proof of possession exchange with the MN. > > >Then, if we want that the mobile node shares a key with the HA, this > >implies that the HA requests a key to the AAA server. > > Before the HA can request a key from the AAA server, it needs > to prove that > it is authorized to receive that key. Typically this > requires that it > mutually authenticate to the AAA server *and* include some > "proof of liveness" from the EAP peer to show that the peer > is actually interested in communicating with it. > > So a better way to think about this is that the HA is not > really requesting a key -- it is the EAP peer that is > requesting that the AAA Server send a > key to that specific HA. If the EAP peer and AAA server > share a trust > relationship and are mutuall authenticated, and if the HA and > AAA server are mutually authenticated, and if the key that is > being requested is unambiguously specified (e.g. it is > "named"), then the AAA server will authorize the request and > transport the key to the HA. > > >I stay vague here. But one can imagine that the 'AMSK for > Mobile IPv6' > >is used by the MN to authenticate himself to the AAA. > > "Key Request" proposals typically require mutual > authentication between the EAP peer and AAA server. For > example, if the MN/peer had previously established a cached > AMSK with the AAA server, it can subsequently prove > possession of that AMSK, and ask that a key derived from that > AMSK be sent > to an HA that it specifies. This request needs to be > "routed" through the > HA itself, which mutually authenticates to the AAA server. > This guarantees that the "Key Request" is authenticated, > bound to the entities involved in the exchange, and can > generate fresh keys (this part probably requires nonces to be > exchanged by the parties). > > >This pre-shared key will be derived at MN and AAA from the "AMSK for > >Mobile IPv6" and then transported from the AAA to the HA. > > If the key is dynamically derived it is not a pre-shared key. > > >SO the 'AMSK for Mobile IPv6' is cached on the AAA server and MN but > >not transported. The key derived for MN-HA is deleted on the AAA and > >transported to the HA. > > Right. > > >Does such a mechanism seem correct respective to EAP keying > framework ? > > It seems compatible with the "Key Request" extension that has > been discussed. > > > _______________________________________________ > eap mailing list > eap [at] lists.frascone.com > http://lists.frascone.com/mailman/listinfo/eap >
-
Re: AMSKs for MIPv6 Bernard Aboba, November 3 2005
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- Re: Re: AMSKs for MIPv6 Jari Arkko, November 6 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- RE: Re: AMSKs for MIPv6 Avi Lior, November 3 2005
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
- RE: Re: AMSKs for MIPv6 Gerardo Giaretta, November 4 2005
- RE: Re: AMSKs for MIPv6 Avi Lior, November 4 2005
- RE: Re: AMSKs for MIPv6 Nakhjiri Madjid-MNAKHJI1, November 4 2005
Results generated by Tiger Technologies using MHonArc.