| RE: Re: AMSKs for MIPv6 | <– Date –> <– Thread –> |
From: Gerardo Giaretta (Gerardo.Giaretta TILAB.COM)
|
|
| Date: Fri, 4 Nov 2005 03:28:58 -0500 (EST) | |
Hi Avi, Bernard, all what we have been discussing in the MIP6 bootstrapping DT is slightly different. Please see my comments below.. > > > > >MN <------> HA <-------> AAA > > > > >So we'll need exchange between MN and HA and between HA and AAA. > > No. There is an EAP exchange between the MN and the AAA. > > So the call flow looks like this: > > MN NAS HA AAA > Access Request (EAP) > +++++++++---------------------> Normal EAP > Authentication > Access Accept (EAP Success + keys) > +++++++++<--------------------- > > MIPv6 Binding Update > ====================> Access Request > ----------> > Access Accept > MIPv6 Binding Answer <---------- > <===================== > > As shown above we do normal EAP based access request. > > The NAS is the authenticator. > So far it is correct. > When that is completed, the MN performs a MIPv6 Binding Update. > Before performing a MIPv6 BU, the MN must set up an IPsec SA with the HA. In the DT we are thinking that an AMSK (or a key derived from the AMSK) may be used as the pre-shared key in the IKE_AUTH exchange between MN and HA. The AAA server should send this key to the HA before the MN gets in touch with the HA. As far as I understand from Bernard's comments, this is ok if the MN/EAP peer requests the AAA server to perform the key delivery and if HA and AAA server are mutually authenticated. Please correct me if I'm wrong. A different approach may be the following (pull approach): the MN starts IKE_AUTH with the AMSK as the pre-shared key. During IKEv2 exchange the HA requests the key to AAA server. If I understand correctly from Bernard comment, this is not possible based on EAP keying. > The HA receives the BU and because it doesn't know the MN it uses the > NAI and consults with the AAA server. > This MAY be possible if mip6-auth option is used. If IPsec is used to authenticate BUs this is not correct. > We would like to use the EAP keys or Keys derived from the EAP for the > MIPv6 part. > (DT leader hat on) Just a bit of history: in the bootstrapping DT we have addressed two scenarios, the split scenario and the integrated scenario. In the integrated scenario the entity that authenticates and authorizes the MN for network access service and the entity that authenticates and authorizes the MN for MIPv6 service are the same. This implies that the MIPv6 bootstrapping procedure may be optimized (e.g. in terms of round trips) if the outcome of the authentication for network access is used also for mobility service. The usage of an AMSK for MIPv6 is one possible approach to achieve that. Currently the DT has not produced any draft on this since we are waiting for a normative reference for AMSK and we would like having some feedback from EAP WG. (DT leader hat off) An old draft (expired) about this is http://www-lor.int-evry.fr/~maknavic/DRAFT/draft-giaretta-mip6-amsk-00.t xt. Thanks, --Gerardo > > > > Is an EAP exchange being run between the MN and AAA server, > > with the HA serving as the "EAP authenticator"? If so, the > > end result of this exchange is that the MN, HA and AAA server > > share a key. > > > > >The EAP peer and server derive MSK and EMSK. The AAA server > > requests to > > >the EAP server an 'AMSK for Mobile IPv6'. > > > > > >A mobility management entity (not the EAP lower layer) on > the mobile > > >node requests locally the 'AMSK for Mobile IPv6' to the EAP layer. > > > > Assuming that the HA is acting as an "EAP authenticator" > > here, the end result of this is that the MN and the EAP > > server/AAA server now have mutually authenticated to each > > other and have derived an AMSK that they know > > is fresh, and which is known only to them. The HA and AAA > > server now > > mutually authenticate and derive a cryptographically secure > > channel. The AMSK is now transported to the HA, which can > > use it in a mutual proof of possession exchange with the MN. > > > > >Then, if we want that the mobile node shares a key with > the HA, this > > >implies that the HA requests a key to the AAA server. > > > > Before the HA can request a key from the AAA server, it needs > > to prove that > > it is authorized to receive that key. Typically this > > requires that it > > mutually authenticate to the AAA server *and* include some > > "proof of liveness" from the EAP peer to show that the peer > > is actually interested in communicating with it. > > > > So a better way to think about this is that the HA is not > > really requesting a key -- it is the EAP peer that is > > requesting that the AAA Server send a > > key to that specific HA. If the EAP peer and AAA server > > share a trust > > relationship and are mutuall authenticated, and if the HA and > > AAA server are mutually authenticated, and if the key that is > > being requested is unambiguously specified (e.g. it is > > "named"), then the AAA server will authorize the request and > > transport the key to the HA. > > > > >I stay vague here. But one can imagine that the 'AMSK for > > Mobile IPv6' > > >is used by the MN to authenticate himself to the AAA. > > > > "Key Request" proposals typically require mutual > > authentication between the EAP peer and AAA server. For > > example, if the MN/peer had previously established a cached > > AMSK with the AAA server, it can subsequently prove > > possession of that AMSK, and ask that a key derived from that > > AMSK be sent > > to an HA that it specifies. This request needs to be > > "routed" through the > > HA itself, which mutually authenticates to the AAA server. > > This guarantees that the "Key Request" is authenticated, > > bound to the entities involved in the exchange, and can > > generate fresh keys (this part probably requires nonces to be > > exchanged by the parties). > > > > >This pre-shared key will be derived at MN and AAA from the > "AMSK for > > >Mobile IPv6" and then transported from the AAA to the HA. > > > > If the key is dynamically derived it is not a pre-shared key. > > > > >SO the 'AMSK for Mobile IPv6' is cached on the AAA server > and MN but > > >not transported. The key derived for MN-HA is deleted on > the AAA and > > >transported to the HA. > > > > Right. > > > > >Does such a mechanism seem correct respective to EAP keying > > framework ? > > > > It seems compatible with the "Key Request" extension that has > > been discussed. > > > > > > _______________________________________________ > > eap mailing list > > eap [at] lists.frascone.com > > http://lists.frascone.com/mailman/listinfo/eap > > > _______________________________________________ > eap mailing list > eap [at] lists.frascone.com > http://lists.frascone.com/mailman/listinfo/eap > Gruppo Telecom Italia - Direzione e coordinamento di Telecom Italia S.p.A. ==================================================================== CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please send an e_mail to MailAdmin [at] tilab.com. Thank you ====================================================================
- Re: Re: AMSKs for MIPv6, (continued)
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- Re: Re: AMSKs for MIPv6 Jari Arkko, November 6 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- RE: Re: AMSKs for MIPv6 Avi Lior, November 3 2005
- RE: Re: AMSKs for MIPv6 Gerardo Giaretta, November 4 2005
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
- RE: Re: AMSKs for MIPv6 Avi Lior, November 4 2005
- RE: Re: AMSKs for MIPv6 Nakhjiri Madjid-MNAKHJI1, November 4 2005
Results generated by Tiger Technologies using MHonArc.