eap Mailing List: Re: Issue: AAA Key Caching effectively prohibited?

[Jari Arkko (jari.arkko]

Nakhjiri Madjid-MNAKHJI1 wrote:

> Several EAP methods (EAP-AKA) are adding fast re-authentication
> procedures, based on the knowledge of master key (have to read the draft
> again, to see which key is needed) after the initial authentication. If
> you delete the key, you cannot perform fast re-authentications.
>  
Methods do indeed have fast re-auth schemes. However,
the keys they use are internal to the methods (TEKs) and not
exported or visible to the EAP layer, lower layer, or AAA.
That is, they do not need EMSK or AMSK support.
Caching of TEKs is allowed by the keying framework.
Section 3.3 says:

  EAP methods may cache local keying material which may persist for
  multiple EAP conversations when fast reconnect is used [RFC 3748].
  For example, EAP methods based on TLS (such as EAP-TLS [RFC2716])
  derive and cache the TLS Master Secret, typically for substantial
  time periods.

Anyway, the use of such fast re-auth schemes helps with
expensive auth procedures (such as in TLS) or when
there's a potentially high volume of operations to the
long-term secret that you may wish to optimize (such
as in SIM/AKA). However, this does not help minimize
AAA transactions to the home network. That is, its
not a fast handoff mechanism if "fast handoff" is
defined as an operation that does not need another
transaction all the way back to the home network.

--Jari