eap Mailing List: Re: Re: AMSKs for MIPv6

[Julien Bournelle (julien.bournelle]

Hi jari,

On Sun, Nov 06, 2005 at 01:38:51AM +0200, Jari Arkko wrote:
> Bernard Aboba wrote:
> 
> >Is an EAP exchange being run between the MN and AAA server, with the 
> >HA serving as the "EAP authenticator"?  
> 
> There are multiple scenarios. If the scenario is according to your
> assumption above, then there may be no need at all for new protocols
> or keys. Specifically, MNs can, already today use EAP
> authentication to the home agent via draft-ietf-mip6-ikev2-ipsec,
> IKEv2, and IKEv2 EAP mode. This implies that AAA server delivers
> an MSK to the HA which is then subsequently used by IKEv2
> authentication process; DH keys are used in IKEv2 to get keys
> for the actual IPsec SA which protects the BUs.
> 
> So that works today, I think.
> 
> What Julien, Gerardo et al are addressing is probably a
> different scenario, however. I'm not quite sure what
> the complete list of scenarios is. But one scenario that
> I can think of is where there's a desire to avoid a second
> AAA transaction from the HA by using an AMSK from an
> EAP authentication that already happened for other
> purposes. I remain personally unconvinced that such
> an optimization is needed, because there's a lot of
> protocol design, implementation effort, and assumptions
> to eliminate a few roundtrips from something that
> only needs to happen once (not on every movement).
> 
> A third scenario is when not IPsec but
> mip6-auth-option is used when there's no
> credential that fits mip6-auth-option usage
> directly.  (If such credential were available, then we
> would not need anything beyond mip6-auth-option.
> Note also that such credential may exist through
> roaming relationship, not necessarily needed to have
> it in HA or local AAA.) The only practical case that
> I can think of where this becomes a problem is where
> MN has an EAP credential (e.g. SIM, TLS) for the
> home network but that credential is not fit for
> usage in mip6-auth-option because it needs to be
> a plain shared secret.
> 
> Anyway, in that scenario EAP-based AMSKs could
> potentially be used as the shared secrets for
> mip6-auth-option. This seems largely inline with
> what EAP keying framework allows to do, but
> of course the devil is in the details, and there'd
> have to be a document that describes the security
> analysis of the system. I tend to agree with you Bernard
> that the HA needs to be involved in some way.
> 
> Julien, Gerardo, Avi -- what are the scenarios where
> you'd like to use AMSK?

 the scenario that I had in mind is the one described by gerardo. We
 have an authentication for network access using EAP. We derive an AMSK
 for mip6. Then the mobile obtains an home agent and runs IKEv2. But
 we'd like to use psk for authentication instead of EAP in the IKEv2
 exchange. In this case, while recieving the third message of IKEv2 with
 AUTH payload (the MN uses the AMSK-mip6 or key derived from AMSK-mip6
 as psk), the HA requests the key to the AAA.

 Other services such as FMIPv6 may benefit from such a mechanism based
 on AMSK.

 Julien

> 
> --Jari
> 
> _______________________________________________
> eap mailing list
> eap [at] lists.frascone.com
> http://lists.frascone.com/mailman/listinfo/eap

-- 
julien.bournelle at int-evry.fr