eap Mailing List: RE: Strawman -10/EMSK deletion requirement?

[Salowey, Joe (jsalowey]

> Madjid>>I guess the number of people who are not sure about definition
> of AAA layer is more than one :)
> Joking aside, what is your reason what not making EMSK available to
> lower layer, while doing so for MSK is ok? What is the fundamental
> difference.
> > 
[Joe] If you pass the EMSK to the lower layer it becomes effectively the
same as the MSK.  If you want use the EMSK to key an independent
application that uses a different authenticator the security of that
application becomes completely dependent upon the lower layer its
authenticator.  

> > In both cases we require deletion of EMSK after generation of AMSK, 
> > why?
> > 
> [Joe] To minimize the chance of exposure of the EMSK.  Why do you need
> to cache it? Could you generate and cache an AMSK instead?  
> 
> Madjid>>because a priori I cannot know how many AMSKs I may 
> need later.
> An application may pop up later that needs keying or I move to a
> different domain that may require a new AMSK, but I cannot anticipate
> the move ahead of time...
> 
[Joe] A different application I may understand although it seems the
system typically knows the applications that are in use.  If you don't
I'm not sure how can authorize the distribution of keys.  For the
handoff case consider deriving an Handoff AMSK from the EMSK.  This
handoff AMSK becomes the root of all keys used for handoff. When you
move you derive a key from the handoff AMSK. 

> 
> > Thanks,
> > 
> > Madjid
> > 
> > -----Original Message-----
> > From: Salowey, Joe [mailto:jsalowey [at] cisco.com]
> > Sent: Wednesday, March 01, 2006 5:17 PM
> > To: Nakhjiri Madjid-MNAKHJI1; Rafa Marin Lopez; Bernard Aboba
> > Cc: eap [at] frascone.com
> > Subject: RE: [eap] Strawman -10
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Nakhjiri Madjid-MNAKHJI1 
> [mailto:Madjid.Nakhjiri [at] motorola.com]
> > > Sent: Wednesday, March 01, 2006 2:38 PM
> > > To: Rafa Marin Lopez; Bernard Aboba
> > > Cc: eap [at] frascone.com
> > > Subject: RE: [eap] Strawman -10
> > > 
> > > Madjid>>Again, why is deletion of EMSK after generation of
> > > one AMSK is a
> > > requirements. What if we need to create multiple AMSKs 
> and that at 
> > > multiple occassions?
> > > 
> > > 
> > > 
> > > Well, actually, lower layer authenticator implementation
> > should expect
> > > (MSK,EMSK) in the case EAP method is executed by the standalone 
> > > authenticator or (MSK,AMSK) in the case EAP method is executed by 
> > > backend authentication server. If it receives (MSK,EMSK)
> > should create
> > 
> > > AMSK and delete EMSK. If it receives (MSK,AMSK) , that's
> > all, correct?
> > 
> > [Joe] Not really, strictly speaking the lower layer 
> shouldn't expect 
> > to receive the EMSK as that would break mode independence.  An 
> > architectural description should not have the lower layer receiving 
> > the keys. From a supplicant perspective it must appear the same 
> > whether an external EAP-Server or a collocated EAP server is used.  
> > Now I don't know what is going on inside your box, it could all be 
> > monolithic when a internal EAP server is used but that shouldn't be 
> > visible to the external world.  If I was interested in 
> cryptographic 
> > module separation I might not be too happy if you shared 
> the EMSK with
> 
> > the lower layer.
> > 
> > > _________________________________________________________________
> > > To unsubscribe or modify your subscription options, please visit:
> > > http://lists.frascone.com/mailman/listinfo/eap
> > > 
> > > Arhives: http://lists.frascone.com/pipermail/eap
> > > 
> > 
>