Page 1
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 1/106
21-08-0080-02-0sec 1
IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: 21-08-0080-02-0sec-security-signaling-during-handovers-tutorial
Title: Media-Independent Handover Security Tutorial
Date Submitted: March 18, 2008
Presented at IEEE 802.21 session #25 in Orlando
Authors or Source(s):
Yoshihiro Ohba (Toshiba), Marc Meylemans (Intel), Subir Das
(Telcordia Technologies)Abstract: This document provides a tutorial on Media-Independent
Handover Security
Wednesday, July 29, 2009
Page 2
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 2/106
21-08-0080-02-0sec 2
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE 802.21 Working Group. It isoffered as a basis for discussion and is not binding on the contributingindividual(s) or organization(s). The material in this document is subject tochange in form and content after further study. The contributor(s) reserve(s)the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in thecreation of an IEEE Standards publication; to copyright in the IEEE’s nameany IEEE Standards publication even though it may include portions of thiscontribution; and at the IEEE’s sole discretion to permit others to reproduce inwhole or in part the resulting IEEE Standards publication. The contributor alsoacknowledges and accepts that this contribution may be made public by IEEE
802.21.The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of
the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During
IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE 802.21 Working Group. It isoffered as a basis for discussion and is not binding on the contributingindividual(s) or organization(s). The material in this document is subject tochange in form and content after further study. The contributor(s) reserve(s)the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in thecreation of an IEEE Standards publication; to copyright in the IEEE’s nameany IEEE Standards publication even though it may include portions of thiscontribution; and at the IEEE’s sole discretion to permit others to reproduce inwhole or in part the resulting IEEE Standards publication. The contributor alsoacknowledges and accepts that this contribution may be made public by IEEE802.21.
The contributor is familiar with IEEE patent policy, as stated in Section 6 of theIEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards
Development http://standards.ieee.org/board/pat/faq.pdf >
Wednesday, July 29, 2009
Page 3
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 3/106
Page 4
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 4/106
21-08-0080-02-0sec 4
Overview of 802.21
Please refer to the Tutorial presented inJuly 2006
http://www.ieee802.org/21/Tutorials/802%2021-IEEE-Tutorial.ppt
Wednesday, July 29, 2009
Page 5
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 5/106
21-08-0080-02-0sec 5
IEEE 802.21 StandardMedia Independent Handover Services
• Optimize Layer 3 and above Handovers• (e.g., 802.3 <> 802.11 <> 802.16 <> Cellular)
• Key Services• L2 Triggers and Measurement Reports
• 802.11, 802.16 radios• Enables Network Initiated Handovers
• Information Service• Optimum Network Discovery and Selection• Lower Power operation for Multi-Radio devices
• Handover Messages• Between Mobile Node (MN) <>Point of Service (PoS) (e.g., BS/AP)
• Between PoS1 <> PoS2 (Resource Query, HO Indication)
• Further Information is available at www.ieee802.org/21
Wednesday, July 29, 2009
Page 6
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 6/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network Information
Available NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
Page 7
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 7/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
Page 8
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 8/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
Page 9
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 9/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
802.21 MIH Function
Protocol and Device Hardware
Applications (VoIP/RTP)
ConnectionManagement
WLAN Cellular WMAN
L2 Triggersand Events
InformationService
Mobility Management Protocols
SmartTriggers
InformationService
Handover Messages
Handover Management
Handover Policy
Handover Messages I E
E E 8
0 2 . 2
1
I E T F
Wednesday, July 29, 2009
Page 10
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 10/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
802.21 MIH Function
Protocol and Device Hardware
Applications (VoIP/RTP)
ConnectionManagement
WLAN Cellular WMAN
L2 Triggersand Events
InformationService
Mobility Management Protocols
SmartTriggers
InformationService
Handover Messages
Handover Management
Handover Policy
Handover Messages I E
E E 8
0 2 . 2
1
I E T F
Wednesday, July 29, 2009
Page 11
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 11/106
21-08-0080-02-0sec 7
General MIH Reference Model andService Access Points (SAPs)
M I H
_ L I N K_
S A P
M I H_
S A P
Media-IndependentHandover Function
(MIHF)
RemoteMIHF
M I H
_ N E T_
S A P
MIH ProtocolTransport
(Layer 2 orLayer 3)
LLC_SAP
MIH Users
Layer 3 orHigher Layer
Mobility Protocol
Link Layer(IEEE 802.3,IEEE 802.11,
IEEE 802.16)
SAPs defined in IEEE 802.21 Specification
M I H
_ N E T_
S A P
MIH
Services
(ES,CS,
IS)
MIH ProtocolMIH Services(ES, CS, IS)
Wednesday, July 29, 2009
Page 12
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 12/106
21-08-0080-02-0sec 8
Technical Challenges in Handovers
Challenge Motivation
Efficient NetworkDiscovery and Selection
Inter-Network Neighbor Advertisements reducepower consumption in scanning. The 802.11module will only turn on if 802.11 coverage isavailable
Low Latency Handovers Requires inter-RAT interface. Speeds up handoff procedure (passing security keys, resourcereservation).
Service Provider’s Controlin Target NetworkSelection
Enables service providers to enforce handoff policies and decisions. Requires inter-RATmeasurement reporting
Service Continuity Eliminate L3 mobility signaling in inter-RATmobility by keeping L3 anchor in the previous RATaccess gateway. Requires inter-RAT interface
Wednesday, July 29, 2009
Page 13
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 13/106
21-08-0080-02-0sec 8
Technical Challenges in Handovers
Challenge Motivation
Efficient NetworkDiscovery and Selection
Inter-Network Neighbor Advertisements reducepower consumption in scanning. The 802.11module will only turn on if 802.11 coverage isavailable
Low Latency Handovers Requires inter-RAT interface. Speeds up handoff procedure (passing security keys, resourcereservation).
Service Provider’s Controlin Target NetworkSelection
Enables service providers to enforce handoff policies and decisions. Requires inter-RATmeasurement reporting
Service Continuity Eliminate L3 mobility signaling in inter-RATmobility by keeping L3 anchor in the previous RATaccess gateway. Requires inter-RAT interface
Target Preparation is the Key aspect of Optimized Handovers
Wednesday, July 29, 2009
Page 14
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 14/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
Wednesday, July 29, 2009
Page 15
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 15/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
1. Inter-RAT NeighborAdvertisements.
Wednesday, July 29, 2009
Page 16
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 16/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
2. Inter-Access GatewayI/f Pass network context
from Source to Target for
Optimized Handovers
1. Inter-RAT NeighborAdvertisements.
Wednesday, July 29, 2009
Page 17
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 17/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
2. Inter-Access GatewayI/f Pass network context
from Source to Target for
Optimized Handovers
1. Inter-RAT NeighborAdvertisements.
3. Network-initiated Handovers
Require Measurement Reports
and H/O messages over Core
Network and air-interface
Wednesday, July 29, 2009
Page 18
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 18/106
21-08-0080-02-0sec 10
802.21 History & Timeline
1H
2004
2H
2004
802.21 WGCreated
Call For Proposals
1H
2005
14 InitialProposals
2H
2005
1H
2006
Down selection Initial802.21 Draft Text
2H
2006
Initiate Amendments to802.11u, 802.16g.IETF (MIPSHOP) on L3
Year
2007
Sponsor Ballot
Year
2008
802.21 Spec
Ratified *
2009-
2010
802.21Deployment*
WG Letter Ballot
*Projected Timelines
Two New Study Groups (July – 2007)- Security in Handovers- Multi-Radio Power Management
Wednesday, July 29, 2009
Page 19
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 19/106
21-08-0080-02-0sec 11
Network Access Security Model
Wednesday, July 29, 2009
Page 20
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 20/106
21-08-0080-02-0sec 12
Network Access Security Steps
Step 1: Network access authenticationStep 2: Secure association
Step 3: Access control and ciphering
Entities involved:• MN: Mobile Node• PoA: Point of Attachment (e.g., Access
Point)• AS: Authentication Server (e.g., AAA
server)
MN changes its PoA due to handover
MN PoA AS
Step 1: Network Access Authentication
Step 2: Secure Association
Network access security is all about how to bind the three stepstogether to provide appropriate security properties for network access with the use of security associations (SAs)
Step 3: Access Control
and Ciphering
Wednesday, July 29, 2009
Page 21
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 21/106
21-08-0080-02-0sec 13
Security Associations (SAs)
SAmp: An SA between MN and PoA
SAma: An SA between MN and ASSApa : An SA between PoA and AS
• SApa is pre-established through AAA or other protocols
• SAma will be established through a mutually authenticated key establishmentas an access authentication (in Step 1)
• SAmp is dynamically established with creation of a Session Key
MN PoA
AS
SAma SA pa
SAmp
Wednesday, July 29, 2009
Page 22
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 22/106
21-08-0080-02-0sec 14
Step 1 - Network Access Authentication
• MN and AS conduct EAP to establish SAmp
• EAP (Extensible Authentication Protocol) exports two keys:• MSK (Master Session Key) - distributed from AS to PoA protected by SApa
• EMSK (Extended Master Session Key) – used for other purpose
• EAP is transported at link-layer as well as higher layers• Link-layer EAP transport in IEEE 802: 802.1X, PKMv2• Higher-layer EAP transport: PANA (Protocol for carrying Authentication for
Network Access), IKEv2 (Internet Key Exchange version 2), RADIUS/Diameter
MN* PoA* AS*
EAP-Request
EAP-Response AAA{EAP-Response}
AAA{EAP-Request}EAP-Request
:AAA{EAP-Success,MSK }EAP-Success
* Note: MN, PoA andAS are EAP peer,authenticator andserver, respectively,and represent onedeployment model.:
Wednesday, July 29, 2009
Page 23
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 23/106
Page 24
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 24/106
21-08-0080-02-0sec 16
Step 3 – Access Control and Ciphering
• Access control enforces link-layer data frames to be exchanged
between MN and PoA only after a successful run of NetworkAccess Authentication and Secure Association
• Link-layer data frames are cryptographically protected with the
use of ciphering keys depending on underlying link-layertechnologies
Wednesday, July 29, 2009
S i Si i
Page 25
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 25/106
21-08-0080-02-0sec 17
Security Signaling Latency
• Approximately 90% of the latency originates from the EAP signaling
during network access authentication (full authentication)• EAP authentication takes on average 100s of ms, while the layer 2 key
management (4-way handshake (HS) in 802.11 and 3-way handshake in802.16) takes on average less than 10ms.
802.11 802.16
MN: Mobile NodeAP: Access PointBS: Base StationAAA: AAA server
Wednesday, July 29, 2009
Page 26
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 26/106
21-08-0080-02-0sec 18
Handover Scenarios
• Two Common Cases• Intra-technology Handovers• Inter-technology Handovers
Wednesday, July 29, 2009
Page 27
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 27/106
21-08-0080-02-0sec 19
Intra-Technology Handovers
Wednesday, July 29, 2009
S l ti A il bl T d
Page 28
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 28/106
21-08-0080-02-0sec 20
Solutions Available Today
• Several handover solutions available today are centered around
intra-technology handovers (AP to AP, BS to BS and typicallywithin the same AAA domain)
• IEEE 802.11 solutions:• Pre-authentication (as defined in 802.11i)
• Fast BSS Transition (under Sponsor Ballot in TGr)• IEEE 802.16 solution:
• Handover Process Optimization (as defined in 802.16e)
• IEEE 802.1 solution
• Roaming (reconnect) solution (under letter Ballot in 802.1af)
• Main goal of the above solutions is to decrease the time it takesto do an EAP-based network access authentication
Wednesday, July 29, 2009
802 11i P th ti ti
Page 29
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 29/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i P th ti ti
Page 30
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 30/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
Page 31
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 31/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
Page 32
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 32/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
Page 33
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 33/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
MSK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
Page 34
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 34/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
MSK
MSK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
Page 35
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 35/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
MSK
MSK
8 0 2 . 1 1 i 4
- W a y
H a n d
s h a k
e
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i - Pre-authentication
Page 36
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 36/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2 MSK
MSK
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
Page 37
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 37/106
802 11i - Pre-authentication
Page 38
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 38/106
21-08-0080-02-0sec 21
802.11i Pre authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2
• STA performs 802.11i 4-WayHandshake with AP2, usingMSK
(STA, AP2)
• Data Traffic Flows via AP2
MSK
MSK
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11i - Pre-authentication
Page 39
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 39/106
21-08-0080-02-0sec 21
802.11i Pre authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2
• STA performs 802.11i 4-WayHandshake with AP2, usingMSK
(STA, AP2)
• Data Traffic Flows via AP2
• Transition complete
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 40
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 40/106
21-08-0080-02-0sec 22
802.11r Fast BSS Transition
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 41
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 41/106
21-08-0080-02-0sec 22
802.11r Fast BSS Transition
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
Page 42
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 42/106
Page 43
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 43/106
802.11r – Fast BSS Transition
Page 44
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 44/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 45
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 45/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 46
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 46/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 47
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 47/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 48
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 48/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 49
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 49/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 50
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 50/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 51
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 51/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 52
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 52/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
• Data traffic flows via AP2
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
Page 53
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 53/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
• Data traffic flows via AP2
• Transition complete
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 54
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 54/106
21-08-0080-02-0sec 23
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 55
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 55/106
21-08-0080-02-0sec 23
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 56
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 56/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 57
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 57/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
Page 58
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 58/106
802.16e – HO Process optimization
Page 59
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 59/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 60
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 60/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
Page 61
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 61/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
• BS1 forwards MS info andconnection context to BS2 (handover TEKs, associated counters,
negotiated capabilities, CID update,…)
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
Page 62
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 62/106
802.16e – HO Process optimization
Page 63
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 63/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
• BS1 forwards MS info andconnection context to BS2 (handover TEKs, associated counters,
negotiated capabilities, CID update,…)
• MS ranges and attaches with BS2
• Data traffic flows via BS2
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
IEEE P802.1af and 802.1AE
Page 64
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 64/106
21-08-0080-02-0sec 24
• IEEE P802.1af – a new revision of 802.1X for port access
control, it provides• Network access authentication, secure association and access control for LAN/
MAN
• Network discovery
• Allows a session key that was established between a Host and a Network
Access Point to be cached and reused when reconnecting back to any Network
Access Points within the same administrative domain
• IEEE 802.1AE - MAC Security• Provides ciphering for LAN/MAN
Wednesday, July 29, 2009
Page 65
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 65/106
21-08-0080-02-0sec 25
Inter-Technology Handovers
Wednesday, July 29, 2009
Page 66
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 66/106
Dual-radio Handover Flow
Page 67
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 67/106
21-08-0080-02-0sec 27
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
Page 68
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 68/106
21-08-0080-02-0sec 27
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
Page 69
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 69/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
C t l Fl
Page 70
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 70/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
MN t d ith R di 1 C t l Fl
Page 71
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 71/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
MN t d ith R di 1 Conceptual Flow
Page 72
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 72/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
Page 73
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 73/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
Page 74
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 74/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
Page 75
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 75/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
• Application session continuityis maintained on AN2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
Page 76
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 76/106
21-08-0080-02-0sec 27
MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
• Application session continuityis maintained on AN2
• Radio 1 off or idle
Conceptual Flow
Wednesday, July 29, 2009
Single-radio Handover Flow
Conceptual Flow
Page 77
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 77/106
21-08-0080-02-0sec 28
p
Wednesday, July 29, 2009
Page 78
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 78/106
Single-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
Page 79
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 79/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1t AN1 d li ti
Conceptual Flow
Page 80
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 80/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1t AN1 d li ti
Conceptual Flow
Page 81
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 81/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
Wednesday, July 29, 2009
Page 82
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 82/106
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
Page 83
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 83/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
Page 84
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 84/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
Page 85
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 85/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
• Radio 2 active
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
Page 86
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 86/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
• Radio 2 active
• MN attaches to AN2
Wednesday, July 29, 2009
Page 87
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 87/106
What is the problem?
Page 88
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 88/106
21-08-0080-02-0sec 29
• Security-related signaling can increase the latency significantlyin single-radio handover efforts and in many cases servicecontinuity can not be met
• Handover techniques that assume concurrent radio usagecannot be used
• Even for dual-radio devices it might make sense to reduce thesecurity-related signaling, as it decreases the time that bothradios need to be active and thus can increase battery life
• In addition, handovers between networks within the same AAA
domains or different AAA domains pose different challenges
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 89
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 89/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 90
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 90/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 91
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 91/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 92
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 92/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 93
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 93/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
Page 94
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 94/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (2/3)
• ERP (EAP Extensions for EAP Re-authentication Protocol) is
Page 95
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 95/106
21-08-0080-02-0sec 31
( )
defined in IETF for Key Hierarchy-based Transition• The server for ERP can be in a visited domain
• ERP requires one AAA message roundtrip
AAA domain X
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (2/3)
• ERP (EAP Extensions for EAP Re-authentication Protocol) is
Page 96
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 96/106
21-08-0080-02-0sec 31
( )
defined in IETF for Key Hierarchy-based Transition• The server for ERP can be in a visited domain
• ERP requires one AAA message roundtrip
AAA domain X
Re-authentication Server
(AAA server/proxy)
ERP signaling
Wednesday, July 29, 2009
Page 97
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 97/106
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
Page 98
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 98/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Proactive re-authentication
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
Page 99
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 99/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
Page 100
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 100/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Secure Association
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains in general full
Page 101
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 101/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains in general full
Page 102
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 102/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
EAP (RFC 3748)
signaling
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains, in general full
Page 103
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 103/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains, in general full
Page 104
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 104/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Secure Association
Wednesday, July 29, 2009
Proposed Direction in 802.21• Proactive authentication is the promising approach to reduce
authentication and key establishment signaling latency
Page 105
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 105/106
21-08-0080-02-0sec 34
• Needed for secure service continuity across different link-layertechnologies, AAA domains
• Use existing media-specific Secure Association mechanisms
• Proactive authentication can be based on proactive re-authentication, and pre-authentication
• Proactive authentication requires an EAP transport
• The solution that works independent of link-layer technologies
• Our main scope is IEEE 802 technologies, but solution could beapplied to handovers to other technologies
Wednesday, July 29, 2009
Page 106
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 106/106
21-08-0080-02-0sec 35
Thank You!
Wednesday, July 29, 2009