Transcript PPT Version

Vancouver, November 2007
IETF 70th – netlmm WG
EAP-Based Keying
for IP Mobility Protocols
draft-vidya-eap-usrk-ip-mobility-01
Vidya Narayanan and Gerardo Giaretta
2
What is this about
• The draft defines EAP-based key derivations for MIPv4,
MIPv6, HMIPv6 and FMIPv6
• The key hierarchy and key derivations are based on the
EMSK hierarchy defined in HOKEY
• The USRK labels required for these protocols and
derivation of keys needed between the MN and the
corresponding mobility agents are described
• Left to other individual documents to describe the exact
signaling mechanisms that will trigger this keying
process and enable
3
Motivation
• IP mobility protocols require cryptographic key material for
authentication of signaling messages
• In a system where network access authentication is done using
EAP, it is possible to derive keys for use in mobility protocols using
the EMSK key hierarchy
• This prevents the need for having any pre-configured key material
being available for each of these protocols used
– or running a separate security association protocol to establish the necessary keying
material (e.g. running again an EAP exchange over IKEv2)
• Considered at the time of MIPv6 bootstrapping DT but the EMSK
hierarchy was not defined yet
4
HOKEY Background
• Key generating EAP methods produce a Master Session Key (MSK)
and an Extended Master Session Key (EMSK)
– the MSK is provided to the lower layer
– Several lower layers use the MSK in various different ways.
• EMSK hierarchy defined in draft-ietf-hokey-emsk-hierarchy-01
– meant to be extensible to derive keys for various usages
• Usage Specific Root Keys (USRK) and Domain Specific Root Keys
(DSRK) may be derived from the EMSK
– USRKs are meant to be defined for specific usages and the scope of the key will be
determined by the EAP Server (or the home AAA server) of the peer
– DSRKs are limited in scope to a specific domain and are meant to be distributed to
local AAA servers in different domains
– The DSRK may then be used to derive various Domain Specific USRKs (DS-USRK),
which are defined for specific usages within the domain for which the DSRK is valid
5
Key hierarchy
EMSK/DSRK
Mobility Root Key
(MRK)
Mobility Integrity
Key (MIK)
•
MRK is calculated in accordance with the USRK derivation defined in draft-ietfhokey-emsk-hierarchy-01
–
•
may be derived from the EMSK or the DSRK, depending on whether the keys are being derived at
the home domain or the local domain
MIK is the key used to protect any exchange between the MN and the server
deriving the MRK, to prove possession of the MRK
–
•
Mobility Usage Session
Key (MUSK)
used for authentication of messages between the MN and the server that derived the MRK
MUSK is the key that is delivered to a mobility agent for a particular mobility
session between the MN and the agent
–
may be used to protect the mobility signaling messages between the MN and the mobility agent or
to perform IKEv2 authentication to establish an IPsec security association
6
Key derivation
•
•
•
MRK = KDF(Key, Mobility Key Label, Optional Data, Length)
–
Key = EMSK or DSRK
–
Mobility Key Label = the specific label defined for the particular IP mobility protocol
–
Optional Data = NULL
–
Length = 2 byte unsigned integer in network byte order of the output key length in octets
Mobility Key Labels defined in the draft
–
MIP4: "Mobile IPv4 Root Key"
–
MIP6: "Mobile IPv6 Root Key"
–
HMIPv6: "Hierarchical Mobile IPv6 Root Key"
–
FMIPv6: "Fast Mobile IPv6 Root Key"
Based on the above labels, the following are the specific root keys defined
for the various IP mobility protocols:
–
MIP4-RK = KDF (Key, "Mobile IPv4 Root Key", Optional Data, Length)
–
MIP6-RK = KDF (Key, "Mobile IPv6 Root Key", Optional Data, Length)
–
HMIP6-RK = KDF (Key, "Hierarchical Mobile IPv6 Root Key", Optional Data, Length)
–
FMIP6-RK = KDF (Key, "Fast Mobile IPv6 Root Key", Optional Data, Length)
7
MIPv4 bootstrapping example
MN
FA
HA
AAA
EAP authentication for network access
Agent Solicitation
Agent Advertisement
Generate
MN-AAA key = MIK
RRQ (MN-AAA Auth Ext)
Generate
MN-AAA key = MIK
AAA request (RRQ, HA Request)
Generate
MN-HA key = MUSK
AAA (RRQ,MN-HA key)
RRP
Generate
MN-HA key = MUSK
AAA reply (RRP)
AAA (RRP)
8
Next steps
• Looking for an AD sponsored RFC