IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0557-01-0000 Title: IETF Pre-authentication Activity Date Submitted: February 26, 2006 Presented at IEEE 802.21 session in Denver Authors or Source(s): Yoshihiro Ohba and Alper Yegin Abstract: The purpose of this document is to introduce an IETF activity on pre-authentication and heterogeneous handover and facilitate discussion on a possible new work in the 802.21 WG. 21-06-0557-01-0000

IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>  21-06-0557-01-0000

IETF BOF Information A BOF (Bird-Of Feather) meeting is scheduled on March 23 in 65th IETF Two different topics are discussed in the BOF (actually two BOFs are merged into a single BOF): PREAUTH (Pre-authentication and Heterogeneous Handover) HOAKEY (Handover and Application Keying) In this presentation, we focus on PREAUTH work PREAUTH mailing list information: http://www.opendiameter.org/mailman/listinfo/preauth 21-06-0557-01-0000

Motivation of the work There has been significant amount of work for optimizing IP mobility management FMIPv6, HMIPv6 and NETLMM, etc. The focus was on optimizing IP mobility signaling Optimizing overall handover performance including network access authentication and authorization has not been considered Network access authentication and authorization can be the most time consuming procedure Authorization by a central authority such as a AAA server would be needed for a heterogeneous handover in which authorization characteristics are different before and after a handover 21-06-0557-01-0000

Objective of the work The objective is to improve the overall performance of IP mobility especially for heterogeneous handover Approach: Pre-authentication An authentication procedure for a target network to authenticate a mobile prior to handover using the connectivity to the current network We consider pre-authentication over IP 21-06-0557-01-0000

Expected Improvement with Pre-authentication Network access Authentication and Authorization L2 Handoff Without Pre-authentication Time With Pre-authentication Time Network access Authentication and Authorization with Pre-authentication Possible Packet Loss Period 21-06-0557-01-0000

Scope: Problem Statement and Framework Developing problem statement and a framework that are centered around pre-authentication for seamlessly performing heterogeneous handover The problem statement and framework will cover at least inter-domain, inter-technology handovers The problem statement and framework will support both single-interface and multi-interface devices The framework will work on link-layer security requirements for the pre-authentication to work The framework does not depend on particular link-layer technologies, however, the following specific link-layer technologies will be considered as target technologies: 802.11, 802.16, cdma2000, GPRS, DSL 21-06-0557-01-0000

Scope: Problem Statement and Framework (cont’d) The framework will work on AAA-related issues that need to be addressed for developing RADIUS/Diameter related extensions to support pre-authentication. Possible issues are: How to distinguish pre-authentication from initial entry authentication or re-authentication When to start accounting. The framework will follow the EAP keying framework and make necessary extensions to the EAP keying framework only if the extensions are unavoidable 21-06-0557-01-0000

Scope: Pre-authentication Protocol Development Developing a pre-authentication protocol over IP There are at least two possible types of pre-authentication protocols One type (Type 1) is based on running EAP with an authenticator in the target access network. This is being developed by the PANA WG The other (Type 2) is based on relying on keys from an earlier EAP authentication being pre-distributed to authenticators in target access networks PREAUTH group will work on Type 2 pre-authentication protocol 21-06-0557-01-0000

PREAUTH model Domain A Domain B Initial entry authentication protocol (w/EAP) [any EAP lower layer protocol] AAA for initial entry authentication AAA Server Technology X Authenticator MN Type 1 pre-authentication protocol (w/EAP) [draft-ietf-pana-preauth] AAA for Type 2 pre-authentication (pre-distributing key, etc.) Technology Y Authenticator Type 2 pre-authentication protocol (w/o EAP) [new protocol work] AAA for Type 1 pre-authentication Technology X Authenticator AAA Server Domain B 21-06-0557-01-0000

Relevance to 802.21 Defining a security mechanism is out of the scope of 802.21 for now However, some work related to pre-authentication may be relevant to 802.21, e.g., Pre-authentication events Pre-authentication commands Media-independent key installation/management commands Issues: Is pre-authentication important for 802.21? Does 802.21 WG need to revise the PAR to support pre-authentication? Should a new TG be formed in 802.21 WG to work on pre-authentication? 21-06-0557-01-0000