for IP Mobility Protocols Vancouver, November 2007 IETF 70th – netlmm WG EAP-Based Keying for IP Mobility Protocols draft-vidya-eap-usrk-ip-mobility-01 Vidya Narayanan and Gerardo Giaretta

What is this about The draft defines EAP-based key derivations for MIPv4, MIPv6, HMIPv6 and FMIPv6 The key hierarchy and key derivations are based on the EMSK hierarchy defined in HOKEY The USRK labels required for these protocols and derivation of keys needed between the MN and the corresponding mobility agents are described Left to other individual documents to describe the exact signaling mechanisms that will trigger this keying process and enable

Motivation IP mobility protocols require cryptographic key material for authentication of signaling messages In a system where network access authentication is done using EAP, it is possible to derive keys for use in mobility protocols using the EMSK key hierarchy This prevents the need for having any pre-configured key material being available for each of these protocols used or running a separate security association protocol to establish the necessary keying material (e.g. running again an EAP exchange over IKEv2) Considered at the time of MIPv6 bootstrapping DT but the EMSK hierarchy was not defined yet

HOKEY Background Key generating EAP methods produce a Master Session Key (MSK) and an Extended Master Session Key (EMSK) the MSK is provided to the lower layer Several lower layers use the MSK in various different ways. EMSK hierarchy defined in draft-ietf-hokey-emsk-hierarchy-01 meant to be extensible to derive keys for various usages Usage Specific Root Keys (USRK) and Domain Specific Root Keys (DSRK) may be derived from the EMSK USRKs are meant to be defined for specific usages and the scope of the key will be determined by the EAP Server (or the home AAA server) of the peer DSRKs are limited in scope to a specific domain and are meant to be distributed to local AAA servers in different domains The DSRK may then be used to derive various Domain Specific USRKs (DS-USRK), which are defined for specific usages within the domain for which the DSRK is valid

Key hierarchy EMSK/DSRK Mobility Root Key (MRK) Mobility Integrity Key (MIK) Mobility Usage Session Key (MUSK) MRK is calculated in accordance with the USRK derivation defined in draft-ietf-hokey-emsk-hierarchy-01 may be derived from the EMSK or the DSRK, depending on whether the keys are being derived at the home domain or the local domain MIK is the key used to protect any exchange between the MN and the server deriving the MRK, to prove possession of the MRK used for authentication of messages between the MN and the server that derived the MRK MUSK is the key that is delivered to a mobility agent for a particular mobility session between the MN and the agent may be used to protect the mobility signaling messages between the MN and the mobility agent or to perform IKEv2 authentication to establish an IPsec security association

Key derivation MRK = KDF(Key, Mobility Key Label, Optional Data, Length) Key = EMSK or DSRK Mobility Key Label = the specific label defined for the particular IP mobility protocol Optional Data = NULL Length = 2 byte unsigned integer in network byte order of the output key length in octets Mobility Key Labels defined in the draft MIP4: "Mobile IPv4 Root Key" MIP6: "Mobile IPv6 Root Key" HMIPv6: "Hierarchical Mobile IPv6 Root Key" FMIPv6: "Fast Mobile IPv6 Root Key" Based on the above labels, the following are the specific root keys defined for the various IP mobility protocols: MIP4-RK = KDF (Key, "Mobile IPv4 Root Key", Optional Data, Length) MIP6-RK = KDF (Key, "Mobile IPv6 Root Key", Optional Data, Length) HMIP6-RK = KDF (Key, "Hierarchical Mobile IPv6 Root Key", Optional Data, Length) FMIP6-RK = KDF (Key, "Fast Mobile IPv6 Root Key", Optional Data, Length)

MIPv4 bootstrapping example MN FA HA AAA EAP authentication for network access Agent Solicitation Agent Advertisement Generate MN-AAA key = MIK Generate MN-AAA key = MIK RRQ (MN-AAA Auth Ext) AAA request (RRQ, HA Request) Generate MN-HA key = MUSK AAA (RRQ,MN-HA key) AAA (RRP) AAA reply (RRP) RRP Generate MN-HA key = MUSK

Next steps Looking for an AD sponsored RFC