IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-09-0164-07-0sec Title: Detailed analysis on MIA/MSA architecture Date Submitted: January 12, 2010 Present at IEEE 802.21 meeting in January 2010 San Diego. Authors or Source(s): Fernando Bernal, Rafa Marín-López Abstract: This document discusses specific details on the MIA/MSA architecture, addressing different key distribution models (push and pull) and providing entities’ required functionalities.
IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>
Differences with previous versions The motivation of MIA is now explicitly explained. We have added and described a new key distribution: proactive pull key distribution. Some deployment analysis has been added.
Intra-MIH Authenticator Media Independent Access Functions (MIH POS+) Media Independent Authenticator and Key Holder (MIA-KH) MIHF Interface _MIA-KH-MSA-KH Interface _MIA-KH-MSA-KH Access Functions Media Specific Media Specific Access Functions Media Specific Authenticator and Key Holder (MSA-KH) Media Specific Authenticator and Key Holder (MSA-KH) RP1 RP1 POA1 POA2 POA1 POA2 Candidate Access Network Serving Access Network MN MN
Inter-MIH Authenticator Int_MIA-KH-MSA-KH Media Independent Access Functions (MIH POS+) Media Independent Authenticator and Key Holder (MIA-KH) MIHF Media Independent Authenticator and Key Holder (MIA-KH) MIHF RP5 Int_MIA-KH-MSA-KH Media Specific Access Functions Media Specific Authenticator and Key Holder (MSA-KH) Media Specific Authenticator and Key Holder (MSA-KH) RP2 RP1 RP1 POA1 POA2 POA2 POA1 Candidate Access Network Serving Access Network MN MN
Motivation of MIA architecture Provide support to enable secure media independent handover services. These services include the management of different types of key distribution mechanisms: Push Key Distribution Reactive Pull Key Distribution Proactive Pull Key Distribution To securely provide and control the access to these services, an authentication and key establishment are required. The role of the MIA is to authenticate and authorize the MN to use these services. Based on a new key hierarchy.
General Call Flow Serving MIA Candidate MIA MN Target MSA-KH . . . Step 1: Negotiation phase between MN and Candidate MIA Step 2 & 2’: Media Independent Authentication between MN and Candidate MIA and Key Installation for PULL Key Distr. Target MSA-KH Step 3: PUSH Key distribution or (Reactive or Proactive) PULL Key distr. execution. . . . Step 4: Session Finalization
Push Key Distribution 1) 2) MN 1) PoS- MIA MIH User for MS Key Mng. MIH User for MI MSK’/rMSK’ MSK (=MS-PMK) MSK (=MS-PMK) MIHF Target MSA ** MSK (=MS-PMK) MAC AAA* 2) *Different AAA servers may be used for different media **Another alternative: MIHF directly installs the key in the MAC
Reactive Pull Key Distribution 1) PoS- MIA MIH User for MS Key Mng. MIH User for MI MS-PMK MSK’/rMSK’ MS-PMK MIHF Target MSA ** MS-PMK MAC AAA* 2) *Different AAA servers may be used for different media **Another alternative: MIHF directly installs the key in the MAC
Proactive Pull Key Distribution 1) PoS- MIA MIH User for MS Key Mng. MIH User for MI MSK’/rMSK’ auth L2 frames MIHF ** 2) Target MSA MSK/rMSK MAC auth L2 frames AAA* *Different AAA servers may be used for different media **Another alternative: MIHF directly receives/sends auth. L2 frames from/to the MAC
Proactive Pull Key Distribution (Optimized) 1) PoS- MIA MIH User for MS Key Mng. MIH User for MI MS-PMK MSK’/rMSK’ auth L2 frames 2) MIHF ** Target MSA MSK/rMSK MAC auth L2 frames/ MS-PMK AAA* *Different AAA servers may be used for different media **Another alternative: MIHF directly receives/sends auth. L2 frames from/to the MAC 11
Notation Primitives for EAP authentication MIH-SAP Primitives for (reactive or proactive) pull key distribution Primitives for push key distribution Unprotected MIH signalling between MIHF Protected MIH signalling between MIHF Out of scope of 802.21a
General MI Authentication Phases MN MIA MIHF MIHF Negotiation phase (Step 1) Authentication phase (Step 2 and 2’) Authenticated & Authorized phase (Step 3) Finalization phase (Step 4)
General Message Exchange Negotiation phase In this phase both the MN and MIA exchange messages in order to agree on the type of key distribution service (push, reactive pull, proactive pull) and other parameters. Authentication phase The MN authenticates against the MIA in order to achieve access to the security services. After this authentication key material is shared between them and the rest of the MIH communication can be protected. At the end, the negotiated parameters in the previous phase are confirmed. An authentication session is established Authenticated & Authorized phase At this point, MIH signalling is protected and MN is authenticated and authorized to use the services provided by the MIA. Regarding key distribution: If Push Key Distribution was negotiated, some protected MIH signalling is required in order the MN to inform the MIA to install a key in a target MSA. If Reactive Pull Key Distribution is agreed, no need of MIH signalling is required but some state is needed in the MIA that will act as AAA server. If Proactive Pull Key Distribution is agreed, authentication L2 frames are tunnelled to the MIA from the MN; and from the MIA to the target MSA in order to perform a proactive media-specific authentication with the target MSA. That is, the MIA provides a proxy service. Finalization phase MN and MIA finish the session.
Media Independent Authentication (I) MN MIA Serving MSA-KH Target MSA-KH L-AAA H-AAA MIH User MIHF MAC MIHF MIH User AAA 0*. Media-specific network access authentication MSK MSK 0*. Only required if the MN has no already access to the network through Serving MSA-KH * Auth. Trigger 1. Negotiation I1 Key Distribution Method agreed Key Distribution Method agreed 2. Media-independent authentication . . . I1 I2 I2 I3 I4 Key Distribution Method confirmed 15
Media Independent Authentication (II) MN MIA Serving MSA-KH Target MSA-KH L-AAA H-AAA MIH User MIHF MAC MIHF MIH User AAA 2’. Key installation for (reactive or proactive) PULL just after media-independent authentication MSK’/rMSK MSK’/rMSK I2 MI-PMK MI-PMK I2 MS-PMK MS-PMK MS-PMK MS-PMK I6 I5 MS-PMK MS-PMK . . . 16
Media Independent Authentication 802.21a scope Interface I1 This interface transports EAP or an authentication protocol over MIH signaling. In the case of transporting EAP, the MIHF implements an EAP lower-layer functionality. Interface I2 For Media Independent Authentication it is an internal interface used by the MIA to exchange EAP packets (or any other authentication protocol packets) between the MIHF and the MIH-USER (which is the EAP stack when EAP is used or the authentication protocol implementation). For key distribution, I2 is used to install the derived MS-PMKs and required parameters to the corresponding MIH-USER (e.g. key manager). This interface is used just after Media Independent Authentication for Reactive or Proactive PULL Key Distribution.
Media Independent Authentication Outside 802.21a scope Interface I3 Internal interface to communicate MIH user with AAA client in the MIA-KH order to forward authentication to H-AAA. Interface I4 Interface to transport EAP or authentication protocol to the H-AAA in order to perform the authentication (e.g. AAA protocol). Interface I5 This interface is used by the Reactive or Proactive PULL Key Distribution in order to provide the MS-PMK(s) to the AAA server in the MIA. So that, when the MN moves to the target MSA-KH, all key material is available and a fast media-specific re-authentication can be performed. Interfaces (I6) This interface allows to installa the MS-PMK in the MAC layer (MN side).
Summary Media Independent Authentication EAP Authenticator / MIA-KH EAP/AAA Server EAP Peer / MN MIH USER MIH USER MIH USER MIH USER EAP method layer EAP method layer (e.g.) Key Manager EAP method layer (e.g.) Key Manager EAP auth. layer EAP peer layer EAP (serv.) layer EAP layer EAP layer EAP layer I2 I2 I3 I5 I2 I2 AAA/IP MIH EAP lower-layer (MIHF) MIH EAP lower- layer (MIHF) AAA/IP I4 I1 Primitives for EAP authentication MIH USER MIH-SAP Primitives for pull key distribution MIHF Out of scope of 802.21a MIH signalling between MIHF
Handoff to target MSA-KH Push Key distribution MN MIA Serving MSA-KH Target MSA-KH MIH User MIHF MAC MIH User MIHF Key Dist. Trigger 3. Proactive (Push) Key Dist. signaling MI-PMK MI-PMK I1 I2 MS-PMK MS-PMK I7 I2 MS-PMK I6 MS-PMK Handoff to target MSA-KH Security Association Protocol
Push Key distribution Interface (I1) Interfaces (I2, I7) This interface is used to request the MIA-KH the installation of a key (MS-PMK) in the target MSA-KH using MIH signaling. Interfaces (I2, I7) After MN requests a PUSH Key Distribution with I1, the MIHF in the MIA provides the MS-PMK and other useful information (e.g. key lifetime) to the MIH User (by using I2), which knows how to install the MS-PMK in the target MSA-KH (I7). Interfaces (I2, I6) After requesting a PUSH Key Distribution through I1, the MIHF in the MN provides the MS-PMK and other useful information (e.g. MS-PMK lifetime) to the MIH User (acting as key manager) (I2) which is in charge of export the MS-PMK to the MAC layer (I6).
Summary Push Key Distribution MN MIA-KH Target MSA-KH MIH User (e.g. Key Manager/Store) MAC I7 I6 MIH User (e.g. Protocol X for push key installation) I2 I2 MIHF MIHF I1 Protected MIH signaling between MIHF MIH USER Primitives for push key distribution MIHF MIH-SAP Out of scope of 802.21a
Reactive Pull Key Distribution MN MIA Serving MSA-KH Target MSA-KH MIH User MIHF MAC MIH User MIHF AAA MS-PMK MS-PMK Handoff to target MSA-KH 3. Media-specific network access re-authentication [MN’s identity = *MN-MIHF-ID@MIA-MIHF-ID] MSK MSK Security Association Protocol *NOTE = Regarding identity’s format, it must still be defined.
Reactive Pull Key Distribution Assuming that the MS-PMK used by the EAP (fast) re-authentication mechanism for pull key distribution has been already sent to the MIH user during the authentication phase (see slide 10): No MIHF intervention is required (see slide 17)
Proactive Pull Key Distribution (over MIH Signalling) MN MIA L-AAA H-AAA Serving MSA-KH Target MSA-KH MIH User MIHF MAC MIHF MIH User AAA MS-PMK MS-PMK 3. Authentication L2 frames over MIH Tunnel [MN’s identity for media-specific auth. = *MN-MIHF-ID@MIA-MIHF-ID or user@homedomain] I2 I2 I1 MN’s identity = user@homedomain MN’s identity = MN-MIHF-ID@MIA-MIHF-ID I9 I10 I11 I11 Security Association Protocol
Proactive Pull Key Distribution (over DYNAMIC TUNNEL) Dynamically established secure tunnel using TN-PMK MN MIA L-AAA H-AAA Serving MSA-KH Target MSA-KH MIH User MIHF MAC MIHF MIH User AAA MS-PMK MS-PMK MI-PMK MI-PMK I2 I2 3. Authentication L2 frames over Secure Tunnel TN-PMK TN-PMK I12 TN-PMK TN-PMK MN’s identity = user@homedomain 3. Authentication L2 frames over dynamically established tunnel [MN’s identity for media-specific auth. = *MN-MIHF-ID@MIA-MIHF-ID or user@homedomain] MN’s identity = MN-MIHF-ID@MIA-MIHF-ID I9 I10 I11 (Optimized Proact. Pull Key Distr.) I11 Security Association Protocol
Proactive Pull Key distribution Interface I1 This interface is used to transport the media-specific authentication L2 frames from the MN to the MIA. These messages are protected by the key material provided after the media independent authentication. Interface I2 Over MIH Signalling. It is used to tranfer L2 frames from MIHF to MIH user and viceversa. Over Dynamic secure tunnel. It is used to set a TN-PMK that allows to establish a secure tunnel (e.g. IKEv2-PSK). Interface l9 Interface used between the target MSA-KH and MIA. This interface transports authentication L2 frames to the target MSA-KH from the MIA. Interface l10 Interface for transporting the media-specific auth. L2 frames to the MAC layer in the MN. Interface l11 Interface used by the target MSA-KH to communicate with the AAA server. The AAA server may be the MIA or the home AAA. Interface I12 A dynamically established secure tunnel to transport auth. L2 frames
Summary Proactive PULL Key Distribution (over MIH Signalling) AAA Server EAP method layer EAP (serv.) layer EAP layer AAA/IP MN I11 MIA Target MSA-KH I11 MIH User (e.g. Key Manager/Store) MAC I9 I10 MIH User I2 I2 MIHF MIHF AAA/IP Auth. L2 frames over MIH (I1) Protected MIH signaling between MIHFs MIH USER MIHF Primitives for pull key distribution MIH-SAP Out of scope of 802.21a
Summary Proactive PULL Key Distribution (over DYNAMIC TUNNEL) EAP/AAA Server EAP method layer EAP (serv.) layer EAP layer AAA/IP L2 frames over Dynamically established secure tunnel using TN-PMK I11 MN MIA MAC Target MSA-KH I11 I10 MIH User (e.g. Key Manager/Store) I9 MIH User I2 I2 MIHF MIHF AAA/IP Protected MIH signaling between MIHF MIH or dynamically Tunnel MIH USER MIHF Primitives for pull key distribution MIH-SAP Out of scope of 802.21a
Remove dynamically established tunnel Session Finalization MN MIA Serving MSA-KH Target MSA-KH MIH User MIHF MAC MIHF MIH User AAA . . . 4. Session Finalization Remove dynamically established tunnel I1 I2 I2 I5 4a. For (Reactive or Proactive) Pull Key Dist. I6 Remove Keys Remove Keys 4a’. Only for Proactive Pull Key Dist. over Dynamic tunnel I12 I2 I2 4b. For Push Key Dist. I7 I6 Remove Keys Remove Keys 30
Media Independent Proactive authentication Interfaces summary Media Independent Proactive authentication Reactive PULL Key Distribution Proactive PULL Key Distribution PUSH Key Distribution MN I1 I2 I2 I6 I1 I10 I2 I12 I1 I6 I2 Serving MSA-KH Target MSA-KH I9 I11 I7 MIA I2 I3 I4 I2 I5 I1 I11 I2 I12 I1 I7 I2 AAA I4 I11 Outside 802.21a scope
DEPLOYMENT ANALYSIS
PUSH Key Distribution The target MSA-KH needs to provide an interface to allow the MIA to push (or remove) a key.
Reactive PULL Key Distribution A new MN re-authentication identity must be provided to the MN during the proactive authentication. A re-authentication mechanism based on symmetric key is needed (e.g. ERP or EAP-GPSK). Once the target MSA-KH receives the MN re-authentication identity, two options are possible: The MSA-KH routes the AAA messages using the realm part of the new MN re-authentication identity to the appropiate MIA MSA-KH AAA routing table has to be updated to point out to the MIA. The target MSA-KH , usings its default AAA route, sends the AAA messages to its default local AAA server, which must be configured to act as AAA proxy for the identity’s realm provided and to forward the AAA messages to the corresponding MIA. Local AAA proxy has to add a new entry in AAA routing table to point out the MIA. Summary: In either options, no changes to the media-specific wireless technology are required. Moreover, option 2 does not need any change in the configuration parameters in the deployed MSA-KHs.
Proactive PULL Key Distribution Similar analysis as Reactive PULL Key Distribution is applicable to Proactive PULL Key Distribution but... ... since the MIA provides a proxy service for authentication L2 frames. The MSA-KHs must be modified in order to accept L2 authentication wireless frames through the wired interface. A protocol to transport these frames from the MIA to the target MSA-KH is required. (out of the scope of 802.21a) Depending on the MN’s identity: If the MN uses its original home domain identity (e.g. user@homedomain), the target MSA contacts the home AAA and MIA does not need to act as AAA server. if the MN uses a new MN re-authentication identity (e.g. MN-MIHF-ID@MIA-MIHF-ID), the MIA has to act as AAA server Optimized Proactive Pull Key Distribution
Some conclusions 802.21a defines EAP (or any other authentication protocol) transport for proactive authentication, key hierarchy and an MIH-SAP primitives with the MIH-USER to support three key distribution models. How the parameters passed by means of the MIH-SAP primitives are used by the media-specific lower layers is out of the scope. 802.21a specification may contain call flows for guidelines to show how these parameters can be used by the media-specific lower-layers. The call flows if contained are only informational. Depending on how these parameters are used, it may or may not require changes to the lower-layer standards and/or implementations. Reactive PULL Key Distribution do not require these modifications and PUSH Key Distribution and proactive PULL Key Distribution may require these ones (e.g. at firmware level)
REQUIRED FUNCTIONALITIES FOR EACH ENTITY
For media-specific network access authentication If MN needs to get network access through the Serving MSA (step 0, slide 9). EAP peer for a media-specific authentication. Media specific EAP lower layer. Secure Association protocol client for the specific media
For the Media Independent Authentication MN If EAP is used for media-independent authentication EAP peer for media-independent authentication Media-independent EAP lower-layer (MIHF) If EAP is NOT used for (proactive) media-independent authentication authentication protocol implementation media-independent client transport for the authentication protocol. Serving MSA-KH EAP authenticator for media-specific authentication. AAA protocol client for a specific media Secure Association protocol server for the specific media MIA EAP authenticator for media-independent authentication Media-independent EAP lower-layer AAA protocol client for media independent authentication (H) AAA Server EAP server for media specific authentication EAP server for proactive media-independent authentication AAA protocol for media specific authentication AAA protocol for (proactive) media independent authentication
For PUSH Key distribution MN Media independent client protocol for indicating proactive key distribution. This signaling indicates that key distribution is push model Key derivation mechanism to derive MS-PMK. Secure Association protocol client for the specific media Target MSA-KH Interface with MIA-KH that allows to receiving a key in a push fashion. Secure Association protocol server for the specific media MIA Media independent server protocol for proactive key distribution. Interface with MSA-KH for sending a key in a push fashion.
For Reactive PULL Key Distribution MN Media independent client protocol for indicating proactive key distribution. This signaling indicates that key distribution is pull model The MN receives from MIA information about MIA’s realm that it is useful for AAA routing. EAP peer for a media-specific authentication. Media specific EAP lower layer. Secure Association protocol client for the specific media Target MSA-KH EAP authenticator for a specific media AAA client for a specific media Secure Association protocol server for the specific media MIA EAP server for media-specific authentication AAA protocol server for media-specific authentication
For Proactive PULL Key Distribution MN Interface to obtain/set L2 Frames from/to the MAC layer. Media independent protocol for transporting L2 frames between the MN and the MIA (Over MIH signalling option). Secure tunnel protocol for transporting L2 frames between the MN and the MIA (Over dynamic secure tunnel option). Key derivation mechanism to derive MS-PMK and TN-PMK EAP peer for a media-specific authentication. Media specific EAP lower layer. Secure Association protocol client for the specific media. Target MSA-KH EAP authenticator for a specific media AAA client for media-specific (proactive) authentication. Protocol to receive/send wireless (auth.) L2 frames from/to MIA over the wired interface. Secure Association protocol server for the specific media MIA AAA protocol for media-specific (proactive) authentication [NOTE: When MN uses a MN re-authentication identity]. Protocol to receive/send wireless (auth.) L2 frames from/to the target MSA over the wired interface. Home AAA AAA protocol for media-specific (proactive) authentication. [NOTE: When MN uses its home domain identity]
Future work More detailed definition of the interfaces in 802.21a scope.