IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-10-0120-03-0sec Title: Option III: EAP to conduct service authentication and MIH packet protection (Summary) Date Submitted: August 31, 2010 Present at IEEE 802.21 meeting in August 31 2010 teleconference Authors or Source(s): Fernando Bernal, Rafa Marín-López Abstract: Summary of document 21-10-0078-03-0sec .
IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>
Lily Comment’s Comment [LLC1]: Most of the IEEE 802 protocols use counter mode based key derivation function, not feedback with the counter. I do not think this is a problem. But we need to make a decision here. Response [LLC1]: Do you mean to change this with something similiar to 802.11 spec (see section 8.5.1.1 in 802.11-2007 spec)? Comment [LLC2]: what is the relation of this KDF with the above PRF?. This is more or less like IEEE 802.11 definition. Response [LLC2]: KDF (Key Derivation Function) is related with the PRF+ in the sense of, the PRF+ could be used as the KDF to derive the key hierarchy or a different KDF could be used instead of PRF+. Comment [LLC3]: Why we need such a long key? This key is used to further derive the following keys: PAIK and PAEK? Comment [LLC5]: The length of PAIK depends on the ciphersuite. That is, which algorithm you are going to use. Response [LLC3/5]: Correct, though we can pick only the n more significant bits of those 64 bytes. We can use the X first bits from the long key to be used as the key. Moreover, a mechanism like 802.11 which uses a PRF-X (X=128, 256, 512,...) with different key lengths. Comment [LLC4]: How theses random numbers are generated? Response [LLC4]: The random numbers are generated during the Authentication phase. For generating them we may follow RFC 4086.
Lily Comment’s Comment [LLC11]: How to include these parameters to .request, .indication, .response, .confirm etc. Response [LLC11]: The parameters have been included in the different primitives.See sections from 2.6.1.3 to 2.6.1.6 in the document. 4
How to protect MIH protocol (II) Key hierarchy Comment [LLC6]: Are these the same random numbers as used in MI-PMK derivation? They should not be? Response [LLC6]: Yes, they are the same random numbers to generate MIIK and MIEK. NOTE: The MI-PMK has been removed from the key hierarchy for simplicity. MSK or rMSK MIIK MIEK Using the MSK or rMSK provided by the EAP authentication other session keys are derived: MIIK, this key is used to provide integrity protection to the MIH protocol. MIEK, used to provide confidentiality to the MIH protocol by encrypting MIH data.
How to protect MIH protocol (III) Ciphersuite Comment [LLC9]: We need to discuss what algorithms will be used for MIH message protection and how the data is protected… Confidentiality algorithms Reference ENCR_DES_IV64 RFC1827 ENCR_DES RFC2405 ENCR_3DES RFC2451 ENCR_RC5 ENCR_IDEA ENCR_CAST ENCR_BLOWFISH ENCR_3IDEA ENCR_DES_IV32 RFC2410 ENCR_AES_CBC RFC3602 ENCR_AES_CTR RFC3664 ENCR_NULL Confidentiality and Integrity algorithms ENCR_INTR_AES_CCM Integrity algorithms Reference INTR_HMAC_MD5_96 RFC2403 INTR_HMAC_SHA1_96 RFC2404 INTR_KPDK_MD5 RFC1826 INTR_DES_MAC INTR_AES_XCBC_96 RFC3566 INTR_NULL KDF algorithms Reference PRF_HMAC_MD5 RFC2104 PRF_HMAC_SHA1 PRF_HMAC_SHA256 PRF_HMAC_TIGER PRF_AES128_XCBC RFC3664
How to protect MIH protocol (III) Two algorithms: Integrity and Confidentiality Comment [LLC10]: We need a more detailed description about protected message format
How to protect MIH protocol (III) One algorithm both Integrity and Confidentiality Comment [LLC10]: We need a more detailed description about protected message format 8
Bundle option WI#1 option B
Key Hierarchy Comment [LLC6]: Are these the same random numbers as used in MI-PMK derivation? They should not be? Response [LLC6]: Yes, they are the same random numbers to generate MIIK and MIEK. The MS-ROOT has been added to the key hierarchy as root key for deriving MS-PMKs.
Message flows (I) Push key distribution Comment [LLC12/13]: These are not 21 messages. How we are going to include these? Response [LLC12/13]: These have been removed from the figures. Now, a plain text explaining what is needed to perform hasbeen added. Push key distribution