1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0557-01-0000
Title: IETF Pre-authentication Activity
Date Submitted: February 26, 2006
Presented at IEEE session in Denver
Authors or Source(s):
Yoshihiro Ohba and Alper Yegin
Abstract: The purpose of this document is to introduce an IETF activity on pre-authentication and heterogeneous handover and facilitate discussion on a possible new work in the WG.

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development

3. IETF BOF Information
A BOF (Bird-Of Feather) meeting is scheduled on March 23 in 65th IETF
Two different topics are discussed in the BOF (actually two BOFs are merged into a single BOF):
PREAUTH (Pre-authentication and Heterogeneous Handover)
HOAKEY (Handover and Application Keying)
In this presentation, we focus on PREAUTH work
PREAUTH mailing list information:

4. Motivation of the work
There has been significant amount of work for optimizing IP mobility management
FMIPv6, HMIPv6 and NETLMM, etc.
The focus was on optimizing IP mobility signaling
Optimizing overall handover performance including network access authentication and authorization has not been considered
Network access authentication and authorization can be the most time consuming procedure
Authorization by a central authority such as a AAA server would be needed for a heterogeneous handover in which authorization characteristics are different before and after a handover

5. Objective of the work
The objective is to improve the overall performance of IP mobility especially for heterogeneous handover
Approach: Pre-authentication
An authentication procedure for a target network to authenticate a mobile prior to handover using the connectivity to the current network
We consider pre-authentication over IP

6. Expected Improvement with Pre-authentication
Network access Authentication and Authorization L2
Handoff
Without Pre-authentication
Time
With Pre-authentication
Time
Network access
Authentication and
Authorization
with Pre-authentication
Possible Packet Loss Period

7. Scope: Problem Statement and Framework
Developing problem statement and a framework that are centered around pre-authentication for seamlessly performing heterogeneous handover
The problem statement and framework will cover at least inter-domain, inter-technology handovers
The problem statement and framework will support both single-interface and multi-interface devices
The framework will work on link-layer security requirements for the pre-authentication to work
The framework does not depend on particular link-layer technologies, however, the following specific link-layer technologies will be considered as target technologies: , , cdma2000, GPRS, DSL

8. Scope: Problem Statement and Framework (cont’d)
The framework will work on AAA-related issues that need to be addressed for developing RADIUS/Diameter related extensions to support pre-authentication. Possible issues are:
How to distinguish pre-authentication from initial entry authentication or re-authentication
When to start accounting.
The framework will follow the EAP keying framework and make necessary extensions to the EAP keying framework only if the extensions are unavoidable

9. Scope: Pre-authentication Protocol Development
Developing a pre-authentication protocol over IP
There are at least two possible types of pre-authentication protocols
One type (Type 1) is based on running EAP with an authenticator in the target access network.
This is being developed by the PANA WG
The other (Type 2) is based on relying on keys from an earlier EAP authentication being pre-distributed to authenticators in target access networks
PREAUTH group will work on Type 2 pre-authentication protocol

10. PREAUTH model Domain A Domain B
Initial entry authentication protocol (w/EAP)
[any EAP lower layer protocol]
AAA for initial entry authentication
AAA
Server
Technology X
Authenticator MN
Type 1 pre-authentication protocol (w/EAP)
[draft-ietf-pana-preauth]
AAA for Type 2 pre-authentication
(pre-distributing key, etc.)
Technology Y
Authenticator
Type 2 pre-authentication protocol (w/o EAP)
[new protocol work]
AAA for Type 1
pre-authentication
Technology X
Authenticator
AAA
Server
Domain B

11. Relevance to
Defining a security mechanism is out of the scope of for now
However, some work related to pre-authentication may be relevant to , e.g.,
Pre-authentication events
Pre-authentication commands
Media-independent key installation/management commands
Issues:
Is pre-authentication important for ?
Does WG need to revise the PAR to support pre-authentication?
Should a new TG be formed in WG to work on pre-authentication?