Download presentation
Presentation is loading. Please wait.
1
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-10-0058-00-srho
Title: TGa Updates Date Submitted: March 16, 2010 Presented at IEEE session #37 in Orlando Authors or Source(s): Yoshihiro Ohba (Toshiba) Abstract: This document discusses pre-registration and pre-authentication srho
2
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development srho
3
Purpose of this presentation
Trying to help a and c task groups to identify the scope of each work Note: Some part of this presentation is made based on author’s own view srho
4
EAP-based Security Signaling Optimization Techniques
[RFC 5247] defines EAP Pre-Authentication as: The use of EAP to pre-establish EAP keying material on an authenticator prior to arrival of the peer at the access network managed by that authenticator [I-D.ietf-hokey-preauth-ps] defines EAP Early Authentication to cover: EAP pre-authentication (as defined above) Signaling path: MN-CA-AAA EAP authenticator on CA Authenticated Anticipatory Keying Signaling path: MN-SA-AAA-CA EAP authenticator on SA The common thing in all techniques here is to proactively run EAP to establish keying material between MN and CA CA: Candidate Authenticator SA: Serving Authenticator srho
5
Pre-registration Pre-registration is to carry out link-layer signaling to create a link-layer state for an MN on a candidate PoA prior to handover The link-layer signaling may include authentication and key establishment signaling The authentication and key establishment signaling may include EAP or non-EAP authentication, or L2 secure association protocol The link-layer state may include key material shared between MN and the candidate L2 PoA How far the link-layer state is expected to proceed before handover may depend on the solution srho
6
Non-EAP proactive authentication
A View of Works MIH-based pre-registration seems to be in scope of c, except for security related part Pre-registration (MIH-based, non-MIH-based) Non-EAP proactive authentication L2 EAP pre-authentication L3+ EAP pre-authentication(*) Current harmonized proposal ( ) on 802.21a Work Item #1 Authenticated Anticipatory Keying EAP Early Authentication Security-related optimization techniques *) In current harmonized a proposal, L3+ EAP pre-authentication is bundled with MIH service authentication. srho
7
Implications of MIH-based Pre-registration
MIH-based pre-registration may require a secure MIH tunnel to carry L2 frames To establish the tunnel, MIH service authentication is needed between MN and target PoS (to be defined as part of a work item #2) Then L2 network access authentication is carried out over the tunnel An optimization technique is discussed in a, which relates MIH service authentication and L2 network authentication by defining a key hierarchy between them “L3+ EAP pre-authentication” in previous slide Target PoS PoS-PoA tunnel Secure MIH tunnel Target PoA MN srho
8
Summary Pre-registration generally covers L2 EAP pre-authentication, but may not cover all security-related optimization techniques MIH-based pre-registration except for security related part may be defined under c E.g., definition of MIH TLV to carry L2 frame, pre-registration related IEs, events and commands except for security related ones Security related part of MIH-based pre-registration may be defined under a E.g., General call flows of security signaling and security-related IEs, events and commands, and if needed, a key hierarchy and solutions or guidelines for key distribution srho
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.