1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: sec
Title: Detailed analysis on MIA/MSA architecture
Date Submitted: January 12, 2010
Present at IEEE meeting in January 2010 San Diego.
Authors or Source(s): Fernando Bernal, Rafa Marín-López
Abstract:
This document discusses specific details on the MIA/MSA architecture, addressing different key distribution models (push and pull) and providing entities’ required functionalities.

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development

3. Differences with previous versions
The motivation of MIA is now explicitly explained.
We have added and described a new key distribution: proactive pull key distribution.
Some deployment analysis has been added.

4. Intra-MIH Authenticator
Media Independent
Access Functions
(MIH POS+)
Media Independent Authenticator and Key Holder
(MIA-KH)
MIHF
Interface _MIA-KH-MSA-KH
Interface _MIA-KH-MSA-KH
Access Functions
Media Specific
Media Specific
Access Functions
Media Specific Authenticator and
Key Holder
(MSA-KH)
Media Specific Authenticator and Key Holder
(MSA-KH)
RP1
RP1
POA1
POA2
POA1
POA2
Candidate Access
Network
Serving Access
Network MN MN

5. Inter-MIH Authenticator
Int_MIA-KH-MSA-KH
Media Independent
Access Functions
(MIH POS+)
Media Independent Authenticator and Key Holder
(MIA-KH)
MIHF
Media Independent Authenticator and Key Holder
(MIA-KH)
MIHF
RP5
Int_MIA-KH-MSA-KH
Media Specific
Access Functions
Media Specific Authenticator and Key Holder
(MSA-KH)
Media Specific Authenticator and Key Holder
(MSA-KH)
RP2
RP1
RP1
POA1
POA2
POA2
POA1
Candidate Access
Network
Serving Access
Network MN MN

6. Motivation of MIA architecture
Provide support to enable secure media independent handover services.
These services include the management of different types of key distribution mechanisms:
Push Key Distribution
Reactive Pull Key Distribution
Proactive Pull Key Distribution
To securely provide and control the access to these services, an authentication and key establishment are required.
The role of the MIA is to authenticate and authorize the MN to use these services.
Based on a new key hierarchy.

7. General Call Flow Serving MIA Candidate MIA MN Target MSA-KH . . .
Step 1: Negotiation phase between MN and
Candidate MIA
Step 2 & 2’: Media Independent Authentication between
MN and Candidate MIA and Key Installation for PULL Key Distr.
Target MSA-KH
Step 3: PUSH Key distribution or
(Reactive or Proactive) PULL Key distr. execution.
Step 4: Session Finalization

8. Push Key Distribution 1) 2)MN 1)
PoS-
MIA
MIH User for
MS Key Mng.
MIH User for MI
MSK’/rMSK’
MSK (=MS-PMK)
MSK (=MS-PMK)
MIHF
Target MSA **
MSK (=MS-PMK)
MAC
AAA* 2)
*Different AAA servers may be used for different media
**Another alternative: MIHF directly installs the key in the MAC

9. Reactive Pull Key Distribution1)
PoS-
MIA
MIH User for
MS Key Mng.
MIH User for MI
MS-PMK
MSK’/rMSK’
MS-PMK
MIHF
Target MSA **
MS-PMK
MAC
AAA* 2)
*Different AAA servers may be used for different media
**Another alternative: MIHF directly installs the key in the MAC

10. Proactive Pull Key Distribution1)
PoS-
MIA
MIH User for
MS Key Mng.
MIH User for MI
MSK’/rMSK’
auth L2 frames
MIHF ** 2)
Target MSA
MSK/rMSK
MAC
auth L2 frames
AAA*
*Different AAA servers may be used for different media
**Another alternative: MIHF directly receives/sends auth. L2 frames from/to the MAC

11. Proactive Pull Key Distribution (Optimized)1)
PoS-
MIA
MIH User for
MS Key Mng.
MIH User for MI
MS-PMK
MSK’/rMSK’
auth L2 frames 2)
MIHF **
Target MSA
MSK/rMSK
MAC
auth L2 frames/
MS-PMK
AAA*
*Different AAA servers may be used for different media
**Another alternative: MIHF directly receives/sends auth. L2 frames from/to the MAC 11

12. Notation Primitives for EAP authentication MIH-SAP
Primitives for (reactive or proactive) pull key distribution
Primitives for push key distribution
Unprotected MIH signalling between MIHF
Protected MIH signalling between MIHF
Out of scope of a

13. General MI Authentication PhasesMN
MIA
MIHF
MIHF
Negotiation
phase
(Step 1)
Authentication
phase
(Step 2 and 2’)
Authenticated
&
Authorized
phase
(Step 3)
Finalization
phase
(Step 4)

14. General Message Exchange
Negotiation phase
In this phase both the MN and MIA exchange messages in order to agree on the type of key distribution service (push, reactive pull, proactive pull) and other parameters.
Authentication phase
The MN authenticates against the MIA in order to achieve access to the security services.
After this authentication key material is shared between them and the rest of the MIH communication can be protected.
At the end, the negotiated parameters in the previous phase are confirmed.
An authentication session is established
Authenticated & Authorized phase
At this point, MIH signalling is protected and MN is authenticated and authorized to use the services provided by the MIA.
Regarding key distribution:
If Push Key Distribution was negotiated, some protected MIH signalling is required in order the MN to inform the MIA to install a key in a target MSA.
If Reactive Pull Key Distribution is agreed, no need of MIH signalling is required but some state is needed in the MIA that will act as AAA server.
If Proactive Pull Key Distribution is agreed, authentication L2 frames are tunnelled to the MIA from the MN; and from the MIA to the target MSA in order to perform a proactive media-specific authentication with the target MSA. That is, the MIA provides a proxy service.
Finalization phase
MN and MIA finish the session.

15. Media Independent Authentication (I)MN
MIA
Serving
MSA-KH
Target
MSA-KH
L-AAA
H-AAA
MIH User
MIHF
MAC
MIHF
MIH User
AAA
0*. Media-specific network access authentication
MSK
MSK
0*. Only required if the MN has no already access to the network through Serving MSA-KH
* Auth. Trigger
1. Negotiation I1
Key Distribution Method agreed
Key Distribution Method agreed
2. Media-independent authentication I1 I2 I2 I3 I4
Key Distribution Method confirmed 15

16. Media Independent Authentication (II)MN
MIA
Serving
MSA-KH
Target
MSA-KH
L-AAA
H-AAA
MIH User
MIHF
MAC
MIHF
MIH User
AAA
2’. Key installation for (reactive or proactive) PULL just after media-independent authentication
MSK’/rMSK
MSK’/rMSK I2
MI-PMK
MI-PMK I2
MS-PMK
MS-PMK
MS-PMK
MS-PMK I6 I5
MS-PMK
MS-PMK 16

17. Media Independent Authentication
802.21a scope
Interface I1
This interface transports EAP or an authentication protocol over MIH signaling. In the case of transporting EAP, the MIHF implements an EAP lower-layer functionality.
Interface I2
For Media Independent Authentication it is an internal interface used by the MIA to exchange EAP packets (or any other authentication protocol packets) between the MIHF and the MIH-USER (which is the EAP stack when EAP is used or the authentication protocol implementation).
For key distribution, I2 is used to install the derived MS-PMKs and required parameters to the corresponding MIH-USER (e.g. key manager).
This interface is used just after Media Independent Authentication for Reactive or Proactive PULL Key Distribution.

18. Media Independent Authentication
Outside a scope
Interface I3
Internal interface to communicate MIH user with AAA client in the MIA-KH order to forward authentication to H-AAA.
Interface I4
Interface to transport EAP or authentication protocol to the H-AAA in order to perform the authentication (e.g. AAA protocol).
Interface I5
This interface is used by the Reactive or Proactive PULL Key Distribution in order to provide the MS-PMK(s) to the AAA server in the MIA. So that, when the MN moves to the target MSA-KH, all key material is available and a fast media-specific re-authentication can be performed.
Interfaces (I6)
This interface allows to installa the MS-PMK in the MAC layer (MN side).

19. Summary Media Independent Authentication
EAP Authenticator / MIA-KH
EAP/AAA Server
EAP Peer / MN
MIH USER
MIH USER
MIH USER
MIH USER
EAP method layer
EAP method layer
(e.g.) Key Manager
EAP method layer
(e.g.) Key Manager
EAP auth. layer
EAP peer layer
EAP
(serv.)‏ layer
EAP layer
EAP layer
EAP layer I2 I2
I3 I5 I2 I2
AAA/IP
MIH EAP lower-layer (MIHF)
MIH EAP lower- layer (MIHF)
AAA/IP I4 I1
Primitives for EAP authentication
MIH USER
MIH-SAP
Primitives for pull key distribution
MIHF
Out of scope of a
MIH signalling between MIHF

20. Handoff to target MSA-KH
Push Key distribution MN
MIA
Serving
MSA-KH
Target
MSA-KH
MIH User
MIHF
MAC
MIH User
MIHF
Key Dist. Trigger
3. Proactive (Push) Key Dist. signaling
MI-PMK
MI-PMK I1 I2
MS-PMK
MS-PMK I7 I2
MS-PMK I6
MS-PMK
Handoff to target MSA-KH
Security Association Protocol

21. Push Key distribution Interface (I1) Interfaces (I2, I7)
This interface is used to request the MIA-KH the installation of a key (MS-PMK) in the target MSA-KH using MIH signaling.
Interfaces (I2, I7)
After MN requests a PUSH Key Distribution with I1, the MIHF in the MIA provides the MS-PMK and other useful information (e.g. key lifetime) to the MIH User (by using I2), which knows how to install the MS-PMK in the target MSA-KH (I7).
Interfaces (I2, I6)
After requesting a PUSH Key Distribution through I1, the MIHF in the MN provides the MS-PMK and other useful information (e.g. MS-PMK lifetime) to the MIH User (acting as key manager) (I2) which is in charge of export the MS-PMK to the MAC layer (I6).

22. Summary Push Key DistributionMN
MIA-KH
Target
MSA-KH
MIH User (e.g. Key Manager/Store)
MAC I7 I6
MIH User (e.g.
Protocol X for push key installation) I2 I2
MIHF
MIHF I1
Protected MIH signaling between MIHF
MIH USER
Primitives for push key distribution
MIHF
MIH-SAP
Out of scope of a

23. Reactive Pull Key DistributionMN
MIA
Serving
MSA-KH
Target
MSA-KH
MIH User
MIHF
MAC
MIH User
MIHF
AAA
MS-PMK
MS-PMK
Handoff to target MSA-KH
3. Media-specific network access re-authentication [MN’s identity =
MSK
MSK
Security Association Protocol
*NOTE = Regarding identity’s format, it must still be defined.

24. Reactive Pull Key Distribution
Assuming that the MS-PMK used by the EAP (fast) re-authentication mechanism for pull key distribution has been already sent to the MIH user during the authentication phase (see slide 10):
No MIHF intervention is required (see slide 17)

25. Proactive Pull Key Distribution (over MIH Signalling)MN
MIA
L-AAA
H-AAA
Serving
MSA-KH
Target
MSA-KH
MIH User
MIHF
MAC
MIHF
MIH User
AAA
MS-PMK
MS-PMK
3. Authentication L2 frames over MIH Tunnel
[MN’s identity for media-specific auth. = or I2 I2 I1
MN’s identity =
MN’s identity = I9
I10
I11
I11
Security Association Protocol

26. Proactive Pull Key Distribution (over DYNAMIC TUNNEL)
Dynamically established secure tunnel using TN-PMK MN
MIA
L-AAA
H-AAA
Serving
MSA-KH
Target
MSA-KH
MIH User
MIHF
MAC
MIHF
MIH User
AAA
MS-PMK
MS-PMK
MI-PMK
MI-PMK I2 I2
3. Authentication L2 frames
over Secure Tunnel
TN-PMK
TN-PMK
I12
TN-PMK
TN-PMK
MN’s identity =
3. Authentication L2 frames over dynamically established tunnel
[MN’s identity for media-specific auth. = or
MN’s identity = I9
I10
I11 (Optimized Proact. Pull Key Distr.)
I11
Security Association Protocol

27. Proactive Pull Key distribution
Interface I1
This interface is used to transport the media-specific authentication L2 frames from the MN to the MIA.
These messages are protected by the key material provided after the media independent authentication.
Interface I2
Over MIH Signalling. It is used to tranfer L2 frames from MIHF to MIH user and viceversa.
Over Dynamic secure tunnel. It is used to set a TN-PMK that allows to establish a secure tunnel (e.g. IKEv2-PSK).
Interface l9
Interface used between the target MSA-KH and MIA. This interface transports authentication L2 frames to the target MSA-KH from the MIA.
Interface l10
Interface for transporting the media-specific auth. L2 frames to the MAC layer in the MN.
Interface l11
Interface used by the target MSA-KH to communicate with the AAA server. The AAA server may be the MIA or the home AAA.
Interface I12
A dynamically established secure tunnel to transport auth. L2 frames

28. Summary Proactive PULL Key Distribution (over MIH Signalling)
AAA Server
EAP method layer
EAP
(serv.)‏ layer
EAP layer
AAA/IP MN
I11
MIA
Target
MSA-KH
I11
MIH User (e.g. Key Manager/Store)
MAC I9
I10
MIH User I2 I2
MIHF
MIHF
AAA/IP
Auth. L2 frames over MIH (I1)
Protected MIH signaling between MIHFs
MIH USER
MIHF
Primitives for pull key distribution
MIH-SAP
Out of scope of a

29. Summary Proactive PULL Key Distribution (over DYNAMIC TUNNEL)
EAP/AAA Server
EAP method layer
EAP
(serv.)‏ layer
EAP layer
AAA/IP
L2 frames over Dynamically established secure tunnel using TN-PMK
I11 MN
MIA
MAC
Target
MSA-KH
I11
I10
MIH User (e.g. Key Manager/Store) I9
MIH User I2 I2
MIHF
MIHF
AAA/IP
Protected MIH signaling between MIHF
MIH or dynamically Tunnel
MIH USER
MIHF
Primitives for pull key distribution
MIH-SAP
Out of scope of a

30. Remove dynamically established tunnel
Session Finalization MN
MIA
Serving
MSA-KH
Target
MSA-KH
MIH User
MIHF
MAC
MIHF
MIH User
AAA
4. Session Finalization
Remove dynamically established tunnel I1 I2 I2 I5
4a. For (Reactive or Proactive) Pull Key Dist. I6
Remove Keys
Remove Keys
4a’. Only for Proactive Pull Key Dist. over Dynamic tunnel
I12 I2 I2
4b. For Push Key Dist. I7 I6
Remove Keys
Remove Keys 30

31. Media Independent Proactive authentication
Interfaces summary
Media Independent Proactive authentication
Reactive PULL Key Distribution
Proactive PULL Key Distribution
PUSH Key Distribution MN
I1 I2
I2 I6
I1 I10 I2 I12
I1 I6 I2
Serving MSA-KH
Target MSA-KH
I9 I11 I7
MIA
I2 I3 I4
I2 I5
I1 I11 I2 I12
I1 I7 I2
AAA I4
I11
Outside a scope

32. DEPLOYMENT
ANALYSIS

33. PUSH Key Distribution
The target MSA-KH needs to provide an interface to allow the MIA to push (or remove) a key.

34. Reactive PULL Key Distribution
A new MN re-authentication identity must be provided to the MN during the proactive authentication.
A re-authentication mechanism based on symmetric key is needed (e.g. ERP or EAP-GPSK).
Once the target MSA-KH receives the MN re-authentication identity, two options are possible:
The MSA-KH routes the AAA messages using the realm part of the new MN re-authentication identity to the appropiate MIA  MSA-KH AAA routing table has to be updated to point out to the MIA.
The target MSA-KH , usings its default AAA route, sends the AAA messages to its default local AAA server, which must be configured to act as AAA proxy for the identity’s realm provided and to forward the AAA messages to the corresponding MIA.  Local AAA proxy has to add a new entry in AAA routing table to point out the MIA.
Summary:
In either options, no changes to the media-specific wireless technology are required.
Moreover, option 2 does not need any change in the configuration parameters in the deployed MSA-KHs.

35. Proactive PULL Key Distribution
Similar analysis as Reactive PULL Key Distribution is applicable to Proactive PULL Key Distribution but...
... since the MIA provides a proxy service for authentication L2 frames.
The MSA-KHs must be modified in order to accept L2 authentication wireless frames through the wired interface.
A protocol to transport these frames from the MIA to the target MSA-KH is required. (out of the scope of a)
Depending on the MN’s identity:
If the MN uses its original home domain identity (e.g. the target MSA contacts the home AAA and MIA does not need to act as AAA server.
if the MN uses a new MN re-authentication identity (e.g. the MIA has to act as AAA server  Optimized Proactive Pull Key Distribution

36. Some conclusions
802.21a defines EAP (or any other authentication protocol) transport for proactive authentication, key hierarchy and an MIH-SAP primitives with the MIH-USER to support three key distribution models.
How the parameters passed by means of the MIH-SAP primitives are used by the media-specific lower layers is out of the scope.
802.21a specification may contain call flows for guidelines to show how these parameters can be used by the media-specific lower-layers.
The call flows if contained are only informational.
Depending on how these parameters are used, it may or may not require changes to the lower-layer standards and/or implementations.
Reactive PULL Key Distribution do not require these modifications and PUSH Key Distribution and proactive PULL Key Distribution may require these ones (e.g. at firmware level)

37. REQUIRED FUNCTIONALITIES FOR EACH ENTITY

38. For media-specific network access authentication
If MN needs to get network access through the Serving MSA (step 0, slide 9).
EAP peer for a media-specific authentication.
Media specific EAP lower layer.
Secure Association protocol client for the specific media

39. For the Media Independent AuthenticationMN
If EAP is used for media-independent authentication
EAP peer for media-independent authentication
Media-independent EAP lower-layer (MIHF)
If EAP is NOT used for (proactive) media-independent authentication
authentication protocol implementation
media-independent client transport for the authentication protocol.
Serving MSA-KH
EAP authenticator for media-specific authentication.
AAA protocol client for a specific media
Secure Association protocol server for the specific media
MIA
EAP authenticator for media-independent authentication
Media-independent EAP lower-layer
AAA protocol client for media independent authentication
(H) AAA Server
EAP server for media specific authentication
EAP server for proactive media-independent authentication
AAA protocol for media specific authentication
AAA protocol for (proactive) media independent authentication

40. For PUSH Key distributionMN
Media independent client protocol for indicating proactive key distribution.
This signaling indicates that key distribution is push model
Key derivation mechanism to derive MS-PMK.
Secure Association protocol client for the specific media
Target MSA-KH
Interface with MIA-KH that allows to receiving a key in a push fashion.
Secure Association protocol server for the specific media
MIA
Media independent server protocol for proactive key distribution.
Interface with MSA-KH for sending a key in a push fashion.

41. For Reactive PULL Key DistributionMN
Media independent client protocol for indicating proactive key distribution.
This signaling indicates that key distribution is pull model
The MN receives from MIA information about MIA’s realm that it is useful for AAA routing.
EAP peer for a media-specific authentication.
Media specific EAP lower layer.
Secure Association protocol client for the specific media
Target MSA-KH
EAP authenticator for a specific media
AAA client for a specific media
Secure Association protocol server for the specific media
MIA
EAP server for media-specific authentication
AAA protocol server for media-specific authentication

42. For Proactive PULL Key DistributionMN
Interface to obtain/set L2 Frames from/to the MAC layer.
Media independent protocol for transporting L2 frames between the MN and the MIA (Over MIH signalling option).
Secure tunnel protocol for transporting L2 frames between the MN and the MIA (Over dynamic secure tunnel option).
Key derivation mechanism to derive MS-PMK and TN-PMK
EAP peer for a media-specific authentication.
Media specific EAP lower layer.
Secure Association protocol client for the specific media.
Target MSA-KH
EAP authenticator for a specific media
AAA client for media-specific (proactive) authentication.
Protocol to receive/send wireless (auth.) L2 frames from/to MIA over the wired interface.
Secure Association protocol server for the specific media
MIA
AAA protocol for media-specific (proactive) authentication [NOTE: When MN uses a MN re-authentication identity].
Protocol to receive/send wireless (auth.) L2 frames from/to the target MSA over the wired interface.
Home AAA
AAA protocol for media-specific (proactive) authentication. [NOTE: When MN uses its home domain identity]

43. Future work
More detailed definition of the interfaces in a scope.