1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0727-01-0000
Title: Proposal for IEEE Study Group on Security Signaling Optimization during Handover
Date Submitted: September 19, 2006
Presented at IEEE session in Melbourne
Authors or Source(s):
Yoshihiro Ohba (Toshiba), Subir Das (Telcordia),
Madjid Nakhjiri (Huawei), Qiaobing Xie (Motorola),
Junghoon Jee (ETRI), Soohong Daniel Park (Samsung)
Abstract: This document proposes IEEE Study Group on Security Signaling Optimization during Handover

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development

3. Objectives
Identify use cases in which security related signaling can add major delay to handover
Identify the security related handover issues and scenarios that can be addressed within IEEE
Investigate the feasibility of defining security signaling and primitives in a media independent manner
Investigate the feasibility of defining new security-related IEs to be used by security signaling
Investigate the feasibility of defining a new functional element that involves in security signaling across multiple access technologies

4. Scenario #1 (single interface)
AAA server
Core network
Serving
Authenticator (SA)
Target
Authenticator (TA)
Serving
network
Target
Network
Serving network and target network
belong to different mobility domains
(e.g., different ESSes) MN

5. Scenario #2 (dual interface)
AAA server
Core network
Serving
Authenticator (SA)
Target
Authenticator (TA)
Serving
network
Target
Network
Both interfaces are not always available MN

6. What is needed? Target authenticator discovery/information
Triggers to initiate authentication with target authenticator
Security signaling between MN and target authenticator via serving authenticator and related primitives
Mechanism to convert media-independent keys to media-specific keys
Definition of generic security properties that can be mapped to media-specific security parameters …

7. What is available? Optimized security signaling only within ESS
IEEE r fast roaming with security
Optimized security signaling only within ESS
No support for inter ESS
802.1X requires to run a new EAP session while changing the point of attachment
IEEE MIH protocol does not have support for security
Access authentication and key management is carried outside of MIH protocol
IETF activities on HOAKEY (an expected WG) deals with requirements for handover keying/EAP extension and pre-authentication
IETF will not define primitives
IETF work needs to be extended with L2 mechanisms to provide complete handover security solution

8. Proposal
Create a study group to investigate the issues and use case scenarios in more details
Consider scenarios whereby seamless handover is required between two security domains and/or with multiple heterogeneous network access technologies
Identify the need for security signaling and primitives in a media independent manner
Hold joint meeting with IEEE r, e, etc. to discuss and define the scope appropriately

9. Expected Output
Document the security related issues that are critical for handover optimization
Discuss IETF requirements on HOAKEY (Handover keying and pre-authentication) and show how this activity can complement such work
Develop a draft PAR on security optimization

10. Existing Support for Active Participation
Yoshihiro Ohba (Toshiba America Research, Inc.)
Subir Das (Telcordia)
Madjid Nakhjiri (Huawei)
Qiaobing Xie (Motorola)
Junghoon Jee (ETRI)
Soohong Daniel Park (Samsung)

11. References
[RFC3748] B. Aboba, et al., “Extensible Authentication Protocol (EAP)”, RFC 3748, June 2004.
[HOKEY-PS] M. Nakhjiri, et al., “AAA based Keying for Wireless Handovers: Problem Statement”, Internet-Draft, draft-nakhjiri-aaa-hokey-ps-03, Work in Progress, June 2006.
[EAPEXT-PS] L. Dondeti and V. Narayanan, “EAP Extensions Problem Statement”, draft-dondeti-eapext-ps-00.txt, Work in Progress, June 2006.
[PREAUTH-PS] Y. Ohba, et al., “Pre-authentication Problem Statement”, Internet-Draft, draft-ohba-hokeyp-preauth-ps-00, Work in Progress, April 2006.