1. Secure Key Distribution and Authorization
July 2005
Secure Key Distribution and Authorization
Date:
Author(s):
Name
Company
Address
Phone
Dan Harkins
Trapeze Networks
5753 W. Las Positas blvd
Pleasanton, CA 94588
Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at
Dan Harkins, Trapeze Networks

2. Current text on Key Distribution
July 2005
A key is retrieved from “the infrastructure” in a method “beyond the scope of this specification.”
It “requires that keys only be distributed down the key hierarchy using a secure transport protocol.”
This is inadequate.
Dan Harkins, Trapeze Networks

3. Implication of Current Text
July 2005
Implication of Current Text
Possession of a key implies authorization to possess that key.
This is incorrect. Any STA that encounters an authenticator in possession of a PMK that it has not authorized should cause the STA to cease using the entire key hierarchy from which that PMK derived.
Dan Harkins, Trapeze Networks

4. “secure transport protocol”?
July 2005
Authentication and confidentiality are not enough
Other security objectives are needed
Authorization: official sanction is given to an entity to become something that it is not (e.g. a PMK derivative holder)
Validation: provide timeliness to authorization to ensure the sanction has bounds
Correctness: a STA’s authorization attributes (from AAA) follow it through a FBT
Dan Harkins, Trapeze Networks

5. A “secure transport protocol”
July 2005
We cannot punt this problem to another standards body or say it is “out of scope”
Elevation of privilege issues
Lack of authorization means that there is no way to distinguish between a compromised PMK derivative and a non-compromised PMK derivative in the hands of some random NAS
No assurance that the PMK derivative is bounded
Dan Harkins, Trapeze Networks

6. A Secure Protocol to meet these enhanced objectives
July 2005
A Secure Protocol to meet these enhanced objectives
TTAP’s NAS
PMK-R0 holder
STA
ID-sta, ID-r0kh, {ID-ttap-nas, Ns}mk
ID-sta, {ID-ttap-nas, Ns}mk
{ID-sta, Ns, Na, PMK-R1, author}k, {ID-ttap-nas, Na}mk
{ID-ttap-nas, Na}mk, MIC
Where:
ID-sta is the NAI send during the EAP exchange
ID-r0kh is the identity (NAS-Id nee R0KH) of the PMK-R0 holder
ID-ttap-nas is the NAS-Id of the authenticator of the TTAP
Ns is a nonce supplied by the STA
Na is a nonce supplied by the PMK-R0 holder
author are authorization attributes associated with PMK-R0
mk is a key shared between the STA and the PMK-R0 holder
k is a key shared between the TTAP and the PMK-R0 holder
MIC is SHA-256(Ns|Na)
Dan Harkins, Trapeze Networks

7. Security Objectives Met
July 2005
Security Objectives Met
Authentication of the entities involved in key distribution
Confidentiality of the key distribution
Authorization of the status of PMK-R1 holder
Validation of the authorization
Receipt of the key is acknowledged
Correctness of the authorization attributes assigned to the STA
Dan Harkins, Trapeze Networks

8. July 2005
Motion
Instruct the editor to incorporate changes from r into the 11r draft.
Dan Harkins, Trapeze Networks