1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: sec
Title: Option III: EAP to conduct service authentication and MIH packet protection (Summary)
Date Submitted: August 31, 2010
Present at IEEE meeting in August teleconference
Authors or Source(s): Fernando Bernal, Rafa Marín-López
Abstract:
Summary of document sec .

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development

3. Lily Comment’s
Comment [LLC1]: Most of the IEEE 802 protocols use counter mode based key derivation function, not feedback with the counter. I do not think this is a problem. But we need to make a decision here.
Response [LLC1]: Do you mean to change this with something similiar to spec (see section in spec)?
Comment [LLC2]: what is the relation of this KDF with the above PRF?. This is more or less like IEEE definition.
Response [LLC2]: KDF (Key Derivation Function) is related with the PRF+ in the sense of, the PRF+ could be used as the KDF to derive the key hierarchy or a different KDF could be used instead of PRF+.
Comment [LLC3]: Why we need such a long key? This key is used to further derive the following keys: PAIK and PAEK?
Comment [LLC5]: The length of PAIK depends on the ciphersuite. That is, which algorithm you are going to use.
Response [LLC3/5]: Correct, though we can pick only the n more significant bits of those 64 bytes. We can use the X first bits from the long key to be used as the key. Moreover, a mechanism like which uses a PRF-X (X=128, 256, 512,...) with different key lengths.
Comment [LLC4]: How theses random numbers are generated?
Response [LLC4]: The random numbers are generated during the Authentication phase. For generating them we may follow RFC 4086.

4. Lily Comment’s
Comment [LLC11]: How to include these parameters to .request, .indication, .response, .confirm etc.
Response [LLC11]: The parameters have been included in the different primitives.See sections from to in the document. 4

5. How to protect MIH protocol (II) Key hierarchy
Comment [LLC6]: Are these the same random numbers as used in MI-PMK derivation? They should not be?
Response [LLC6]: Yes, they are the same random numbers to generate MIIK and MIEK. NOTE: The MI-PMK has been removed from the key hierarchy for simplicity.
MSK or rMSK
MIIK
MIEK
Using the MSK or rMSK provided by the EAP authentication other session keys are derived:
MIIK, this key is used to provide integrity protection to the MIH protocol.
MIEK, used to provide confidentiality to the MIH protocol by encrypting MIH data.

6. How to protect MIH protocol (III) Ciphersuite
Comment [LLC9]: We need to discuss what algorithms will be used for MIH message protection and how the data is protected…
Confidentiality algorithms
Reference
ENCR_DES_IV64
RFC1827
ENCR_DES
RFC2405
ENCR_3DES
RFC2451
ENCR_RC5
ENCR_IDEA
ENCR_CAST
ENCR_BLOWFISH
ENCR_3IDEA
ENCR_DES_IV32
RFC2410
ENCR_AES_CBC
RFC3602
ENCR_AES_CTR
RFC3664
ENCR_NULL
Confidentiality and Integrity algorithms
ENCR_INTR_AES_CCM
Integrity algorithms
Reference
INTR_HMAC_MD5_96
RFC2403
INTR_HMAC_SHA1_96
RFC2404
INTR_KPDK_MD5
RFC1826
INTR_DES_MAC
INTR_AES_XCBC_96
RFC3566
INTR_NULL
KDF algorithms
Reference
PRF_HMAC_MD5
RFC2104
PRF_HMAC_SHA1
PRF_HMAC_SHA256
PRF_HMAC_TIGER
PRF_AES128_XCBC
RFC3664

7. How to protect MIH protocol (III) Two algorithms: Integrity and Confidentiality
Comment [LLC10]: We need a more detailed description about protected message format

8. How to protect MIH protocol (III) One algorithm both Integrity and Confidentiality
Comment [LLC10]: We need a more detailed description about protected message format 8

9. Bundle option WI#1 option B

10. Key Hierarchy
Comment [LLC6]: Are these the same random numbers as used in MI-PMK derivation? They should not be?
Response [LLC6]: Yes, they are the same random numbers to generate MIIK and MIEK. The MS-ROOT has been added to the key hierarchy as root key for deriving MS-PMKs.

11. Message flows (I) Push key distribution
Comment [LLC12/13]: These are not 21 messages. How we are going to include these?
Response [LLC12/13]: These have been removed from the figures. Now, a plain text explaining what is needed to perform hasbeen added.
Push key distribution