Download presentation
Presentation is loading. Please wait.
Published byHester Gordon Modified over 9 years ago
1
May 12, 2008 Alcatel Lucent, Cisco, Motorola, Nortel, Verizon ABSTRACT: Proposed is additional key hierarchy and derivation for EPS access over eHRPD. RECOMMENDATION: Review and approve. Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above. Key Hierarchy and Derivation for eHRPD 3GPP2 TSG-S WG4 3GPP2 S40-20080512-xxx
2
2 Key Hierarchy (1/2)
3
3 Key Hierarchy (2/2) Access authentication based on EAP-AKA EAP client: UE EAP server: 3GPP AAA 3GPP AAA server obtains CK, IK from HSS As a result of EAP AKA, MSK is derived from CK, IK RFC 4187 PMK is derived from MSK PMK is used for the derivation of session keys at UE and eHRPD AN
4
4 Key Derivation – Network Nodes FACAuthKey, FPCAuthKey, RACAuthKey, and RPCAuthKey = AuthKey FACEncKey, FPCEncKey, RACEncKey, and RPCEncKey = EncKey * C.S0067-0 v1.0 Generic Key Exchange Protocol for cdma2000 High Rate Packet Data Air Interface, December 2005. SNID – the identity of the serving network in which the authenticator resides ANID – the identity of the serving Radio Access Network
5
5 Key Derivation – ME
6
6 Key Derivation Once HSS receives the request for AKA vector HSS generates authentication vector HSS transforms the authentication vector in the new authentication vector as follows: (CK’,IK’) = KDF(CK, IK, ) HSS sends the authentication vector to the 3GPP AAA MSK, bound to the Access Terminal identity (NAI), is derived from CK’ and IK’ according to RFC 4187 EAP-AKA The PMK, unique for the Access Network, is derived from the MSK Generic Key Exchange (GKE) Protocol is used to generate Session Keys between ME and eAN based on PMK GKE protocol generates multiple session keys from the PMK and stores the Session Keys as part of the session. GKE also allows the eAN and the ME to refresh session keys without having to execute the authentication procedures again.
7
7 Recommendation Review and adopt.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.