8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 1/106
21-08-0080-02-0sec 1
IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: 21-08-0080-02-0sec-security-signaling-during-handovers-tutorial
Title: Media-Independent Handover Security Tutorial
Date Submitted: March 18, 2008
Presented at IEEE 802.21 session #25 in Orlando
Authors or Source(s):
Yoshihiro Ohba (Toshiba), Marc Meylemans (Intel), Subir Das
(Telcordia Technologies)Abstract: This document provides a tutorial on Media-Independent
Handover Security
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 2/106
21-08-0080-02-0sec 2
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE 802.21 Working Group. It isoffered as a basis for discussion and is not binding on the contributingindividual(s) or organization(s). The material in this document is subject tochange in form and content after further study. The contributor(s) reserve(s)the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in thecreation of an IEEE Standards publication; to copyright in the IEEE’s nameany IEEE Standards publication even though it may include portions of thiscontribution; and at the IEEE’s sole discretion to permit others to reproduce inwhole or in part the resulting IEEE Standards publication. The contributor alsoacknowledges and accepts that this contribution may be made public by IEEE
802.21.The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of
the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During
IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE 802.21 Working Group. It isoffered as a basis for discussion and is not binding on the contributingindividual(s) or organization(s). The material in this document is subject tochange in form and content after further study. The contributor(s) reserve(s)the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in thecreation of an IEEE Standards publication; to copyright in the IEEE’s nameany IEEE Standards publication even though it may include portions of thiscontribution; and at the IEEE’s sole discretion to permit others to reproduce inwhole or in part the resulting IEEE Standards publication. The contributor alsoacknowledges and accepts that this contribution may be made public by IEEE802.21.
The contributor is familiar with IEEE patent policy, as stated in Section 6 of theIEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards
Development http://standards.ieee.org/board/pat/faq.pdf >
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 3/106
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 4/106
21-08-0080-02-0sec 4
Overview of 802.21
Please refer to the Tutorial presented inJuly 2006
http://www.ieee802.org/21/Tutorials/802%2021-IEEE-Tutorial.ppt
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 5/106
21-08-0080-02-0sec 5
IEEE 802.21 StandardMedia Independent Handover Services
• Optimize Layer 3 and above Handovers• (e.g., 802.3 <> 802.11 <> 802.16 <> Cellular)
• Key Services• L2 Triggers and Measurement Reports
• 802.11, 802.16 radios• Enables Network Initiated Handovers
• Information Service• Optimum Network Discovery and Selection• Lower Power operation for Multi-Radio devices
• Handover Messages• Between Mobile Node (MN) <>Point of Service (PoS) (e.g., BS/AP)
• Between PoS1 <> PoS2 (Resource Query, HO Indication)
• Further Information is available at www.ieee802.org/21
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 6/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network Information
Available NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 7/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 8/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 9/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
802.21 MIH Function
Protocol and Device Hardware
Applications (VoIP/RTP)
ConnectionManagement
WLAN Cellular WMAN
L2 Triggersand Events
InformationService
Mobility Management Protocols
SmartTriggers
InformationService
Handover Messages
Handover Management
Handover Policy
Handover Messages I E
E E 8
0 2 . 2
1
I E T F
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 10/106
21-08-0080-02-0sec 6
IEEE 802.21: Overview
L2 Triggers & MeasurementsState Change
PredictiveNetwork Initiated
Network InformationAvailable NetworksNeighbor MapsNetwork ServicesHandover Commands
Client InitiatedNetwork Initiated
Vertical Handovers
802.21 MIH Function
Protocol and Device Hardware
Applications (VoIP/RTP)
ConnectionManagement
WLAN Cellular WMAN
L2 Triggersand Events
InformationService
Mobility Management Protocols
SmartTriggers
InformationService
Handover Messages
Handover Management
Handover Policy
Handover Messages I E
E E 8
0 2 . 2
1
I E T F
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 11/106
21-08-0080-02-0sec 7
General MIH Reference Model andService Access Points (SAPs)
M I H
_ L I N K_
S A P
M I H_
S A P
Media-IndependentHandover Function
(MIHF)
RemoteMIHF
M I H
_ N E T_
S A P
MIH ProtocolTransport
(Layer 2 orLayer 3)
LLC_SAP
MIH Users
Layer 3 orHigher Layer
Mobility Protocol
Link Layer(IEEE 802.3,IEEE 802.11,
IEEE 802.16)
SAPs defined in IEEE 802.21 Specification
M I H
_ N E T_
S A P
MIH
Services
(ES,CS,
IS)
MIH ProtocolMIH Services(ES, CS, IS)
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 12/106
21-08-0080-02-0sec 8
Technical Challenges in Handovers
Challenge Motivation
Efficient NetworkDiscovery and Selection
Inter-Network Neighbor Advertisements reducepower consumption in scanning. The 802.11module will only turn on if 802.11 coverage isavailable
Low Latency Handovers Requires inter-RAT interface. Speeds up handoff procedure (passing security keys, resourcereservation).
Service Provider’s Controlin Target NetworkSelection
Enables service providers to enforce handoff policies and decisions. Requires inter-RATmeasurement reporting
Service Continuity Eliminate L3 mobility signaling in inter-RATmobility by keeping L3 anchor in the previous RATaccess gateway. Requires inter-RAT interface
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 13/106
21-08-0080-02-0sec 8
Technical Challenges in Handovers
Challenge Motivation
Efficient NetworkDiscovery and Selection
Inter-Network Neighbor Advertisements reducepower consumption in scanning. The 802.11module will only turn on if 802.11 coverage isavailable
Low Latency Handovers Requires inter-RAT interface. Speeds up handoff procedure (passing security keys, resourcereservation).
Service Provider’s Controlin Target NetworkSelection
Enables service providers to enforce handoff policies and decisions. Requires inter-RATmeasurement reporting
Service Continuity Eliminate L3 mobility signaling in inter-RATmobility by keeping L3 anchor in the previous RATaccess gateway. Requires inter-RAT interface
Target Preparation is the Key aspect of Optimized Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 14/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 15/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
1. Inter-RAT NeighborAdvertisements.
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 16/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
2. Inter-Access GatewayI/f Pass network context
from Source to Target for
Optimized Handovers
1. Inter-RAT NeighborAdvertisements.
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 17/106
21-08-0080-02-0sec 9
Key Interfaces for Handovers
Mobile Station(MS)
AG-RAT1
AG-RAT2
R AGCommon Core
HAAAA
HSS
HLR
Information
Server
R S
R S
AG: Access Gateway
RAT: Radio Access Technology
HA: Home Agent
2. Inter-Access GatewayI/f Pass network context
from Source to Target for
Optimized Handovers
1. Inter-RAT NeighborAdvertisements.
3. Network-initiated Handovers
Require Measurement Reports
and H/O messages over Core
Network and air-interface
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 18/106
21-08-0080-02-0sec 10
802.21 History & Timeline
1H
2004
2H
2004
802.21 WGCreated
Call For Proposals
1H
2005
14 InitialProposals
2H
2005
1H
2006
Down selection Initial802.21 Draft Text
2H
2006
Initiate Amendments to802.11u, 802.16g.IETF (MIPSHOP) on L3
Year
2007
Sponsor Ballot
Year
2008
802.21 Spec
Ratified *
2009-
2010
802.21Deployment*
WG Letter Ballot
*Projected Timelines
Two New Study Groups (July – 2007)- Security in Handovers- Multi-Radio Power Management
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 19/106
21-08-0080-02-0sec 11
Network Access Security Model
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 20/106
21-08-0080-02-0sec 12
Network Access Security Steps
Step 1: Network access authenticationStep 2: Secure association
Step 3: Access control and ciphering
Entities involved:• MN: Mobile Node• PoA: Point of Attachment (e.g., Access
Point)• AS: Authentication Server (e.g., AAA
server)
MN changes its PoA due to handover
MN PoA AS
Step 1: Network Access Authentication
Step 2: Secure Association
Network access security is all about how to bind the three stepstogether to provide appropriate security properties for network access with the use of security associations (SAs)
Step 3: Access Control
and Ciphering
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 21/106
21-08-0080-02-0sec 13
Security Associations (SAs)
SAmp: An SA between MN and PoA
SAma: An SA between MN and ASSApa : An SA between PoA and AS
• SApa is pre-established through AAA or other protocols
• SAma will be established through a mutually authenticated key establishmentas an access authentication (in Step 1)
• SAmp is dynamically established with creation of a Session Key
MN PoA
AS
SAma SA pa
SAmp
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 22/106
21-08-0080-02-0sec 14
Step 1 - Network Access Authentication
• MN and AS conduct EAP to establish SAmp
• EAP (Extensible Authentication Protocol) exports two keys:• MSK (Master Session Key) - distributed from AS to PoA protected by SApa
• EMSK (Extended Master Session Key) – used for other purpose
• EAP is transported at link-layer as well as higher layers• Link-layer EAP transport in IEEE 802: 802.1X, PKMv2• Higher-layer EAP transport: PANA (Protocol for carrying Authentication for
Network Access), IKEv2 (Internet Key Exchange version 2), RADIUS/Diameter
MN* PoA* AS*
EAP-Request
EAP-Response AAA{EAP-Response}
AAA{EAP-Request}EAP-Request
:AAA{EAP-Success,MSK }EAP-Success
* Note: MN, PoA andAS are EAP peer,authenticator andserver, respectively,and represent onedeployment model.:
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 23/106
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 24/106
21-08-0080-02-0sec 16
Step 3 – Access Control and Ciphering
• Access control enforces link-layer data frames to be exchanged
between MN and PoA only after a successful run of NetworkAccess Authentication and Secure Association
• Link-layer data frames are cryptographically protected with the
use of ciphering keys depending on underlying link-layertechnologies
Wednesday, July 29, 2009
S i Si i
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 25/106
21-08-0080-02-0sec 17
Security Signaling Latency
• Approximately 90% of the latency originates from the EAP signaling
during network access authentication (full authentication)• EAP authentication takes on average 100s of ms, while the layer 2 key
management (4-way handshake (HS) in 802.11 and 3-way handshake in802.16) takes on average less than 10ms.
802.11 802.16
MN: Mobile NodeAP: Access PointBS: Base StationAAA: AAA server
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 26/106
21-08-0080-02-0sec 18
Handover Scenarios
• Two Common Cases• Intra-technology Handovers• Inter-technology Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 27/106
21-08-0080-02-0sec 19
Intra-Technology Handovers
Wednesday, July 29, 2009
S l ti A il bl T d
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 28/106
21-08-0080-02-0sec 20
Solutions Available Today
• Several handover solutions available today are centered around
intra-technology handovers (AP to AP, BS to BS and typicallywithin the same AAA domain)
• IEEE 802.11 solutions:• Pre-authentication (as defined in 802.11i)
• Fast BSS Transition (under Sponsor Ballot in TGr)• IEEE 802.16 solution:
• Handover Process Optimization (as defined in 802.16e)
• IEEE 802.1 solution
• Roaming (reconnect) solution (under letter Ballot in 802.1af)
• Main goal of the above solutions is to decrease the time it takesto do an EAP-based network access authentication
Wednesday, July 29, 2009
802 11i P th ti ti
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 29/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i P th ti ti
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 30/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 31/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 32/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 33/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
MSK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 34/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
MSK
MSK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i Pre authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 35/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
MSK
MSK
8 0 2 . 1 1 i 4
- W a y
H a n d
s h a k
e
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802 11i - Pre-authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 36/106
21-08-0080-02-0sec 21
802.11i - Pre-authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2 MSK
MSK
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 37/106
802 11i - Pre-authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 38/106
21-08-0080-02-0sec 21
802.11i Pre authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2
• STA performs 802.11i 4-WayHandshake with AP2, usingMSK
(STA, AP2)
• Data Traffic Flows via AP2
MSK
MSK
PTK
PTK
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11i - Pre-authentication
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 39/106
21-08-0080-02-0sec 21
802.11i Pre authentication
AAA server
AP1 AP2
• STA Associated to AP1, after full802.11i authentication
• Data traffic flows via AP1
• STA selects AP2 as Target, andinitiates pre-Authentication for AP2
• EAP Authentication is sent viaAP1
• AP2 receives MSK from EAPServer
• STA derives MSK for AP2
• STA performs 802.11i 4-WayHandshake with AP2, usingMSK
(STA, AP2)
• Data Traffic Flows via AP2
• Transition complete
802.11 Access
Network
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 40/106
21-08-0080-02-0sec 22
802.11r Fast BSS Transition
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 41/106
21-08-0080-02-0sec 22
802.11r Fast BSS Transition
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 42/106
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 43/106
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 44/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 45/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 46/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 47/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 48/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 49/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 50/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 51/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 52/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
• Data traffic flows via AP2
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.11r – Fast BSS Transition
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 53/106
21-08-0080-02-0sec 22
• STA Associated to AP1
• Data traffic flows via AP1
• STA Moves and Selects AP2 asTarget
• 802.11r Auth Request
• Request PMK-R1AP2 from R0KH
• Derive PMK-R1AP2 for AP2
• Response w/ PMK-R1AP2 to AP2
• 802.11r Auth Response
• AP2 & STA Derive PTK
• 802.11r Reassociation Requestand Response
• Data traffic flows via AP2
• Transition complete
802.11 MobilityDomain
AAA server
AP1 AP2
PMK-R0
PMK-R1 AP2 PMK-R1 AP2
PTK
PMK-R0
PMK-R1 AP2
PTK
Internet
Conceptual Flow
STA
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 54/106
21-08-0080-02-0sec 23
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 55/106
21-08-0080-02-0sec 23
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 56/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 57/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 58/106
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 59/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 60/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 61/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
• BS1 forwards MS info andconnection context to BS2 (handover TEKs, associated counters,
negotiated capabilities, CID update,…)
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 62/106
802.16e – HO Process optimization
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 63/106
21-08-0080-02-0sec 23
• MS connected with BS1, data trafficflows
• MS sends HO request (HOoptimization bits set, preferred BSs)to BS1
• BS1 forwards HO request to BS2
• BS2 sends HO response back toBS1
• BS1 sends HO response back to MS
• MS sends HO indication with BS2 astarget
• BS1 forwards MS info andconnection context to BS2 (handover TEKs, associated counters,
negotiated capabilities, CID update,…)
• MS ranges and attaches with BS2
• Data traffic flows via BS2
AAA server
802.16 Accessnetwork
BS1 BS2
Corenetwork
Conceptual Flow
Internet
AK1 AK2
MS
Wednesday, July 29, 2009
IEEE P802.1af and 802.1AE
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 64/106
21-08-0080-02-0sec 24
• IEEE P802.1af – a new revision of 802.1X for port access
control, it provides• Network access authentication, secure association and access control for LAN/
MAN
• Network discovery
• Allows a session key that was established between a Host and a Network
Access Point to be cached and reused when reconnecting back to any Network
Access Points within the same administrative domain
• IEEE 802.1AE - MAC Security• Provides ciphering for LAN/MAN
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 65/106
21-08-0080-02-0sec 25
Inter-Technology Handovers
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 66/106
Dual-radio Handover Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 67/106
21-08-0080-02-0sec 27
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 68/106
21-08-0080-02-0sec 27
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 69/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
C t l Fl
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 70/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
MN t d ith R di 1 C t l Fl
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 71/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
MN t d ith R di 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 72/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 73/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 74/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 75/106
21-08-0080-02-0sec 27
• MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
• Application session continuityis maintained on AN2
Conceptual Flow
Wednesday, July 29, 2009
Dual-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 76/106
21-08-0080-02-0sec 27
MN connected with Radio 1to AN1, and an applicationsession is active
• MN moves, Radio 2 On
• MN decides to perform HO toAN2
• MN authenticates with AN2using Radio 2
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resourcereservation and so on
• Application session continuityis maintained on AN2
• Radio 1 off or idle
Conceptual Flow
Wednesday, July 29, 2009
Single-radio Handover Flow
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 77/106
21-08-0080-02-0sec 28
p
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 78/106
Single-radio Handover Flow
• MN connected with Radio 1 Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 79/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1t AN1 d li ti
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 80/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1t AN1 d li ti
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 81/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 82/106
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 83/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 84/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 85/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
• Radio 2 active
Wednesday, July 29, 2009
Single-radio Handover Flow
• MN connected with Radio 1to AN1 and an application
Conceptual Flow
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 86/106
21-08-0080-02-0sec 28
to AN1, and an applicationsession is active
• MN moves and decides toperform HO to AN2
• MN authenticates with AN2via AN1
• Subsequent HO proceduresfollow
•Including IP mobilitysignaling and resource
reservation and so on• Radio 1 Off/Idle
• Radio 2 active
• MN attaches to AN2
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 87/106
What is the problem?
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 88/106
21-08-0080-02-0sec 29
• Security-related signaling can increase the latency significantlyin single-radio handover efforts and in many cases servicecontinuity can not be met
• Handover techniques that assume concurrent radio usagecannot be used
• Even for dual-radio devices it might make sense to reduce thesecurity-related signaling, as it decreases the time that bothradios need to be active and thus can increase battery life
• In addition, handovers between networks within the same AAA
domains or different AAA domains pose different challenges
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 89/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 90/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 91/106
21-08-0080-02-0sec 30
Establish a key hierarchy through full authentication upon entry into theAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 92/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 93/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition(1/3)
• Establish a key hierarchy through full authentication upon entry into the
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 94/106
21-08-0080-02-0sec 30
y y g p yAAA domain
• The key hierarchy may span multiple link-layer technologies
• Network access authentication is based on exchanging proof of possession of the root key between MN and the root key holder through the PoA
Root Key
Session Keyfor PoA_1
Session Keyfor PoA_2
… Session Keyfor PoA_N
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (2/3)
• ERP (EAP Extensions for EAP Re-authentication Protocol) is
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 95/106
21-08-0080-02-0sec 31
( )
defined in IETF for Key Hierarchy-based Transition• The server for ERP can be in a visited domain
• ERP requires one AAA message roundtrip
AAA domain X
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (2/3)
• ERP (EAP Extensions for EAP Re-authentication Protocol) is
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 96/106
21-08-0080-02-0sec 31
( )
defined in IETF for Key Hierarchy-based Transition• The server for ERP can be in a visited domain
• ERP requires one AAA message roundtrip
AAA domain X
Re-authentication Server
(AAA server/proxy)
ERP signaling
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 97/106
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 98/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Proactive re-authentication
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 99/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Intra-AAA-domainHandover – Key Hierarchy-based Transition (3/3)
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 100/106
21-08-0080-02-0sec 32
• In this approach, ERP is proactively performed (proactive re-authentication)
• No AAA roundtrip after switching to the target PoA
AAA domain X
Secure Association
Re-authentication Server
(AAA server/proxy)
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains in general full
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 101/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains in general full
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 102/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
EAP (RFC 3748)
signaling
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains, in general full
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 103/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Wednesday, July 29, 2009
Potential Approach for Inter-AAA-DomainHandover – Authentication-based Transition
• Since networks are in different AAA domains, in general full
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 104/106
21-08-0080-02-0sec 33
Since networks are in different AAA domains, in general full
authentication can not be avoided
• There is no reason for the new domain to “trust” keys from the old domain, and no reasonfor mobile device to “trust” the new domain with keys it used with its old domain
• Roaming agreements (SLAs) may exist between the two networks, but home operator
might still require the user to authenticate with the home network (AAA) because of security or policy reasons
• A pre-authentication solution is needed that works acrossmultiple AAA domains
AAA domain X AAA domain Y
EAP server
Secure Association
Wednesday, July 29, 2009
Proposed Direction in 802.21• Proactive authentication is the promising approach to reduce
authentication and key establishment signaling latency
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 105/106
21-08-0080-02-0sec 34
• Needed for secure service continuity across different link-layertechnologies, AAA domains
• Use existing media-specific Secure Association mechanisms
• Proactive authentication can be based on proactive re-authentication, and pre-authentication
• Proactive authentication requires an EAP transport
• The solution that works independent of link-layer technologies
• Our main scope is IEEE 802 technologies, but solution could beapplied to handovers to other technologies
Wednesday, July 29, 2009
8/8/2019 802 21 IEEE Security Tutorial
http://slidepdf.com/reader/full/802-21-ieee-security-tutorial 106/106
21-08-0080-02-0sec 35
Thank You!
Wednesday, July 29, 2009
Top Related