7/13/06 1

Handover Keying Reqs

IETF 66 Montreal

7/13/06 2

Problem scope requirements (1)

• MUST Support multiple access technologies

• MUST not require full EAP re-authentication within same AAA domain– Handover (inter and intra ADC)

– Authorization Session Expiry

• MUST support deployments with disjoint AN and ADC– Distinct AN-ID and ADC-ID

– Distinct per AN and per ADC keys (derivation and transport)

– Channel binding for each key

• MUST be EAP-method independent in all aspects

7/13/06 3

Hierarchy Requirement (2)

• MUST determine whether to use MSK or USRK (from EMSK)– If USRK, then SHOULD develop spec USRK for

handover (HRK)

• MUST define key derivation/ management at each level (i.e. at AAA server, at ADC level, at AN)– If outside IETF scope (MN-AN): Should define

Requirement/ guidance/ parameters specifications (e.g. for channel binding, scoping, caching life time)

7/13/06 4

Signaling requirements

• MUST define key transport/management requirements.– SHOULD define key transport signaling protocols

• MUST investigate delay performance optimization alternatives– SHOULD support proactive and reactive signaling (pre

and post HO)

7/13/06 5

Key Scope requirementsHierarchy level i=HLi (root key: i=0)

• MUST define key life/scope for keys at any HLi.– Should define life time relationships between HLi and HLi+1

• Compromise of an HLi+1 key MUST not lead to compromise of keys at HLi at the same or other entities

• Compromise of an HLi key MUST not lead to compromise of keys at the same level (HLi) at other entities

• Compromise of an HLi key SHOULD not lead to compromise of HLi keys (same level) at same entity