No Slide Title

Download Report

Transcript No Slide Title

1

Local Security Association (LSA) The Temporary Shared Key (TSK)

draft-le-aaa-lsa-tsk-00.txt

Stefano M. Faccin, Franck Le

What?

• A secure mechanism to setup a Local Security Association between the user and the visited domain • An LSA can be utilized for various purposes, including: • securing message exchanges between user and the visited domain • deriving secondary LSAs between user and visited domain without involving home domain • The mechanism proposed in the draft defines a Temporary Shared Key to setup the LSA 2 • Mechanisms to setup LSAs can be of benefit to URP as an edge protocol (LSA between user and the Registration Agent or Access Router)

The Framework

LT-SA

URP Scope of LT-SA AAAl AAAc RA

Visited Domain

NAS FA AAAh Scope of LSA

3 • • Assumptions: a long term SA is shared between the user and its home domain long term SA used for: • • user/network authentication for generation of LSAs LT-SA Home Domain

4

TSK Features

• The Temporary Shared Key is securely established between the user and the visited domain • TSK allows subsequent: • user authentication without involvement of the home domain • network authentication without involvement of the home domain • establishment of secondary LSAs (e.g. MN-AR, MN-FA)

5

TSK Applicability

• applicable to any application, e.g.

• Mobile IPv4: – Authentication – Key distribution • Examples of key distribution scenarios • key distribution to FA (MIPv4) • • key distribution to HA in Foreign Domain (MIPv4) keys for User-AR: data protection over the access link

6

TSK Benefits

• Use of TSK reduces the signaling between the home and visited domains • • enables frequent user authentications Enables frequent refreshing of secondary LSAs • Use of TSK reduces the time delay of procedures (user authentication and key distribution)

7

draft-le-aaa-lsa-tsk-00.txt

• The TSK draft describes the procedures for: • TSK Establishment • TSK Distribution • TSK Update • TSK Revocation

8

TSK and URP

• • • • • Draft-le-aaa-lsa-tsk-00.txt describes the exchange of information between the user and the visited and home domains No protocol is specified to carry such information URP is a good candidate Usage of LSA empowers URP as edge protocol Relation between URP and AAA from the point of view of LSA • Registration Agent is AAAc

9

Conclusion

• A potential mechanism for URP to setup a Local Security Association between the user and the visited/access network: the TSK • TSK as the mechanism used together with URP to setup LSA