Transcript • IEEE 802.21 MEDIA INDEPENDENT HANDOVER • DCN:21-06-0727-01-0000 • Title: Proposal for IEEE 802.21 Study Group on Security Signaling Optimization during Handover • Date.

• IEEE 802.21 MEDIA INDEPENDENT HANDOVER
• DCN:21-06-0727-01-0000
• Title: Proposal for IEEE 802.21 Study Group on Security
Signaling Optimization during Handover
• Date Submitted: September 19, 2006
• Presented at IEEE 802.21 session in Melbourne
• Authors or Source(s):
• Yoshihiro Ohba (Toshiba), Subir Das (Telcordia),
• Madjid Nakhjiri (Huawei), Qiaobing Xie (Motorola),
• Junghoon Jee (ETRI), Soohong Daniel Park (Samsung)
• Abstract: This document proposes IEEE 802.21 Study Group on
Security Signaling Optimization during Handover
21-06-0727-01-0000
IEEE 802.21 presentation release statements
• This
document has been prepared to assist the IEEE 802.21 Working Group. It
is offered as a basis for discussion and is not binding on the contributing
•
•
individual(s) or organization(s). The material in this document is subject to
change in form and content after further study. The contributor(s) reserve(s)
the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in the
creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this
contribution; and at the IEEE’s sole discretion to permit others to reproduce in
whole or in part the resulting IEEE Standards publication. The contributor also
acknowledges and accepts that this contribution may be made public by IEEE
802.21.
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3
of
the
IEEE-SA
Standards
Board
Operations
Manual
<http://standards.ieee.org/guides/opman/sect6.html#6.3>
and
in
Understanding Patent Issues During IEEE Standards Development
http://standards.ieee.org/board/pat/guide.html>
21-06-0727-01-0000
Objectives
• Identify use cases in which security related signaling can add
major delay to handover
• Identify the security related handover issues and scenarios
that can be addressed within IEEE 802.21
• Investigate the feasibility of defining security signaling and
primitives in a media independent manner
• Investigate the feasibility of defining new security-related IEs
to be used by security signaling
• Investigate the feasibility of defining a new functional
element that involves in security signaling across multiple
access technologies
21-06-0727-01-0000
Scenario #1 (single interface)
AAA server
Core network
Target
Authenticator (TA)
Serving
Authenticator (SA)
Target
Network
Serving
network
21-06-0727-01-0000
MN
Serving network and target network
belong to different mobility domains
(e.g., different ESSes)
Scenario #2 (dual interface)
AAA server
Core network
Target
Authenticator (TA)
Serving
Authenticator (SA)
Target
Network
Serving
network
21-06-0727-01-0000
MN
Both interfaces are not always available
What is needed?
• Target authenticator discovery/information
• Triggers to initiate authentication with target authenticator
• Security signaling between MN and target authenticator via
serving authenticator and related primitives
• Mechanism to convert media-independent keys to mediaspecific keys
• Definition of generic security properties that can be mapped to
media-specific security parameters
• …
21-06-0727-01-0000
What is available?
•
IEEE 802.11r fast roaming with security
•
•
Optimized security signaling only within ESS
No support for inter ESS
•
802.1X requires to run a new EAP session while changing the point of
attachment
•
IEEE 802.21 MIH protocol does not have support for security
• Access authentication and key management is carried outside of MIH
protocol
•
IETF activities on HOAKEY (an expected WG) deals with requirements
for handover keying/EAP extension and pre-authentication
• IETF will not define primitives
• IETF work needs to be extended with L2 mechanisms to provide
complete handover security solution
21-06-0727-01-0000
Proposal
• Create a study group to investigate the issues and use case
scenarios in more details
• Consider scenarios whereby seamless handover is required
between two security domains and/or with multiple
heterogeneous network access technologies
• Identify the need for security signaling and primitives in a
media independent manner
• Hold joint meeting with IEEE 802 11r, 802.16e, etc. to discuss
and define the scope appropriately
21-06-0727-01-0000
Expected Output
• Document the security related issues that are critical for
handover optimization
•
Discuss IETF requirements on HOAKEY (Handover keying
and pre-authentication) and show how this activity can
complement such work
• Develop a draft PAR on security optimization
21-06-0727-01-0000
Existing Support for Active
Participation
• Yoshihiro Ohba (Toshiba America Research, Inc.)
• Subir Das (Telcordia)
• Madjid Nakhjiri (Huawei)
• Qiaobing Xie (Motorola)
• Junghoon Jee (ETRI)
• Soohong Daniel Park (Samsung)
21-06-0727-01-0000
References
• [RFC3748] B. Aboba, et al., “Extensible Authentication Protocol (EAP)”,
RFC 3748, June 2004.
• [HOKEY-PS] M. Nakhjiri, et al., “AAA based Keying for Wireless
Handovers: Problem Statement”, Internet-Draft, draft-nakhjiri-aaa-hokeyps-03, Work in Progress, June 2006.
• [EAPEXT-PS] L. Dondeti and V. Narayanan, “EAP Extensions Problem
Statement”, draft-dondeti-eapext-ps-00.txt, Work in Progress, June 2006.
• [PREAUTH-PS] Y. Ohba, et al., “Pre-authentication Problem Statement”,
Internet-Draft, draft-ohba-hokeyp-preauth-ps-00, Work in Progress, April
2006.
21-06-0727-01-0000