Application Keying Scope of the work item

1
Application Keying Scope of the work item

• Kuntal Chowdhury
• Julien Bournelle
• Gerardo Giaretta

2
Problem Statement draft-chowdhury-hokey-amsk-ps-0
0.txt

• Network Operators may offer multiple services
• (IP network Access) (MN NAS)
• Mobile IPv4/IPv6 (MN HA/FA)
• SIP (MN xCSCF)
• PMIPv4/v6 (AR HA)
• Others ? (MN Service Equipment)
• Each of these services require Auth/Authz and SA
  setup (Node Node)

3
Multiple EAP Scenario

• EAP is used for Network Access Authentication in
  many networks today
• Re-run of multiple authentication/ bootstrapping
  transactions (EAP/ non-EAP from scratch for each
  services
• Increase network load
• Increase Session set-up latency for each services

4
Multiple EAP TransactionsExample Scenario-1,
Service Access
MIP Home Agent
AAA/EAP server
Inet
AR/FA
Service Equipment
MN/EAP Client
5
Multiple EAP TransactionsExample Scenario-2, Mip6
EAP/AAA Server
Home Agent
NAS
EAP
AAA-HA (EAP)
EAPoIKEv2
Bu
BA

• Bootstrapping solution in integrated scenario
• draft-ietf-mip6-bootstrapping-integrated-dhc-00
• two EAP runs are performed with the same EAP/AAA
  server

6
Rely on EAP Keying Framework

• Goal
• Avoid multiple EAP transactions
• How ?
• Rely on keys derived during network access
  authentication (cf. EMSK)
• Derive AMSK per application
• Distribute AMSK on request by the specific
  application or push it down as pre-configuration
  for known services

7
What is needed?

• Define how AMSKs are derived
• Define how AMSKs are distributed and Cached
• Push vs Pull Model ?
• Keys sent in Service Equipment
• Keys fetched by Service Equipment

8
Questions ?