Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)

To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
From: Jeff Mandin <jmandin@STREETWAVES-NETWORKS.COM>
Date: Thu, 10 Jun 2004 10:52:12 +0200
In-Reply-To: <95675B30CA0B90428D4B2749F3F9980002A6AB0B@light2>
References: <95675B30CA0B90428D4B2749F3F9980002A6AB0B@light2>
Reply-To: Jeff Mandin <jmandin@STREETWAVES-NETWORKS.COM>
Sender: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Vladimir,

By "pre-authentication" we have in mind full authentication by the MSS
to the Target BS - but performed in advance via the backbone.
Pre-authentication is a less "trusting" mechanism than Transfer of
Derived Context (and hence more appropriate in some situations eg.
inter-provider).

The association procedure doesn't include any authentication.

- Jeff

Vladimir Yanover wrote:

>Doesn't 802.16e already contain idea of coexisting of two mechanisms
>[Pre-authentication as a part of "association" and backbone transfer of
>context] ?
>
>-----Original Message-----
>From: Jeff Mandin
>To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
>Sent: 6/7/2004 8:40 PM
>Subject: [STDS-802-16-MOBILE] [security]  Pre-authentication discussion
>(resend)
>
> From the discussion about post-handoff authentication, there seems to
>be consensus in the adhoc for Jung-won's idea that two mechanisms will
>co-exist:
>
>    1)  Pre-authentication
>    2) Backbone Transfer of Derived Context (suitably secured obviously)
>
>I'd like to hear adhoc-ers' views on how generally to support
>pre-authentication in PKMv2.
>
>The mechanism we choose for supporting pre-authentication has
>potentially significant implications.  The requirements for pre-auth
>support would be:
>
>     1. Well-understood  behaviour
>
>     2. Facilitate pre-auth to a BS on the same provider or a different
>provider.
>
>     3. Enable establishment of the shared-secret Pairwise Master Key
>and determination of success/failure of the authentication
>
>     4. Do not preclude pre-auth to different media (via 802.21 or
>what-have-you).  Similarly, do not preclude pre-auth to an unadvertised
>neighbor.
>
>802.1X authentication satisfies all of these. The caveat is that for the
>moment 802.1X can only be used within a single IP subnet; but extending
>it to work over IP has been discussed a lot and seems trivial.
>
>
>- Jeff Mandin
>Security Adhoc Chair
>
>
>This mail passed through mail.alvarion.com
>
>************************************************************************
>************
>This footnote confirms that this email message has been scanned by
>PineApp Mail-SeCure for the presence of malicious code, vandals &
>computer viruses.
>************************************************************************
>************
>This mail was sent via mail.alvarion.com
>
>************************************************************************************
>This footnote confirms that this email message has been scanned by
>PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
>************************************************************************************
>
>
>

References:
- Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
  - From: Vladimir Yanover <vladimir.yanover@ALVARION.COM>

Prev by Date: Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussion (resend)
Next by Date: Re: [STDS-802-16-MOBILE] [Handoff] Servie Requirement related with HO
Prev by thread: Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
Next by thread: [STDS-802-16-MOBILE] [Handoff] Servie Requirement related with HO
Index(es):
- Date
- Thread