Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[STDS-802-16-MOBILE] [handoff] Security requirements in handover (or vice-versa)



Title:
All,

Apropos the handover-levels discussion, here is a list of the levels of authentication and key-establishment: that are necessary on various kinds of network entry:

Level 1) Full Authentication and full Traffic Encryption Key Establishment - necessary in

       - initial network entry
       - post-HO reentry to a BS that only supports PKMv1

Level 2)  AK establishment handshake (ie. BS and SS conduct PKM-Establish-Key-Req/PKM-Establish-Key-Reply/PKM-Establish-Key-Confirm) and TEK establishment only (ie. no full authentication)

    This is done after handover in this case that the SS and BS share a Master Key that they obtained via one of:

       -  Preauthentication (ie. direct authentication of MSS to Target BS via backbone before HO)
       -  Backbone Transfer of Derived Security Context

Level 3)  Continue using security context, no PKM exchanges needed

    This appears to be possible only in the case of "inter-sector HO", and even then only in the case of "make-before-break"

Reentry after a drop would probably  require  level 2).

This scheme appears compatible with the HO Adhoc's  taxonomy, even if it't not precisely the same.

Regards,

- Jeff  Mandin
Security Adhoc Chair