[STDS-802-16-MOBILE] [handoff] Security requirements in handover (or vice-versa)
Title:
All,
Apropos the handover-levels discussion, here is a list of the levels of
authentication and key-establishment: that are necessary on various
kinds of network entry:
Level 1) Full Authentication and full Traffic Encryption Key
Establishment -
necessary in
- initial network entry
- post-HO reentry to a BS that only supports PKMv1
Level 2) AK establishment handshake (ie.
BS and SS conduct
PKM-Establish-Key-Req/PKM-Establish-Key-Reply/PKM-Establish-Key-Confirm)
and TEK establishment only (ie. no full authentication)
This is done after handover in this case that the SS and BS
share a Master Key that they obtained via one of:
- Preauthentication (ie. direct authentication of MSS to
Target BS via backbone before HO)
- Backbone Transfer of Derived Security Context
Level 3) Continue using security context, no PKM exchanges needed
This appears to be possible only in the case of "inter-sector HO",
and
even then only in the case of "make-before-break"
Reentry after a drop would probably require level 2).
This scheme appears compatible with the HO Adhoc's taxonomy, even if
it't not precisely the same.
Regards,
- Jeff Mandin
Security Adhoc Chair