[STDS-802-16-MOBILE] [handoff] Security requirements in handover (or vice-versa) [resend]
All,
This is a resend (previous mail was not formatted right).
Apropos the handover-levels discussion, here is a list of the levels of
authentication and key-establishment that are necessary on various
kinds of network entry:
Level 1) Full Authentication
----------------------------------------------------
- At this level there is full Authentication and full Traffic
Encryption Key Establishment
- This level is necessary in
* initial network entry
* post-HO reentry to a BS that only supports PKMv1
Level 2) AK establishment handshake and TEK establishment only
-----------------------------------------------------
- At this level, BS and SS conduct PKM-Establish-Key-Req /
PKM-Establish-Key-Reply/PKM-Establish-Key-Confirm
- KeyReq/Rsp for TEKs is required
- Full authentication is omitted/not needed
- This level is done after handover in the case that the SS and
BS share a Master Key that they obtained via one of:
* Preauthentication (ie. direct authentication of MSS
to Target BS via backbone before HO)
* Backbone Transfer of Derived Security Context
Level 3) Continue using security context,
-------------------------------
- no PKM exchanges needed whatsoever
- This appears to be possible only in the case of
"inter-sector HO", and even then only in the case
of "make-before-break"
Reentry after a drop will probably require level 2).
This scheme appears compatible with the HO Adhoc's taxonomy, even if
it's not precisely the same.
Regards,
- Jeff Mandin
Security Adhoc Chair