Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[STDS-802-16-MOBILE] [security] About Security Context Transfer Contribution for fast re-authentication



As you remember, during F2F meeting we had discussion on pre-authentication and fast reauthentication. And with pre-authentication, key is refreshed between MSS and BS. But with fast authentication, Target BS and MSS may use AK/TEK keys transferred from serving BS. And people in the F2F meeting made a consensus on supporting both pre-authentication and fast re-authentication. That's what I remember from the meeting and I checked with Junhyuk. So MSS/BS AK keying may not be unique and transferred AK/TEK may be used transparently between MSS and target BS. But in this case, it's better for target BS and MSS renegotiate PKM when MSS and target BS recongise on-going traffic does not flow for the time being not to interrupt handoff.
 
Due to the over-burden of pre-authentication(e.g. database runout due to huge amount of AK/TEKs and respective timer for just one MSS, two pairs of AK/TEKs in BS_1, BS_2, BS_ActiveBSSet, and then after movement of MSS to another BS, AK/TEK sets in BS_10, BS_11, BS_ActiveBSSet2), and lots of radio message transaction and backbone messages, it's better for operators to decide which one be used. So pre-authentication and fast re-authentication should optionally be supported.
 
So from this perspective, Junhyuk suggested me to put some text on the fast re-authentication section. Any comment on this or C80216e-04_50r1 is appreciated. Thanks.
 
 
[Phil] Much of the contributions discussion on transferability of AK is not true.  Each MSS/BS AK keying must be unique (see C80216e-04/200) to maintain paired/private keying, or else you are useing public keying, a completely different level of security and different set of administration issues.  However, incorporating SAID_Update along with CID_Update in 6.3.2.3.8 is a good idea, and is transferable, thought the language needs scrubbing.  The proposed language for 6.3.20.4, 6.3.2.3.5, 6.3.2.3.6 and 11.5 needs to be harmonized with C80216e-04/144 as it duplicates changes and language in that contribution.  Need substantial revision to D.2.5 to transfer only permissible security elements.
 
==================================
Donnie Dongkie Lee
Seorindong 99, JongRoGu
Seoul, Korea
SK Telecom
Phone: +82-2-6323-3147
Mobile: +82-11-758-4359
E-Mail: galahad@nate.com
           galahad@netsgo.com
==================================