Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-16-MOBILE] perform network entry if an AK lifetime timer / TEK lifetime time r expires?



Title: Message
The sentence is a little confusing. It seems to imply that an SS must re-enter the network and update its security key even if the SS had no interest in re-entering the network at that time. What the sentence is supposed to be saying is that, should the SS re-enter the network, it would not be able to abridge the normal PKM handshaking process (it would have to use the normal network entry process as in 6.3.9) because its security context will have expired. Of course even that statement is not completely true. Depending on SS and BS system timer settings, other SS context may still be valid on the BS at time of network re-entry allowing optimized network entry (perhaps omission of SBC-REQ and/or REG-REQ messages), but still requiring security re-keying.
 
.Need a little language scrubbing here/
 
Thanks,
Phil
 
----- Original Message -----
Sent: Thursday, February 03, 2005 6:56 PM
Subject: [STDS-802-16-MOBILE] perform network entry if an AK lifetime timer / TEK lifetime time r expires?

Is it necessary to perform network entry if an AK lifetime timer / TEK lifetime timer expires?
 
There is a paragraph in 7.1.3 that states:
 
An SA's keying material [e.g. Data Encrytion Standard (DES) key and CBC Initialization Vector] has a limited lifetime.  When the BS delivers SA keying material to an SS, it also provides the SS with that material's remaining lifetime.  It is the responsibility of the SS to request new keying material from the BS before the set of keying material that the SS currently holds expires at the BS.  Should the current keying material expire before a new set of keying material is received, the SS shall perform network entry as described in 6.3.9.  The PKM protocol specifies how SS and BS maintain key synchronization.
 
Thanks,
 
Steve