Networking Working Group Q.Wu Internet Draft Huawei Intended status: Standard Track May 20, 2009 Expires: November 2009 Diameter support for local key transport protocol between local server and home AAA server draft-wu-dime-local-keytran-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on November 20, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Wu Expires November 20, 2009 [Page 1] Internet-Draft Diameter support for Local key transport May 2009 Abstract In [RFC5296], USRK is provided by the Home EAP server to the local domain server and used to derive a re-authentication Root Key, this document specifies the transport of the DSRK using the Diameter EAP Application. Table of Contents 1. Introduction.................................................2 2. Terminologies and Conventions................................3 3. Diameter Support for Local Key transport.....................3 3.1. Protocol Overview.......................................3 3.2. Example of local key transport..........................4 3.3. Example of re-auth key transport........................5 4. Command Codes................................................6 5. Attribute Value Pair Definitions.............................6 5.1. EAP-Local-Domain Name AVP...............................6 5.2. EAP-DSRK AVP............................................6 5.3. EAP-DSRK-Name AVP.......................................6 5.4. EAP-DSRK-Lifetime AVP...................................6 5.5. EAP-rMSK AVP............................................6 5.6. EAP-rMSK-Name AVP.......................................7 5.7. EAP-rMSK-Lifetime AVP...................................7 6. AVP Occurrence Table.........................................7 7. Security Considerations......................................7 8. IANA Considerations..........................................7 9. References...................................................8 9.1. Normative References....................................8 9.2. Informative References..................................8 10. Acknowledgments.............................................8 1. Introduction [RFC 5296] defines the EAP Re-authentication Protocol to allow faster re-authentication of a previously authenticated peer. [RFC 4187] describes one Fast Re-authentication mechanism to make EAP AKA procedure faster and reduce the load of authentication center. These mechanisms are both based on the keys derived on the preceding full authentication. Thus the local AAA server in the visited domain visited by the peer needs not communicate with the home AAA server in the home domain. A Domain Specific Root Key (DSRK) derived from the EMSK, as defined in the [RFC 5295] can be used for bootstrapping security of a set of services within a domain. Also as described in [RFC5296], USRK is Wu Expires November 20, 2009 [Page 2] Internet-Draft Diameter support for Local key transport May 2009 provided by the Home EAP server to the local domain server, Furthermore, a re-authentication Root Key may be derived from a Domain Specific Root Key (DSRK), for that purpose, this document specifies the transport of the DSRK using the Diameter EAP Application. 2. Terminologies and Conventions In examples, "C:" and "S:" indicate lines sent by the client and server respectively. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119. 3. Diameter Support for Local Key transport 3.1. Protocol Overview Before the local AAA server request DSRK from the home Diameter Server, We assume the peer know the domain name of local domain. A local AAA server, collocated with a Diameter proxy in the domain visited by the peer, may request a DSRK from the home Diameter server by sending domain name, in the initial full EAP exchange. This is done by including the EAP-DSRK-Domain Name AVP in the Diameter EAP Request (DER) message. The EAP-DSRK-Domain Name AVP contains the domain or server identity required to derive the DSRK. In successful case, the DSRK is carried by the EAP-DSRK AVP in the Diameter EAP Answer (DEA) message. Along with the EAP-DSRK AVP, an EAP- DSRK-Name AVP MUST be used to send the DSRK's keyname and an EAP- DSRK- Lifetime AVP MUST be used to send the DSRK's lifetime. Wu Expires November 20, 2009 [Page 3] Internet-Draft Diameter support for Local key transport May 2009 3.2. Example of local key transport +--------------+ +--------------+ +----+ +------+ | Proxy AAA | | Home Diameter| |Peer| | NAS | |(Local Server)| | Server | +--+-+ +---+--+ +------|-------+ +----+---------+ EAP REQ/Identity | | |<---------| | | EAP RSP/Identity | | |---------> | | | DER([Local Domain Name])| | | |----------------->|DER(local Domain Name)| | | |--------------------->| | | | | | | | | | | | | | | DEA(DSRK,USRK-Name, Diameter Success) | DEA(Diameter Success)|<-------------------- | EAP Success|<-----------------| | |<---------| | | | | | | | | | | | | | Figure 1: Example of local key transport Assume the peer has known the domain name associated with local domain server. As regarding how the domain name is discovered by the peer is beyond scope of this document. Firstly the peer sends EAP RSP/Identity message containing domain name or domain Identity to the home Diameter Sever to trigger USRK request. The EAP-RSP/Identify message is encapsulated in an EAP-Local-Domain-Name AVP of a Diameter EAP Request (DER) message by the NAS and sent to the Diameter server. Intermediate Proxy AAA's may perform routing and forwarding functions. The Diameter Server process the EAP RSP/Identity message in accordance with [RFC4072] and responds with EAP Success message with DSRK included. The Diameter Server must encapsulate the EAP Success in the EAP-DSRK AVP of a Diameter EAP Answer(DEA)message. Wu Expires November 20, 2009 [Page 4] Internet-Draft Diameter support for Local key transport May 2009 3.3. Example of re-auth key transport (Editor's Note: it is not clear whether the re-auth key transport should be incorporated into the ongoing draft-ietf-dime-erp-00) +------+ +------+ +--------+ | Peer | | NAS | |Local ER| +--+---+ +--+---+ +---+----+ | | | EAP-Initiate/Re-auth([Local Domain | |----------------->| | Name Req],Keyname-NAI)| | | DER(Re-auth,[Local Domain Name Req] | |----------------------->| | | ,Keyname-NAI) | | | +----+ | | |DSRK| | | +--+-+ | | +--------+----------+ | | |Derive rRK,rIK,rMSK| | | +-------------------+ | | DEA(Local Domain name, | | |<-----------------------| | +----+rMSK,Diameter Finish | | |rMSK| | | +----+ | EAP-Finish(Local Domain Name) | |<-----------------| | +------------+ | | |Derive DSRK | | | |rRK,rIK,rMSK| | | +----+-------+ | | Figure 2: Re-auth Key transport If the peer does not know the local domain name, ERP exchange can be run to help the peer obtain the local domain name. The peer requests the local ER for the local domain name by sending EAP Initiate/Re-auth message. The message includes the local domain name request that indicate to query the local domain name from the local server or the home ER server. The local ER server receives DSRK using local key transport mechanism described in the section 3.2 and derive the rRK,rIK and RMSK using DSRK as the input, forward the Diameter EAP Finish to the NAS, the local domain name and the rMSK is sent along with the EAP success in the DEA message. The NAS receives the rMSK and forward the EAP-Finish the peer with the local domain name included. The peer extracts the local domain name from EAP Finish message and derive the DSRK,rRK,rIK and rMSK. Wu Expires November 20, 2009 [Page 5] Internet-Draft Diameter support for Local key transport May 2009 (Editor's Note: it is not clear whether we extend DER/EEA or define new Command Code to accommodate the two new EAP code,i.e.,EAP Initiate/Finish ) 4. Command Codes This document re-uses the EAP application commands [RFC4072] and does not define new command codes. 5. Attribute Value Pair Definitions This section defines new AVPs for the ERP support within Diameter EAP Application. 5.1. EAP-Local-Domain Name AVP The EAP-DSRK-Domain Name is of type OctetString. This AVP contains the domain name associated with local domain server which the EAP DSRK is transported to. 5.2. EAP-DSRK AVP The EAP-DSRK AVP (AVP Code TBD) is of type OctetString. This AVP contains keying material to be used by the visited domain (i.e. the DSRK). Exactly how this keying material is derived and utilized is beyond the scope of this document. 5.3. EAP-DSRK-Name AVP The EAP-DSRK-Name AVP (AVP Code TBD) is of type OctetString. This AVP contains the EMSKname as a default name or USRKname which uniquely identifies the keying material. How this name is derived is beyond the scope of this document and defined in [RFC 5295]. 5.4. EAP-DSRK-Lifetime AVP The EAP-DSRK-Lifetime AVP (AVP Code TBD) is of type Unsigned64 and contains the DSRK lifetime in seconds. 5.5. EAP-rMSK AVP The EAP-rMSK AVP (AVP Code TBD) is of type OctetString. This AVP contains keying material to be used the peer and the authenticator in the visited domain. Exactly how this keying material is derived and utilized is beyond the scope of this document. Wu Expires November 20, 2009 [Page 6] Internet-Draft Diameter support for Local key transport May 2009 5.6. EAP-rMSK-Name AVP The EAP-rMSK-Name AVP (AVP Code TBD) is of type OctetString. This AVP contains the EMSKname as a default name or rMSKname which uniquely identifies the keying material. How this name is derived is beyond the scope of this document and defined in [RFC 5295]. 5.7. EAP-rMSK-Lifetime AVP The EAP-rMSK-Lifetime AVP (AVP Code TBD) is of type Unsigned64 and contains the rMSK lifetime in seconds. 6. AVP Occurrence Table The following table lists the AVPs that may optionally be present in the DER and DEA commands [RFC4072]. +---------------+ | Command-Code | +-+-----+-----+-+ Attribute Name | DER | DEA | -------------------------------|-----+-----+ EAP-Local Domain Name | 1 | 0-1 | EAP-DSRK | 0 | 0-1 | EAP-DSRK-Name | 0 | 0-1 | EAP-DSRK-Lifetime | 0 | 0-1 | EAP-rMSK | 0 | 0-1 | EAP-rMSK-Name | 0 | 0-1 | EAP-rMSK-Lifetime | 0 | 0-1 | +-----+-----+ Figure 3: DER and DEA Commands AVP Table When the EAP-DSRK AVP is present in the DEA then the EAP-DSRK-Name and the EAP-DSRK-Lifetime MUST also be present. 7. Security Considerations The security considerations specified in [RFC 4072], and [RFC 3588] are applicable to this document. 8. IANA Considerations This document requires IANA registration of the following new AVPs to the AVP registry established by RFC 3588 [3]: o EAP-Local-Domain-Name Wu Expires November 20, 2009 [Page 7] Internet-Draft Diameter support for Local key transport May 2009 o EAP-DSRK o EAP-DSRK-Name o EAP-DSRK-Lifetime o EAP-rMSK o EAP-rMSK-Name o EAP-rMSK-Lifetime 9. References 9.1. Normative References [RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP Re- authentication Protocol (ERP)", RFC 5296, August 2008. [RFC4187] Arkko, J. and H. Haverinen, "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)", RFC 4187, January 2006. [RFC5295] Salowey, J., Dondeti, L., Narayanan, V., and M. Nakhjiri, "Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)", RFC 5295, August 2008 [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 9.2. Informative References 10. Acknowledgments Many thanks to DIME members for their comments. Wu Expires November 20, 2009 [Page 8] Internet-Draft Diameter support for Local key transport May 2009 Authors' Addresses Qin Wu Huawei Technologies Co.,Ltd. Site B, Floor 12F,Huihong Mansion, No.91,Baixia Rd. Phone: +86-25-84565892 Email: sunseawq@huawei.com Wu Expires November 20, 2009 [Page 9]