Kerberized handover keying

Yoshihiro Ohba, Subir Das, Ashutosh Dutta
2007 Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture - MobiArch '07  
This paper proposes a media-independent handover key management architecture that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. With the proposed architecture, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the
more » ... e node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for proactive mode of operation. It is also optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node. This paper discusses how the proposed architecture is applicable to the existing link-layer technologies including IEEE 802.11 and 802.16 and across multiple AAA domains. This paper also describes how Kerberos is bootstrapped from initial access authentication using an EAP method.
doi:10.1145/1366919.1366932 fatcat:tk3sm3uovjf5vdtdjhn5d5oakm