Verizon Wireless Dynamic Mobile IP Key Update for cdma2000(R) Networks
RFC 4784

Document Type RFC - Informational (June 2007; No errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html bibtex
Reviews
Stream ISE state (None)
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4784 (Informational)
Telechat date
Responsible AD Jari Arkko
Send notices to <fquick@qualcomm.com>, <Christoper.Carroll@verizonwireless.com>
Network Working Group                                         C. Carroll
Request for Comments: 4784                              Ropes & Gray LLP
Category: Informational                                         F. Quick
                                                           Qualcomm Inc.
                                                               June 2007

             Verizon Wireless Dynamic Mobile IP Key Update
                       for cdma2000(R) Networks

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

IESG Note

   This document describes an existing deployed technology that was
   developed outside the IETF.  It utilizes the RADIUS Access-Reject in
   order to provision service, which is incompatible with the RADIUS
   protocol, and practices the sharing of secret keys in public-key
   cryptosystems, which is not a practice the IETF recommends.  The IESG
   recommends against using this protocol as a basis for solving similar
   problems in the future.

Abstract

   The Verizon Wireless Dynamic Mobile IP Key Update procedure is a
   mechanism for distributing and updating Mobile IP (MIP) cryptographic
   keys in cdma2000(R) networks (including High Rate Packet Data, which
   is often referred to as 1xEV-DO).  The Dynamic Mobile IP Key Update
   (DMU) procedure occurs between the MIP Mobile Node (MN) and RADIUS
    Authentication, Authorization and Accounting (AAA) Server via a
   cdma2000(R) Packet Data Serving Node (PDSN) that is acting as a
   Mobile IP Foreign Agent (FA).

   cdma2000(R) is a registered trademark of the Telecommunications
   Industry Association (TIA).

Carroll & Quick              Informational                      [Page 1]
RFC 4784                 Dynamic MIP Key Update                June 2007

Table of Contents

   1. Introduction ....................................................3
      1.1. Conventions Used in This Document ..........................3
   2. Basic Dynamic MIP Key Update Mechanism ..........................3
      2.1. RSA Encrypted Key Distribution .............................4
      2.2. Mutual Authentication (1X) .................................5
      2.3. Encrypted Password Authentication ..........................8
   3. Dynamic MIP Key Update Advantages over OTASP ...................10
   4. Detailed DMU Procedure Description and Requirements ............10
      4.1. RSA Public Key Cryptography ...............................11
      4.2. Other Public Key Algorithms ...............................11
      4.3. Why No Public Key Infrastructure (PKI)? ...................11
      4.4. Cryptographic Key Generation ..............................12
      4.5. MIP_Key_Data Payload ......................................12
      4.6. RSA Key Management ........................................13
      4.7. RADIUS AAA Server .........................................14
      4.8. MN (Handset or Modem) .....................................16
      4.9. PDSN / Foreign Agent (FA) .................................19
      4.10. Home Agent (HA) ..........................................20
      4.11. DMU Procedure Network Flow ...............................20
   5. DMU Procedure Failure Operation ................................25
   6. cdma2000(R) HRPD/1xEV-DO Support ...............................28
      6.1. RADIUS AAA Support ........................................28
      6.2. MN Support ................................................29
      6.3. Informative: MN_Authenticator Support .....................30
   7. Security Considerations ........................................31
      7.1. Cryptographic Key Generation by the MN ....................31
      7.2. Man-in-the-Middle Attack ..................................31
      7.3. RSA Private Key Compromise ................................32
      7.4. RSA Encryption ............................................32
      7.5. False Base Station/PDSN ...................................32
      7.6. cdma2000(R) 1X False MN ...................................32
      7.7. HRPD/1xEV-DO False MN .....................................32
      7.8. Key Lifetimes .............................................32
      7.9. Network Message Security ..................................33
   8. Verizon Wireless RADIUS Attributes .............................33
   9. Verizon Wireless Mobile IP Extensions ..........................34
   10. Public Key Identifier and DMU Version .........................36
   11. Conclusion ....................................................40
   12. Normative References ..........................................41
   13. Informative References ........................................41
Show full document text