Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)
RFC 5295
Network Working Group J. Salowey
Request for Comments: 5295 Cisco Systems
Updates: 5247 L. Dondeti
Category: Standards Track V. Narayanan
Qualcomm, Inc
M. Nakhjiri
Motorola
August 2008
Specification for the Derivation of Root Keys
from an Extended Master Session Key (EMSK)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
The Extensible Authentication Protocol (EAP) defined the Extended
Master Session Key (EMSK) generation, but reserved it for unspecified
future uses. This memo reserves the EMSK for the sole purpose of
deriving root keys. Root keys are master keys that can be used for
multiple purposes, identified by usage definitions. This document
also specifies a mechanism for avoiding conflicts between root keys
by deriving them in a manner that guarantees cryptographic
separation. Finally, this document also defines one such root key
usage: Domain-Specific Root Keys are root keys made available to and
used within specific key management domains.
Salowey, et al. Standards Track [Page 1]
RFC 5295 EMSK Root Key Derivation August 2008
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Applicable Usages of Keys Derived from the EMSK . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Cryptographic Separation and Coordinated Key Derivation . . . 6
3. EMSK Key Root Derivation Framework . . . . . . . . . . . . . . 7
3.1. USRK Derivation . . . . . . . . . . . . . . . . . . . . . 8
3.1.1. On the KDFs . . . . . . . . . . . . . . . . . . . . . 9
3.1.2. Default KDF . . . . . . . . . . . . . . . . . . . . . 9
3.2. EMSK and USRK Name Derivation . . . . . . . . . . . . . . 10
4. Domain-Specific Root Key Derivation . . . . . . . . . . . . . 11
4.1. Applicability of Multi-Domain Usages . . . . . . . . . . . 12
5. Requirements for Usage Definitions . . . . . . . . . . . . . . 13
5.1. Root Key Management Guidelines . . . . . . . . . . . . . . 13
6. Requirements for EAP System . . . . . . . . . . . . . . . . . 14
7. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7.1. Key Strength . . . . . . . . . . . . . . . . . . . . . . . 15
7.2. Cryptographic Separation of Keys . . . . . . . . . . . . . 15
7.3. Implementation . . . . . . . . . . . . . . . . . . . . . . 15
7.4. Key Distribution . . . . . . . . . . . . . . . . . . . . . 16
7.5. Key Lifetime . . . . . . . . . . . . . . . . . . . . . . . 16
7.6. Entropy Consideration . . . . . . . . . . . . . . . . . . 16
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
8.1. Key Labels . . . . . . . . . . . . . . . . . . . . . . . . 17
8.2. PRF Numbers . . . . . . . . . . . . . . . . . . . . . . . 18
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
10.1. Normative References . . . . . . . . . . . . . . . . . . . 19
10.2. Informative References . . . . . . . . . . . . . . . . . . 19
Salowey, et al. Standards Track [Page 2]
RFC 5295 EMSK Root Key Derivation August 2008
1. Introduction
This document deals with keys generated by authenticated key exchange
mechanisms defined within the EAP framework [RFC3748]. EAP defines
two types of keying material: a Master Session Key (MSK) and an
Extended Master Session Key (EMSK). The EAP specification implicitly
assumes that the MSK produced by EAP will be used for a single
purpose at a single device; however, it does reserve the EMSK for
future use. This document defines the EMSK to be used solely for
deriving root keys using the key derivation specified. The root keys
are meant for specific purposes called usages; a special usage class
is the Domain-Specific Root Keys made available to and used within
specific key management domains. This document also provides
guidelines for creating usage definitions for the various uses of EAP
Show full document text