Handover and Application Keying and Pre-authentication (hoakey)

Handover latency is one of the biggest problems in mobile networks.
Network access authentication and key management is one of the major
contributors of the handover latency and needs to be optimized as much
as possible.  Today several SDOs (Standard Development Organizations)
are solving the handover latency problem by grouping access points
under a single authenticator to address intra-authenticator handover
problem (i.e., handover between access points associated with a single
authenticator).  But they do not solve the inter-authenticator
handover problem (handover between access points associated with
different authenticators).  Inter-authenticator handover optimization
can be realized by two approaches.  One approach is based on the
mobile node proactively authenticating to the target authenticator
through the currently serving network by running EAP.  The other
approach is based on deriving keys to be used with the target
authenticator from the keying material generated from an existing EAP
session.  The former and latter approaches are referred to as
pre-authentication and handover keying, respectively.

Another class of problem in mobile networks is application keying.
Usually establishment of full application service involves execution
of various network signaling protocols, e.g., Mobile IP and IMS.  Many
of these protocols rely on a set of security associations for
protecting their signaling messages.  However, those protocols require
multiple protocol transactions for bootstrapping their security
associations.  Application keying optimization can be achieved by
generating keys needed for those applications from EAP-based network
access authentication.


Deliverables
------------

o Handover keying hierarchy draft (informational)
				   
  Keying hierarchy, functional model, key derivation, requirements for
  key caching and distribution including key scoping and channel
  binding for handover keying.

o Handover keying protocol requirements draft (informational)

  Requirements of a new protocol or new options/attributes for
  existing protocols for enabling a target authenticator to obtain
  handover keys.

o Application keying hierarchy draft (informational)

  Keying hierarchy, functional model, key derivation, requirements for
  key caching and distribution including key scoping and channel
  binding for application keying.

o Application keying protocol requirements draft (informational)

  Requirements of new options/attributes for existing protocols for
  enabling application keying.

o Pre-authentication protocol requirements draft (informational)

  Requirements of new options/attributes for existing protocols for
  enabling a target authenticator to obtain handover keys using a
  pre-authentication protocol that runs EAP between a mobile node an a
  target authenticator.


Agenda

Agenda bashing 				5 min
Introduction				5 min
Handover Keying				15 min
Pre-Authentication			15 min
Application keying			15 min
EAP keying gap analysis			10 min
Scope/non-scope/deliverables		10 min
Charter discussion