Reduce communication overhead

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.



     The primary goal of Pre-Shared Key Distribution Protocol is to reduce communication overhead and computational time of pre-shared keys. The PDP is designed to eliminate the number of packets dropped due to the expiration of Pre-Shared keys. This chapter discusses about 3GPP2 architecture in detail and, how Pre-Shared Key Distribution Protocol features help CDMA networks.


     3GPP2 is an enhanced network architecture which provides IP capabilities. This uses 3G high data rates and existing mobile IP work. The major advantage is that it provides private network access via a Mobile IP tunnel with IP security.

     The above diagram illustrates the reference model for access with Mobile IP in IMT-2000 networks. The figure shows the key elements that include RN, PDSN, FA RADIUS, Home RADIUS and HA. The interface between the RN and PDSN is a standard interface called the R-P (A10/A11) interface. The PDSN terminates multiple PPP sessions and forwards the IP traffic via tunnels into and out of the packet data core network. The HA is the Mobile IP tunnel anchor point for the PDSN/FA. This node interfaces with the PDSN/FA to accept Mobile IP registrations and with the home RADIUS server to perform the necessary authentication. The HA receives all the packets destined for the Mobile Node and tunnels them to PDSN/FA. In case of reverse tunnel it receives the packets from the Mobile Node via PDSN. The Foreign RADIUS resides in foreign network responsible for local accounting and authentication. It is also responsible for relaying accounting and authentication messages to Home RADIUS. The Foreign RADIUS locates Home RADIUS based on NAI. The Home RADIUS is the local RADIUS authentication and accounting repository for the home network. The Home RADIUS contains Mobile Node user profile and is queried by the HA upon receiving Mobile IP registrations. The communication between FA and Foreign RADIUS as well as HA and Home RADIUS is secure.

     In the context of Packet Data in the 3G network, foreign agent functions are located in the PDSN network element. When the mobile user wants to send packet data information, it has to establish a connection to a PDSN. This is a dedicated connection between the user and the network. During the PPP negotiation, the mobile node will request mobile IP services. Once authenticated, the PDSN establishes a connection with the user's home agent. The FA always routes and receives the user's packet from other IP networks through the home agent.

     The mobile terminal uses Mobile-IP-based protocols to identify itself. Foreign agent (FA) functionality resides in the Packet Data Serving Node (PDSN). When mobile node attaches to the FA, the FA sends a registration request to the Home Radius Server and Radius server responds with a pre-shared key and a Key Id in a reply message to FA. FA requests for service to HA using Key ID in favor of mobile terminal. The HA accesses the authorization, authentication, and accounting (AAA) (Home Radius server) server to authenticate mobile terminal. Then HA will establish a tunnel with FA to send packets destined to mobile terminal.

     When PDSN receives a MIP RRQ with a unicast HA IP address, it verifies if an active SA exists with the HA. If an SA is required and does not exist, PDSN checks for HA X.509 certificates. In case there is no HA X.509 certificate, it checks for a root certificate. If there are no certificates, the PDSN checks for a pre-shared secret for IKE. If no pre-shared secret exists and the user is authorized with IPSec Services, PDSN will send a RADIUS Access- Request message to the Home RADIUS server which in return sends a RADIUS Access Accept message with Key identifier and pre-shared secret for IKE to the PDSN.

3.2: The PDP Protocol

     The PDP Protocol is based on ‘S' key protocol which distributes the pre-shared key to PDSN and HA. The ‘S' key protocol has a few limitations. It falls apart due to the lifetime ambiguity in the design. The envisioned protocol addresses all the limitations of ‘S' key protocol. It provides a home security policy for the lifetime of pre-shared key. In PDP the ‘S' key is persistent across reboots of either Home RADIUS server or HA. PDP also provides a recovery mechanism to move to a new pre-shared key or a new ‘S' key when the current key is compromised.

     In 3GPP2 Mobile networks, the PDSN can have security association with any HA. Similarly the HA can have security association with any PDSN. If there is a security association between PDSN and HA then the Home RADIUS server distributes the pre-shared key to the PDSN and the ‘S' key to the HA. The assumption is that the Home RADIUS is the third-party entity, trusted by both the PDSN and the HA. The pre-shared key is based on ‘S' key and they are related by the following formula:

K = HMAC-MD5 (Home RADIUS IP address | FA IP address | timestamp, ‘S')

     ‘S' key is unique per Home RADIUS and HA pair. Therefore, the Home RADIUS server maintains ‘S' keys indexed by HA address. There can be multiple Home RADIUS servers per home domain. HA maintains ‘S' keys indexed by Home RADIUS address. The Home RADIUS server will use the same ‘S' key to generate pre-shared keys for all the PDSNs connecting to the same HA for the lifetime of ‘S' key. The PDSN maintains pre-shared key per HA and they are indexed by HA address.

     Both the pre-shared key and ‘S' key have lifetimes associated with them and they need not be the same.

3.3: PDSN requests the pre-shared-key from home RADIUS

     The home RADIUS distributes the pre-shared key to the PDSN by having the latter request the pre-shared key for a specific HA in an Access Request. PDSN shall maintain pre-shared keys indexed by HA address. PDSN can send Access Request for pre-shared key to Home RADIUS server either at the time of authentication of MIP RRQ or when the lifetime of the pre-shared key is expired. The first case occurs when the Mobile Node doesn't know the address of Home Agent or the pre-shared key is not present for the HA specified in RRQ. In cases where mobile node doesn't know the address of HA the Home RADIUS server specifies the address of the Home Agent for the Mobile Node in response to access request. The Home RADIUS will include it address in response to access request. In such a scenario PDSN may send access request to Home RADIUS for pre-shared key after knowing the HA. In another case, the PDSN may request for a new pre-shared key for a HA just before the time of expiry of the previous pre-shared key.

3.4: Home RADIUS generates pre-shared key

     When the home RADIUS server receives the access request with pre-shared key request attribute, it checks if IPSec service is authorized for that PDSN-HA pair. If so, it checks if there is an ‘S' key for that HA. If so it uses the ‘S' key to generate the pre-shared key and returns the pre-shared key and KeyID to the PDSN. The KeyID is a concatenation of the Home Radius IP address, PDSN IP address, and 2 time stamps. Time-stamp-1 is the time when pre-shared key was generated. Time-stamp-2 is the time when pre-shared key expires.

Pre-shared key formula:

Pre-shared key = HMAC-MD5 (Home Radius IP, PDSN IP,

timestamp-1, timestamp-2, timestamp-3, timestamp-4, ‘S' key)

     The value of timestamp-3 is time when ‘S' key was generated and the value of timestamp-4 is the time when ‘S' key is going to expire. If the ‘S' key is not present for the specific HA or the S. key is expired then Home RADIUIS server generates new ‘S' key. The Home RADIUS server maintains the previously generated ‘S' keys until the pre-shared keys generated by that ‘S' key is expired. This is to avoid lifetime ambiguity and also to return the ‘S' keys to HA in case HA lost the ‘S' key or HA is rebooted.

     The PDSN can send request for new pre-shared key before the current pre-shared key expires. This is to avoid latency. This can result in PDSN requesting multiple pre-shared keys for the same HA and getting multiple keys from the RADIUS. Thus at any point of time, there can be multiple valid pre-shared keys for a single PDSN-HA pair. What the PDSN chooses to do with these multiple keys is left as local implementation detail. It can always choose the latest key for IKE renegotiations or continue to use an old key till the time of expiry of the key. The fact that any key is uniquely identified by its KeyID which contains the time of generation and time of expiry of the key, removes any ambiguity about which key is being used.

     Home RADIUS server maintains the ‘S' keys indexed by HA address. The lifetime of the pre-shared key as well as ‘S' key lifetime is configured at Home RADIUS server. The Home RADIUS server dictates the lifetime of the pre-shared key and PDSN accepts this lifetime.

3.5: PDSN sends IKE request to HA

     PDSN sends IKE request to negotiate IPSEC policy and establish session keys if it is authorized to establish IPSEC session to HA. It includes the KeyID field returned by the Home RADIUS server in the identity payload field. It uses IPSEC Aggressive mode to establish IPSEC session with HA.

HA generates pre-shared-key

Once the HA receives IKE request, it validates the timestamp. In other words, it validates that the PDSN is not using an expired pre-shared key. If the KeyID is valid, the HA checks for the ‘S' key in its table indexed by Home RADIUS address. If the ‘S' key is not present or HA doesn't have the ‘S' key that was used to generate the pre-shared key, it sends an Access Request for Home RADIUS server to get the ‘S' key and the lifetime of the ‘S' key. The algorithm for identifying which ‘S' key was used to generate a particular pre-shared key will be explained in the next few paragraphs. The access request may contain optional key-id field.

     HA can also request for a new ‘S' key just before a previous ‘S' key is about to expire. This is to avoid latency. If the optional key-id field is absent in the Access Request, it implies HA is requesting for new ‘S' key. Otherwise, the presence of a KeyID in the Access Request instructs the Home RADIUS to return the ‘S' key used to generate the pre-shared key as per formula 1. The Home RADIUS server receives the request for ‘S' key from HA. It either returns the current ‘S' key and the lifetime of the ‘S' key to the HA or an old ‘S' key and its lifetime based on the key-id option. HA generates the pre-shared key based on key-id in the ID payload field of IKE. The lifetime of the ‘S' key is expressed in two timestamps. First timestamp is time at when ‘S' key was generated. Second timestamp is time when ‘S' key expires. HA uses the formula 1 to generate the pre-shared key.

     At any point of time, there is only one active ‘S' key. However the HA and the Home Radius server do maintain copies of previous old ‘S' keys for a given HA. This is because the lifetime of the pre-shared key may not be same as lifetime of ‘S' key. So if a PDSN sends an old KeyID during the IKE Aggressive Mode, the HA requires an old ‘S' key to generate the pre-shared key. Given the key-id and lifetime of ‘S' keys expressed in two time-stamps, identification of which ‘S' key to be used to generate pre-shared key can be done without any ambiguity. The method to determine which ‘S' key to generate pre-shared key based on KeyID is as follows.

     Extract the time-stamp1 that is the time at when pre-shared key was generated. Look for ‘S' key lifetime window in which time-stamp1 falls in to. Use that ‘S' key to generate the pre-shared key. There is no ambiguity in determining this ‘S' key. This is because unlike the pre-shared keys, at any point of time, there is only one active (valid) ‘S' key for a Home RADIUS/HA pair.

3.6: Key Compromise

     The PDP protocol has a built in mechanism for recovery if either the pre-shared key or the ‘S' key is compromised. The PDSN is not forced to use the pre-shared key for the lifetime specified by Home RADIUS server. It can request for new pre-shared key before the expiration of the present pre-shared key if it detects that the present pre-shared key has been compromised. The RADIUS server will accept the request and reply with new pre-shared key.

     HA and Home RADIUS server are connected by Intranet in home domain. If the Home RADIUS server detects that the ‘S' key is compromised then it notifies the HA. HA marks the ‘S' key entry as invalid and IKE negotiation always fails when PDSN uses the pre-shared key generated by an invalid ‘S' key. HA will return information payload to PDSN notifying that ‘S' key is expired. PDSN should try multiple times before it can conclude that ‘S' key is expired, as information payload is not secured by any SA. If the IKE negotiation at PDSN fails multiple times and reason for this is invalid pre-shared key then PDSN will send request to RADIUS sever for new pre-shared key.

     The Home RADIUS server sets the lifetime of the pre-shared key. The lifetime of pre-shared key does not have to be same or even related to the lifetime of the ‘S' key. However, the Home RADIUS server can limit the scope of the lifetime of pre-shared key to the lifetime of the ‘S' key, which is not required.