AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility
by Mahsa Nakhjiri, Madjid Nakhjiri
3.2. Management of Symmetric Keys
In this section, we provide examples of some of the most prominent key management procedures being used today. It is of course not our intent to cover every imaginable method for symmetric keys. Other examples of key management procedures such as Mobile IP-AAA and public key infrastructure (PKI) certificates are provided in later chapters. It should also be mentioned that the tasks of key management and peer authentication are closely related and we now are witnessing a trend in combining the two. Since authentication is an expensive procedure, whenever possible, keys or keying materials for the following secure communications should be established in conjunction with the authentication process:
When authentication of a peer is performed by a central server, it is common that authentication and key generation happens at the server simultaneously and then the keys are transferred from the server to the client (peer) along with the indication of the successful authentication.
When key management happens through a peer-to-peer key agreement and independent of a main server, care must be taken so that neither peer establishes a trust relationship or keys with unknown or untrusted entities. For this reason well-designed key agreement methods also include an in-band mutual peer authentication.
3.2.1. EAP Key Management Methods
As mentioned earlier, combining authentication and key management procedure is an efficient exercise. A new trend is emerging ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access