3.2. Management of Symmetric Keys
In this section, we provide examples of some of the most prominent key management procedures being used today. It is of course not our intent to cover every imaginable method for symmetric keys. Other examples of key management procedures such as Mobile IP-AAA and public key infrastructure (PKI) certificates are provided in later chapters. It should also be mentioned that the tasks of key management and peer authentication are closely related and we now are witnessing a trend in combining the two. Since authentication is an expensive procedure, whenever possible, keys or keying materials for the following secure communications should be established in conjunction with the authentication process:
When authentication of a peer is performed by a central server, it is common that authentication and key generation happens at the server simultaneously and then the keys are transferred from the server to the client (peer) along with the indication of the successful authentication.
When key management happens through a peer-to-peer key agreement and independent of a main server, care must be taken so that neither peer establishes a trust relationship or keys with unknown or untrusted entities. For this reason well-designed key agreement methods also include an in-band mutual peer authentication.
3.2.1. EAP Key Management Methods
As mentioned earlier, combining authentication and key management procedure is an efficient exercise. A new trend is emerging ...
Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
