Ieee p802. 21m Media Independent Services Framework Project
Download 3.39 Mb.
|
8.6.1.18 MIS_LL_Auth request This message is used for an MISF to carry link layer frames to conduct an authentication. The correspond- ing primitive is defined in 7.4.28.1.
8.6.1.19 MIS_LL_Auth response This message is used for an MISF to carry link layer frames to conduct an authentication. The correspond- ing primitive is defined in 7.4.28.3.
MIS messages for event service MIS_Link_Detected indication The corresponding MIS primitive of this message is defined in 7.4.6. This message is transmitted to the remote MISF when a new link has been detected.
MIS_Link_Up indication The corresponding MIS primitive of this message is defined in 7.4.7. This notification is delivered from an MISF, when present in the PoA, to an MISF in the network when a layer 2 connection is successfully established with an MN.
MIS_Link_Down indication The corresponding MIS primitive of this message is defined in 7.4.8. This notification is delivered from an MISF, when present in the PoA, to an MISF in the network when a layer 2 connection with an MN is disconnected due to a certain reason.
MIS_Link_Parameters_Report indication The corresponding MIS primitive of this message is defined in 7.4.9. This message indicates changes in link conditions that have crossed pre-configured threshold levels. A pre- configured threshold level is set by the MIS_Link_Configure_Thresholds request message.
MIS_Link_Going_Down indication The corresponding MIS primitive of this message is defined in 7.4.10. This message is transmitted to the remote MISF when a layer 2 connectivity is expected (predicted) to go down within a certain time interval.
MIS_Link_Handover_Imminent indication (ISSUE: mark these sections as excluded) MIS_Link_Handover_Complete indication MIS messages for command service MIS_Link_Get_Parameters request The corresponding MIS primitive of this message is defined in 7.4.14.2. This message is used to discover the status of currently available links.
MIS_Link_Get_Parameters response The corresponding MIS primitive of this message is defined in 7.4.14.3. This message is used by an MISF to report the status of currently available links.
MIS_Link_Configure_Thresholds request The corresponding MIS primitive of this message is defined in 7.4.15.2. This message is used to configure thresholds of the lower layer link.
MIS_Link_Configure_Thresholds response The corresponding MIS primitive of this message is defined in 7.4.15.3. This message returns the status of a thresholds configuration request. The MISF generating this message generates MIS_Link_Parameters_Report indication message when the configured threshold is crossed.
MIS_Link_Actions request The corresponding MIS primitive of this message is defined in 7.4.16.1. This message is used to control the behavior of a set of lower layer links.
MIS_Link_Actions response The corresponding MIS primitive of this message is defined in 7.4.16.2. This message returns the result of an MIS_Link_Actions request.
MIS_Net_HO_Candidate_Query request (to be excluded) MIS_Net_HO_Candidate_Query response (to be excluded) MIS_M N_HO_Candidate_Query request (to be excluded) MIS_MN_HO_Candidate_Query response (to be excluded) MIS_N2N_HO_Query_Resources request (to be excluded) MI H_N2N_HO_Query_Resources response (to be excluded) MIS_MN_HO_Commit request (to be excluded) MIS_MN_HO_Commit response (to be excluded) MIS_Net_HO_Commit request (to be excluded) MIS_Net_HO_Commit response (to be excluded) MIS_N2N_HO_Commit request (to be excluded) MIS_N2N_HO_Commit response (to be excluded) MIS_MN_HO_Complete request (to be excluded) MIS_MN_HO_Complete response (to be excluded) MIS_N2N_HO_Complete request (to be excluded) MIS_N2N_HO_Complete response (to be excluded) MIS messages for information service MIS Information service uses only the following messages—MIS_Get_Information request, MIS_Get_Information response, and MIS_Push_Information. Due to the need to support different query types and the need for flexibility to customize the query and response, the parameters and their usage in these messages are substantially different from other MIS message parameters, and are therefore separately defined in the following subclauses. MIS_Get_Information request The corresponding MIS primitive of this message is defined in 7.4.25.1. This message is used by an MISF to retrieve a set of Information Elements provided by the information service. A single MIS_Get_Information request message carries only one query list. However, there can be multiple queries in that list in the order of the most preferred query first.
MI H_Get_Information response The corresponding MIS primitive of this message is defined in 7.4.25.3. This is used as a response to the MIS_Get_Information request message. The total response message size shall not exceed the value indicated in the Max Response Size TLV of corresponding MIS_Get_Information request message. The order of the query response shall be in the same order as the query requests.
MIS_Push_Information indication The corresponding MIS primitive of this message is defined in 7.4.26.1. This is an indication to push operator policies or other network information to the MN.
Xxx 9. MIS protocol protection This clause specifies options and mechanisms to protect remote messages in the media independent handover protocol. The remote messages in the MIS protocol can be protected through the transport protocols at layer 2 or layer 3. The protection through the transport protocols are discussed in Annex O. This clause specifies the mechanisms to protect MIS PDUs at the MIS layer. These mechanisms apply protection to MIS PDUs without depending on transport protocols. They are called MIS specific protection mechanisms. To apply MIS specific protection mechanisms, a MN and a point of service (PoS) need to negotiate protection mechanisms and to establish cryptographic keys. MIS message protection shall be accomplished in either of two ways. The first is to use TLS or DTLS and the other is to use EAP or ERP as an MIS service access authentication to establish MIS security associations (SAs). If MIS service access authentication is needed and an authentication server is available, then EAP based authentication and key establishment may be used for establishing an MIS SA. In situations where MIS service access authentication is not required and TLS credentials are available or where MIS service access authentication is required and TLS credentials for access authentication are available at a PoS, then (D)TLS may be used for establishing an MIS SA. 9.1 Protection established through MIS (D)TLS In this option, a MN, the client, and a PoS, the server, execute a TLS, specified in IETF RFC 5246, or DTLS, specified in IETF RFC 4347, to establish MIS protection. When the MIS protocol transport is reliable, TLS is used. Otherwise, DTLS is used. In the rest of this standard, (D)TLS is used to denote TLS or DTLS. In a (D)TLS handshake, the mutual authentication is executed through either a pre-shared key or a public key certified by a trusted third party such as a certificate authority. It should be noted that all certificates are required to be validated. The TLS certificate used by the PoS is expected to be provided to the MN in a secure manner, e.g., during provisioning process. In this option, the authentication may or may not be related to access control. It can be an access authentication for MIS service if a PoS holds service credentials for the MNs. After the handshake, a (D)TLS session is established. In this case, the TLS master key and the keys derived from the master key, all the TLS parameters, and TLS ciphersuite negotiated in the TLS handshake form an MIS SA. The (D)TLS security association identifier is carried in each message in the SAID TLV. In a (D)TLS session, an MIS message is first protected as application data. Then the (D)TLS record is transported by MIS protocol by security TLV. For a (D)TLS-generated MIS SA, it can be terminated through (D)TLS session termination using an MIS_Auth indication message. 9.2 Key establishment through an MIS service access authentication If MIS service is subscription based and provided by a service provider, then an MIS service access authentication may be needed to authorize the service to a MN. In this case, a PoS may obtain a master session key through service access authentication and an MIS security associations can be established through the master session key between the MN and the PoS. 9.2.1 MIS service access authentication In this standard, it is assumed that EAP [IETF RFC3748] or EAP Re-authentication (ERP) IETF RFC5296 is used as the authentication protocol with an MN as the peer and a PoS as the authenticator. An EAP server may be used as a backend server. For the interface between an MN and a PoS, the MIS protocol is acting as an EAP lower layer. That is, at the MN, an EAP message is generated at the MISF. When it reaches the PoS, the MISF in the PoS will process it. For an EAP message from the PoS to the MN, it will also be generated by the MISF in the PoS. At the MN, the EAP message is passed to the MISF to process. The protocol stack is illustrated in Figure 30, where it is assumed that an EAP server is employed. After a successful authentication, a master session key (MSK) is exported to the lower layer, that is, MIS layer. An MSK is used to further derive MIS message protection keys. EAP Peer / MN EAP Authenticator / PoS EAP Server/ AS MISF MISF EAP Method Layer EAP Peer layer EAP Method Layer EAP Authenticator Layer EAP Method Layer
EAP Authenticator Layer
EAP Layer EAP Layer EAP Layer MSK
MIS PDU MSK MSK MSK MSK
EAP lower-layer (MIS Protocol) EAP Lower-layer (MIS Protocol) AAA / IP AAA / IP
Download 3.39 Mb. Share with your friends:
|