Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)

Salowey, Joseph; Dondeti, Lakshminath; Narayanan, Vidya; Nakhjiri, Madjid

doi:10.17487/rfc5295

Cited by 50 publications

(69 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, recent work (see, for example, [RFC5295]) has specified methods to derive other keys from the keying material created during EAP method execution that may require transport in addition to the Master Session Key (MSK). Also, the EAP Re-authentication Protocol (ERP) [RFC6696] specifies new keys that may need to be transported between Diameter nodes.…”

Section: Methods (For Example Eap-tls [Rfc5216])mentioning

confidence: 99%

Diameter Attribute-Value Pairs for Cryptographic Key Transport

Cakulev¹,

Zorn²

2012

View full text Add to dashboard Cite

Section: Methods (For Example Eap-tls [Rfc5216])mentioning

confidence: 99%

Diameter Attribute-Value Pairs for Cryptographic Key Transport

Cakulev¹,

Zorn²

2012

View full text Add to dashboard Cite

“…When the default SK-generation procedure specified in this document is used, the peer side that provides the SK to the IKEv2 peer, as well as the Diameter server, SHALL use the same SK derivation that follows the methodology similar to that specified in Section 3.1 of [RFC5295], specifically: SK = KDF(PSK, key label | "\0" | Ni | Nr | IDi | length)…”

Section: Support For Ikev2 and Shared Keysmentioning

confidence: 99%

Diameter IKEv2 SK: Using Shared Keys to Support Interaction between IKEv2 Servers and Diameter Servers

Cakulev¹,

Lior²

2012

View full text Add to dashboard Cite

“…By definition, any key-generating EAP method derives a Master Session Key (MSK) and an Extended Master Session Key (EMSK). [RFC5295] reserves the EMSK for the sole purpose of deriving root keys that can be used for specific purposes called usages. In particular, [RFC5295] defines how to create a usagespecific root key (USRK) for bootstrapping security in a specific application, a domain-specific root key (DSRK) for bootstrapping security of a set of services within a domain, and a usage-specific DSRK (DSUSRK) for a specific application within a domain.…”

Section: Introductionmentioning

confidence: 99%

“…[RFC5295] reserves the EMSK for the sole purpose of deriving root keys that can be used for specific purposes called usages. In particular, [RFC5295] defines how to create a usagespecific root key (USRK) for bootstrapping security in a specific application, a domain-specific root key (DSRK) for bootstrapping security of a set of services within a domain, and a usage-specific DSRK (DSUSRK) for a specific application within a domain. [RFC5296] defines a re-authentication root key (rRK) that is a USRK designated for re-authentication.…”

Section: Introductionmentioning

confidence: 99%

Distribution of EAP-Based Keys for Handover and Re-Authentication

Nakhjiri¹,

Ohba²,

Hoeper³

2010

Self Cite

View full text Add to dashboard Cite

This document describes an abstract mechanism for delivering root keys from an Extensible Authentication Protocol (EAP) server to another network server that requires the keys for offering security protected services, such as re-authentication, to an EAP peer. The distributed root key can be either a usage-specific root key (USRK), a domain-specific root key (DSRK), or a domain-specific usagespecific root key (DSUSRK) that has been derived from an Extended Master

show abstract

Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)

Cited by 50 publications

References 9 publications

Diameter Attribute-Value Pairs for Cryptographic Key Transport

Diameter Attribute-Value Pairs for Cryptographic Key Transport

Diameter IKEv2 SK: Using Shared Keys to Support Interaction between IKEv2 Servers and Diameter Servers

Distribution of EAP-Based Keys for Handover and Re-Authentication

Contact Info

Product

Resources

About