Protocol Overview – Salient Points Handover Master Key (HMK) Derivation Done using EAP AMSK at time of power-up or first network access As defined in the EAP Key Management Framework HMK derived at the MN and AAA (EAP) Server Not transported anywhere else Handover Key (HK) Derivation HK = HMAC-SHA1(HMK, AR ID | MN ID | AAA-MN Nonce, “Handover Key”) HK derived with each AR HK may be derived with target ARs through current AR (i.e., pre-authentication before handoff) When AR list is available through proxy router advertisements or L2 Useful when MN changes subnets rather quickly Lifetime value provided by AAA server; enforced by AR and MN MN verifies HK with AR after handoff if pre-authentication was used Used to bind HK to CoA of MN and to verify key is valid at AR Need not be a “MUST” if an SPI can be used in the FBU |