Kerberized Handover Keying: A Media-Independent Handover Key Management Architecture

This paper proposes a media-independent handover key management architecture that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. With the proposed architecture, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover.