summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5609.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc5609.txt')
-rw-r--r--doc/rfc/rfc5609.txt1683
1 files changed, 1683 insertions, 0 deletions
diff --git a/doc/rfc/rfc5609.txt b/doc/rfc/rfc5609.txt
new file mode 100644
index 0000000..1d9ea86
--- /dev/null
+++ b/doc/rfc/rfc5609.txt
@@ -0,0 +1,1683 @@
+
+
+
+
+
+
+Network Working Group V. Fajardo, Ed.
+Request for Comments: 5609 Telcordia Technologies
+Category: Informational Y. Ohba
+ Toshiba
+ R. Marin-Lopez
+ Univ. of Murcia
+ August 2009
+
+
+ State Machines for
+ the Protocol for Carrying Authentication for Network Access (PANA)
+
+Abstract
+
+ This document defines the conceptual state machines for the Protocol
+ for Carrying Authentication for Network Access (PANA). The state
+ machines consist of the PANA Client (PaC) state machine and the PANA
+ Authentication Agent (PAA) state machine. The two state machines
+ show how PANA can interface with the Extensible Authentication
+ Protocol (EAP) state machines. The state machines and associated
+ models are informative only. Implementations may achieve the same
+ results using different methods.
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (c) 2009 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents in effect on the date of
+ publication of this document (http://trustee.ietf.org/license-info).
+ Please review these documents carefully, as they describe your rights
+ and restrictions with respect to this document.
+
+
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 1]
+
+RFC 5609 PANA State Machines August 2009
+
+
+Table of Contents
+
+ 1. Introduction ....................................................3
+ 2. Terminology .....................................................3
+ 3. Interface between PANA and EAP ..................................3
+ 4. Document Authority ..............................................5
+ 5. Notations .......................................................5
+ 6. Common Rules ....................................................6
+ 6.1. Common Procedures ..........................................6
+ 6.2. Common Variables ...........................................9
+ 6.3. Configurable Values .......................................10
+ 6.4. Common Message Initialization Rules .......................10
+ 6.5. Common Retransmission Rules ...............................10
+ 6.6. Common State Transitions ..................................11
+ 7. PaC State Machine ..............................................12
+ 7.1. Interface between PaC and EAP Peer ........................12
+ 7.1.1. Delivering EAP Messages from PaC to EAP Peer .......12
+ 7.1.2. Delivering EAP Messages from EAP Peer to PaC .......12
+ 7.1.3. EAP Restart Notification from PaC to EAP Peer ......13
+ 7.1.4. EAP Authentication Result Notification from
+ EAP Peer to PaC ....................................13
+ 7.1.5. Alternate Failure Notification from PaC to
+ EAP Peer ...........................................13
+ 7.2. Configurable Values .......................................13
+ 7.3. Variables .................................................14
+ 7.4. Procedures ................................................15
+ 7.5. PaC State Transition Table ................................15
+ 8. PAA State Machine ..............................................21
+ 8.1. Interface between PAA and EAP Authenticator ...............21
+ 8.1.1. EAP Restart Notification from PAA to EAP
+ Authenticator ......................................21
+ 8.1.2. Delivering EAP Responses from PAA to EAP
+ Authenticator ......................................22
+ 8.1.3. Delivering EAP Messages from EAP
+ Authenticator to PAA ...............................22
+ 8.1.4. EAP Authentication Result Notification from
+ EAP Authenticator to PAA ...........................22
+ 8.2. Variables .................................................23
+ 8.3. Procedures ................................................24
+ 8.4. PAA State Transition Table ................................24
+ 9. Implementation Considerations ..................................29
+ 9.1. PAA and PaC Interface to Service Management Entity ........29
+ 10. Security Considerations .......................................29
+ 11. Acknowledgments ...............................................29
+ 12. References ....................................................29
+ 12.1. Normative References .....................................29
+ 12.2. Informative References ...................................30
+
+
+
+
+Fajardo, et al. Informational [Page 2]
+
+RFC 5609 PANA State Machines August 2009
+
+
+1. Introduction
+
+ This document defines the state machines for the Protocol for
+ Carrying Authentication for Network Access (PANA) [RFC5191]. There
+ are state machines for the PANA Client (PaC) and for the PANA
+ Authentication Agent (PAA). Each state machine is specified through
+ a set of variables, procedures, and a state transition table. The
+ state machines and associated models described in this document are
+ informative only. Implementations may achieve similar results using
+ different models and/or methods.
+
+ A PANA protocol execution consists of several exchanges to carry
+ authentication information. Specifically, EAP PDUs are transported
+ inside PANA PDUs between PaC and PAA; that is, PANA represents a
+ lower layer for EAP. Thus, a PANA state machine bases its execution
+ on an EAP state machine execution and vice versa. Thus, this
+ document also shows for each of PaC and PAA an interface between an
+ EAP state machine and a PANA state machine and how this interface
+ allows to exchange information between them. Thanks to this
+ interface, a PANA state machine can be informed about several events
+ generated in an EAP state machine and make its execution conditional
+ to its events.
+
+ The details of EAP state machines are out of the scope of this
+ document. Additional information can be found in [RFC4137].
+ Nevertheless, PANA state machines presented here have been
+ coordinated with state machines shown by [RFC4137].
+
+ This document, apart from defining PaC and PAA state machines and
+ their interfaces to EAP state machines (running on top of PANA),
+ provides some implementation considerations, taking into account that
+ it is not a specification but an implementation guideline.
+
+2. Terminology
+
+ This document reuses the terminology used in [RFC5191].
+
+3. Interface between PANA and EAP
+
+ PANA carries EAP messages exchanged between an EAP peer and an EAP
+ authenticator (see Figure 1). Thus, a PANA state machine interacts
+ with an EAP state machine.
+
+ Two state machines are defined in this document: the PaC state
+ machine (see Section 7) and the PAA state machine (see Section 8).
+ The definition of each state machine consists of a set of variables,
+ procedures, and a state transition table. A subset of these
+ variables and procedures defines the interface between a PANA state
+
+
+
+Fajardo, et al. Informational [Page 3]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ machine and an EAP state machine, and the state transition table
+ defines the PANA state machine behavior based on results obtained
+ through them.
+
+ On the one hand, the PaC state machine interacts with an EAP peer
+ state machine in order to carry out the PANA protocol on the PaC
+ side. On the other hand, the PAA state machine interacts with an EAP
+ authenticator state machine to run the PANA protocol on the PAA side.
+
+ Peer |EAP Auth
+ EAP <---------|------------> EAP
+ ^ | | ^ |
+ | | | EAP-Message | | EAP-Message
+ EAP-Message | |EAP-Message | | |
+ | v |PANA | v
+ PaC <---------|------------> PAA
+
+ Figure 1: Interface between PANA and EAP
+
+ Thus, two interfaces are needed between PANA state machines and EAP
+ state machines, namely:
+
+ o Interface between the PaC state machine and the EAP peer state
+ machine
+
+ o Interface between the PAA state machine and the EAP authenticator
+ state machine
+
+ In general, the PaC and PAA state machines present EAP messages to
+ the EAP peer and authenticator state machines through the interface,
+ respectively. The EAP peer and authenticator state machines process
+ these messages and send EAP messages through the PaC and PAA state
+ machines that are responsible for actually transmitting this message,
+ respectively.
+
+ For example, [RFC4137] specifies four interfaces to lower layers: (i)
+ an interface between the EAP peer state machine and a lower layer,
+ (ii) an interface between the EAP standalone authenticator state
+ machine and a lower layer, (iii) an interface between the EAP full
+ authenticator state machine and a lower layer, and (iv) an interface
+ between the EAP backend authenticator state machine and a lower
+ layer. In this document, the PANA protocol is the lower layer of EAP
+ and only the first three interfaces are of interest to PANA. The
+ second and third interfaces are the same. In this regard, the EAP
+ standalone authenticator or the EAP full authenticator and its state
+ machine in [RFC4137] are referred to as the EAP authenticator and the
+ EAP authenticator state machine, respectively, in this document. If
+ an EAP peer and an EAP authenticator follow the state machines
+
+
+
+Fajardo, et al. Informational [Page 4]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ defined in [RFC4137], the interfaces between PANA and EAP could be
+ based on that document. Detailed definition of interfaces between
+ PANA and EAP are described in the subsequent sections.
+
+4. Document Authority
+
+ This document is intended to comply with the technical contents of
+ any of the related documents ([RFC5191] and [RFC4137]). When there
+ is a discrepancy, the related documents are considered authoritative
+ and they take precedence over this document.
+
+5. Notations
+
+ The following state transition tables are completed mostly based on
+ the conventions specified in [RFC4137]. The complete text is
+ described below.
+
+ State transition tables are used to represent the operation of the
+ protocol by a number of cooperating state machines each comprising a
+ group of connected, mutually exclusive states. Only one state of
+ each machine can be active at any given time.
+
+ All permissible transitions from a given state to other states and
+ associated actions performed when the transitions occur are
+ represented by using triplets of (exit condition, exit action, exit
+ state). All conditions are expressions that evaluate to TRUE or
+ FALSE; if a condition evaluates to TRUE, then the condition is met.
+ A state "ANY" is a wildcard state that matches any state in each
+ state machine except those explicitly enumerated as exception states.
+ The exit conditions of a wildcard state are evaluated after all other
+ exit conditions specific to the current state are met.
+
+ On exit from a state, the exit actions defined for the state and the
+ exit condition are executed exactly once, in the order that they
+ appear. (Note that the procedures defined in [RFC4137] are executed
+ on entry to a state, which is one major difference from this
+ document.) Each exit action is deemed to be atomic; i.e., execution
+ of an exit action completes before the next sequential exit action
+ starts to execute. No exit action executes outside of a state block.
+ The exit actions in only one state block execute at a time even if
+ the conditions for execution of state blocks in different state
+ machines are satisfied. All exit actions in an executing state block
+ complete execution before the transition to and execution of any
+ other state blocks. The execution of any state block appears to be
+ atomic with respect to the execution of any other state block, and
+ the transition condition to that state from the previous state is
+ TRUE when execution commences. The order of execution of state
+ blocks in different state machines is undefined except as constrained
+
+
+
+Fajardo, et al. Informational [Page 5]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ by their transition conditions. A variable that is set to a
+ particular value in a state block retains this value until a
+ subsequent state block executes an exit action that modifies the
+ value.
+
+ On completion of the transition from the previous state to the
+ current state, all exit conditions occurring during the current state
+ (including exit conditions defined for the wildcard state) are
+ evaluated until an exit condition for that state is met.
+
+ Any event variable is set to TRUE when the corresponding event occurs
+ and set to FALSE immediately after completion of the action
+ associated with the current state and the event.
+
+ The interpretation of the special symbols and operators used is
+ defined in [RFC4137].
+
+6. Common Rules
+
+ There are following procedures, variables, message initializing
+ rules, and state transitions that are common to both the PaC and PAA
+ state machines.
+
+ Throughout this document, the character string "PANA_MESSAGE_NAME"
+ matches any one of the abbreviated PANA message names, i.e., "PCI",
+ "PAR", "PAN", "PTR", "PTA", "PNR", "PNA".
+
+6.1. Common Procedures
+
+ void None()
+
+ A null procedure, i.e., nothing is done.
+
+ void Disconnect()
+
+ A procedure to delete the PANA session as well as the
+ corresponding EAP session and authorization state.
+
+ boolean Authorize()
+
+ A procedure to create or modify authorization state. It returns
+ TRUE if authorization is successful. Otherwise, it returns FALSE.
+ It is assumed that Authorize() procedure of PaC state machine
+ always returns TRUE. In the case that a non-key-generating EAP
+ method is used but a PANA SA is required after successful
+ authentication (generate_pana_sa() returns TRUE), Authorize()
+ procedure must return FALSE.
+
+
+
+
+Fajardo, et al. Informational [Page 6]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ void Tx:PANA_MESSAGE_NAME[flag](AVPs)
+
+ A procedure to send a PANA message to its peering PANA entity.
+ The "flag" argument contains one or more flags (e.g., Tx:PAR[C])
+ to be set to the message, except for 'R' (Request) flag. The
+ "AVPs" contains a list of names of optional AVPs to be inserted in
+ the message, except for AUTH AVP.
+
+ This procedure includes the following action before actual
+ transmission:
+
+ if (flag==S)
+ PANA_MESSAGE_NAME.S_flag=Set;
+ if (flag==C)
+ PANA_MESSAGE_NAME.C_flag=Set;
+ if (flag==A)
+ PANA_MESSAGE_NAME.A_flag=Set;
+ if (flag==P)
+ PANA_MESSAGE_NAME.P_flag=Set;
+ PANA_MESSAGE_NAME.insert_avp(AVPs);
+ if (key_available())
+ PANA_MESSAGE_NANE.insert_avp("AUTH");
+
+ void TxEAP()
+
+ A procedure to send an EAP message to the EAP state machine to
+ which it interfaces.
+
+ void RtxTimerStart()
+
+ A procedure to start the retransmission timer, reset RTX_COUNTER
+ variable to zero, and set an appropriate value to RTX_MAX_NUM
+ variable. Note that RTX_MAX_NUM is assumed to be set to the same
+ default value for all messages. However, implementations may also
+ reset RTX_MAX_NUM in this procedure and its value may vary
+ depending on the message that was sent.
+
+ void RtxTimerStop()
+
+ A procedure to stop the retransmission timer.
+
+ void SessionTimerReStart(TIMEOUT)
+
+ A procedure to (re)start the PANA session timer. TIMEOUT
+ specifies the expiration time associated with the session timer.
+ Expiration of TIMEOUT will trigger a SESS_TIMEOUT event.
+
+
+
+
+
+Fajardo, et al. Informational [Page 7]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ void SessionTimerStop()
+
+ A procedure to stop the current PANA session timer.
+
+ void Retransmit()
+
+ A procedure to retransmit a PANA message and increment RTX_COUNTER
+ by one(1).
+
+ void EAP_Restart()
+
+ A procedure to (re)start an EAP conversation resulting in the re-
+ initialization of an existing EAP session.
+
+ void PANA_MESSAGE_NAME.insert_avp("AVP_NAME1", "AVP_NAME2",...)
+
+ A procedure to insert AVPs for each specified AVP name in the list
+ of AVP names in the PANA message. When an AVP name ends with "*",
+ zero, one, or more AVPs are inserted; otherwise, one AVP is
+ inserted.
+
+ boolean PANA_MESSAGE_NAME.exist_avp("AVP_NAME")
+
+ A procedure that checks whether an AVP of the specified AVP name
+ exists in the specified PANA message and returns TRUE if the
+ specified AVP is found, otherwise returns FALSE.
+
+ boolean generate_pana_sa()
+
+ A procedure to check whether the EAP method being used generates
+ keys and that a PANA SA will be established on successful
+ authentication. For the PaC, the procedure is also used to check
+ and match the PRF and Integrity algorithm AVPs advertised by the
+ PAA in PAR[S] message. For the PAA, it is used to indicate
+ whether a PRF and Integrity algorithm AVPs will be sent in the
+ PAR[S]. This procedure will return TRUE if a PANA SA will be
+ generated. Otherwise, it returns FALSE.
+
+ boolean key_available()
+
+ A procedure to check whether the PANA session has a PANA_AUTH_KEY.
+ If the state machine already has a PANA_AUTH_KEY, it returns TRUE.
+ If the state machine does not have a PANA_AUTH_KEY, it tries to
+ retrieve a Master Session Key (MSK) from the EAP entity. If an
+ MSK is retrieved, it computes a PANA_AUTH_KEY from the MSK and
+ returns TRUE. Otherwise, it returns FALSE.
+
+
+
+
+
+Fajardo, et al. Informational [Page 8]
+
+RFC 5609 PANA State Machines August 2009
+
+
+6.2. Common Variables
+
+ PAR.RESULT_CODE
+
+ This variable contains the Result-Code AVP value in the PANA-Auth-
+ Request message in process. When this variable carries
+ PANA_SUCCESS, it is assumed that the PAR message always contains
+ an EAP-Payload AVP that carries an EAP-Success message.
+
+ NONCE_SENT
+
+ This variable is set to TRUE to indicate that a Nonce-AVP has
+ already been sent. Otherwise, it is set to FALSE.
+
+ RTX_COUNTER
+
+ This variable contains the current number of retransmissions of
+ the outstanding PANA message.
+
+ Rx:PANA_MESSAGE_NAME[flag]
+
+ This event variable is set to TRUE when the specified PANA message
+ is received from its peering PANA entity. The "flag" contains a
+ flag (e.g., Rx:PAR[C]), except for 'R' (Request) flag.
+
+ RTX_TIMEOUT
+
+ This event variable is set to TRUE when the retransmission timer
+ is expired.
+
+ REAUTH
+
+ This event variable is set to TRUE when an initiation of re-
+ authentication phase is triggered. This event variable can only
+ be set while in the OPEN state.
+
+ TERMINATE
+
+ This event variable is set to TRUE when initiation of PANA session
+ termination is triggered. This event variable can only be set
+ while in the OPEN state.
+
+ PANA_PING
+
+ This event variable is set to TRUE when initiation of liveness
+ test based on PANA-Notification exchange is triggered. This event
+ variable can only be set while in the OPEN state.
+
+
+
+
+Fajardo, et al. Informational [Page 9]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ SESS_TIMEOUT
+
+ This event is variable is set to TRUE when the session timer has
+ expired.
+
+ LIFETIME_SESS_TIMEOUT
+
+ Configurable value used by the PaC and PAA to close or disconnect
+ an established session in the access phase. This variable
+ indicates the expiration of the session and is set to the value of
+ Session-Lifetime AVP if present in the last PANA-Auth-Request
+ message in the case of the PaC. Otherwise, it is assumed that the
+ value is infinite and therefore has no expiration. Expiration of
+ LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT
+ to be set.
+
+ ANY
+
+ This event variable is set to TRUE when any event occurs.
+
+6.3. Configurable Values
+
+ RTX_MAX_NUM
+
+ Configurable maximum for how many retransmissions should be
+ attempted before aborting.
+
+6.4. Common Message Initialization Rules
+
+ When a message is prepared for sending, it is initialized as follows:
+
+ o For a request message, R-flag of the header is set. Otherwise,
+ R-flag is not set.
+
+ o Other message header flags are not set. They are set explicitly
+ by specific state machine actions.
+
+ o AVPs that are mandatory to be included in a message are inserted
+ with appropriate values set.
+
+6.5. Common Retransmission Rules
+
+ The state machines defined in this document assume that the PaC and
+ the PAA cache the last transmitted answer message. This scheme is
+ described in Section 5.2 of [RFC5191]. When the PaC or PAA receives
+ a retransmitted or duplicate request, it would be able to resend the
+ corresponding answer without any aid from the EAP layer. However, to
+ simplify the state machine description, this caching scheme is
+
+
+
+Fajardo, et al. Informational [Page 10]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ omitted in the state machines below. In the case that there is not a
+ corresponding answer to a retransmitted request, the request will be
+ handled by the corresponding state machine.
+
+6.6. Common State Transitions
+
+ The following transitions can occur at any state with exemptions
+ explicitly noted.
+
+ ----------
+ State: ANY
+ ----------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - (Re-transmissions)- - - - - - - - - -
+ RTX_TIMEOUT && Retransmit(); (no change)
+ RTX_COUNTER<
+ RTX_MAX_NUM
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - (Reach maximum number of transmissions)- - - - - -
+ (RTX_TIMEOUT && Disconnect(); CLOSED
+ RTX_COUNTER>=
+ RTX_MAX_NUM) ||
+ SESS_TIMEOUT
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ -------------------------
+ State: ANY except INITIAL
+ -------------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - (liveness test initiated by peer)- - - - - -
+ Rx:PNR[P] Tx:PNA[P](); (no change)
+
+
+ -------------------------------
+ State: ANY except WAIT_PNA_PING
+ -------------------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - (liveness test response) - - - - - - - -
+ Rx:PNA[P] None(); (no change)
+
+ The following transitions can occur on any exit condition within the
+ specified state.
+
+
+
+Fajardo, et al. Informational [Page 11]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ -------------
+ State: CLOSED
+ -------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - -(Catch all event on closed state) - - - - - - - -
+ ANY None(); CLOSED
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+7. PaC State Machine
+
+7.1. Interface between PaC and EAP Peer
+
+ This interface defines the interactions between a PaC and an EAP
+ peer. The interface serves as a mechanism to deliver EAP messages
+ for the EAP peer. It allows the EAP peer to receive EAP requests and
+ send EAP responses via the PaC. It also provides a mechanism to
+ notify the EAP peer of PaC events and a mechanism to receive
+ notification of EAP peer events. The EAP message delivery mechanism
+ as well as the event notification mechanism in this interface have
+ direct correlation with the PaC state transition table entries.
+ These message delivery and event notifications mechanisms occur only
+ within the context of their associated states or exit actions.
+
+7.1.1. Delivering EAP Messages from PaC to EAP Peer
+
+ TxEAP() procedure in the PaC state machine serves as the mechanism to
+ deliver EAP messages contained in PANA-Auth-Request messages to the
+ EAP peer. This procedure is enabled only after an EAP restart event
+ is notified to the EAP peer and before any event resulting in a
+ termination of the EAP peer session. In the case where the EAP peer
+ follows the EAP peer state machine defined in [RFC4137], TxEAP()
+ procedure sets eapReq variable of the EAP peer state machine and puts
+ the EAP request in eapReqData variable of the EAP peer state machine.
+
+7.1.2. Delivering EAP Messages from EAP Peer to PaC
+
+ An EAP message is delivered from the EAP peer to the PaC via
+ EAP_RESPONSE event variable. The event variable is set when the EAP
+ peer passes the EAP message to its lower layer. In the case where
+ the EAP peer follows the EAP peer state machine defined in [RFC4137],
+ EAP_RESPONSE event variable refers to eapResp variable of the EAP
+ peer state machine and the EAP message is contained in eapRespData
+ variable of the EAP peer state machine.
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 12]
+
+RFC 5609 PANA State Machines August 2009
+
+
+7.1.3. EAP Restart Notification from PaC to EAP Peer
+
+ The EAP peer state machine defined in [RFC4137] has an initialization
+ procedure before receiving an EAP message. To initialize the EAP
+ state machine, the PaC state machine defines an event notification
+ mechanism to send an EAP (re)start event to the EAP peer. The event
+ notification is done via EAP_Restart() procedure in the
+ initialization action of the PaC state machine.
+
+7.1.4. EAP Authentication Result Notification from EAP Peer to PaC
+
+ In order for the EAP peer to notify the PaC of an EAP authentication
+ result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In
+ the case where the EAP peer follows the EAP peer state machine
+ defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables
+ refer to eapSuccess and eapFail variables of the EAP peer state
+ machine, respectively. In this case, if EAP_SUCCESS event variable
+ is set to TRUE and an MSK is generated by the EAP authentication
+ method in use, eapKeyAvailable variable is set to TRUE and eapKeyData
+ variable contains the MSK. Note that EAP_SUCCESS and EAP_FAILURE
+ event variables may be set to TRUE even before the PaC receives a PAR
+ with a 'Complete' flag set from the PAA.
+
+7.1.5. Alternate Failure Notification from PaC to EAP Peer
+
+ alt_reject() procedure in the PaC state machine serves as the
+ mechanism to deliver an authentication failure event to the EAP peer
+ without accompanying an EAP message. In the case where the EAP peer
+ follows the EAP peer state machine defined in [RFC4137], alt_reject()
+ procedure sets altReject variable of the EAP peer state machine.
+ Note that the EAP peer state machine in [RFC4137] also defines
+ altAccept variable; however, it is never used in PANA in which EAP-
+ Success messages are reliably delivered by the last PANA-Auth
+ exchange.
+
+7.2. Configurable Values
+
+ FAILED_SESS_TIMEOUT
+
+ This is a configurable value that allows the PaC to determine
+ whether a PaC authentication and authorization phase has stalled
+ without an explicit EAP success or failure notification.
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 13]
+
+RFC 5609 PANA State Machines August 2009
+
+
+7.3. Variables
+
+ AUTH_USER
+
+ This event variable is set to TRUE when initiation of EAP-based
+ (re-)authentication is triggered by the application.
+
+ EAP_SUCCESS
+
+ This event variable is set to TRUE when the EAP peer determines
+ that an EAP conversation completes with success.
+
+ EAP_FAILURE
+
+ This event variable is set to TRUE when the EAP peer determines
+ that an EAP conversation completes with failure.
+
+ EAP_RESPONSE
+
+ This event variable is set to TRUE when the EAP peer delivers an
+ EAP message to the PaC. This event accompanies an EAP message
+ received from the EAP peer.
+
+ EAP_RESP_TIMEOUT
+
+ This event variable is set to TRUE when the PaC that has passed an
+ EAP message to the EAP layer does not receive a subsequent EAP
+ message from the EAP layer in a given period. This provides a
+ time limit for certain EAP methods where user interaction may be
+ required.
+
+ EAP_DISCARD
+
+ This event variable is set to TRUE when the EAP peer indicates
+ that it has silently discarded the last received EAP-Request.
+ This event does not accompany any EAP message. In the case where
+ the EAP peer follows the EAP peer state machine defined in
+ [RFC4137], this event variable refers to eapNoResp. Note that
+ this specification does not support silently discarding EAP
+ messages. They are treated as fatal errors instead. This may
+ have an impact on denial-of-service resistance.
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 14]
+
+RFC 5609 PANA State Machines August 2009
+
+
+7.4. Procedures
+
+ boolean eap_piggyback()
+
+ This procedure returns TRUE to indicate whether the next EAP
+ response will be carried in the pending PAN message for
+ optimization.
+
+ void alt_reject()
+
+ This procedure informs the EAP peer of an authentication failure
+ event without accompanying an EAP message.
+
+ void EAP_RespTimerStart()
+
+ This is a procedure to start a timer to receive an EAP-Response
+ from the EAP peer.
+
+ void EAP_RespTimerStop()
+
+ This is a procedure to stop a timer to receive an EAP-Response
+ from the EAP peer.
+
+7.5. PaC State Transition Table
+
+ ------------------------------
+ State: INITIAL (Initial State)
+ ------------------------------
+
+ Initialization Action:
+
+ NONCE_SENT=Unset;
+ RTX_COUNTER=0;
+ RtxTimerStop();
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+-----------
+ - - - - - - - - - - (PaC-initiated Handshake) - - - - - - - - -
+ AUTH_USER Tx:PCI[](); INITIAL
+ RtxTimerStart();
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 15]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ - - - - - - -(PAA-initiated Handshake, not optimized) - - - - -
+ Rx:PAR[S] && EAP_Restart(); WAIT_PAA
+ !PAR.exist_avp SessionTimerReStart
+ ("EAP-Payload") (FAILED_SESS_TIMEOUT);
+ if (generate_pana_sa())
+ Tx:PAN[S]("PRF-Algorithm",
+ "Integrity-Algorithm");
+ else
+ Tx:PAN[S]();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ - - - - - - - -(PAA-initiated Handshake, optimized) - - - - - -
+ Rx:PAR[S] && EAP_Restart(); INITIAL
+ PAR.exist_avp TxEAP();
+ ("EAP-Payload") && SessionTimerReStart
+ eap_piggyback() (FAILED_SESS_TIMEOUT);
+
+ Rx:PAR[S] && EAP_Restart(); WAIT_EAP_MSG
+ PAR.exist_avp TxEAP();
+ ("EAP-Payload") && SessionTimerReStart
+ !eap_piggyback() (FAILED_SESS_TIMEOUT);
+ if (generate_pana_sa())
+ Tx:PAN[S]("PRF-Algorithm",
+ "Integrity-Algorithm");
+ else
+ Tx:PAN[S]();
+
+ EAP_RESPONSE if (generate_pana_sa()) WAIT_PAA
+ Tx:PAN[S]("EAP-Payload",
+ "PRF-Algorithm",
+ "Integrity-Algorithm");
+ else
+ Tx:PAN[S]("EAP-Payload");
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 16]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ ---------------
+ State: WAIT_PAA
+ ---------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - - -(PAR-PAN exchange) - - - - - - - -
+ Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG
+ !eap_piggyback() TxEAP();
+ EAP_RespTimerStart();
+ if (NONCE_SENT==Unset) {
+ NONCE_SENT=Set;
+ Tx:PAN[]("Nonce");
+ }
+ else
+ Tx:PAN[]();
+
+ Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG
+ eap_piggyback() TxEAP();
+ EAP_RespTimerStart();
+
+ Rx:PAN[] RtxTimerStop(); WAIT_PAA
+
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ - - - - - - - - - - - - - - -(PANA result) - - - - - - - - - -
+ Rx:PAR[C] && TxEAP(); WAIT_EAP_RESULT
+ PAR.RESULT_CODE==
+ PANA_SUCCESS
+
+ Rx:PAR[C] && if (PAR.exist_avp WAIT_EAP_RESULT_
+ PAR.RESULT_CODE!= ("EAP-Payload")) CLOSE
+ PANA_SUCCESS TxEAP();
+ else
+ alt_reject();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 17]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ -------------------
+ State: WAIT_EAP_MSG
+ -------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - (Return PAN/PAR from EAP) - - - - - - - - -
+ EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA
+ eap_piggyback() if (NONCE_SENT==Unset) {
+ Tx:PAN[]("EAP-Payload",
+ "Nonce");
+ NONCE_SENT=Set;
+ }
+ else
+ Tx:PAN[]("EAP-Payload");
+
+ EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA
+ !eap_piggyback() Tx:PAR[]("EAP-Payload");
+ RtxTimerStart();
+
+ EAP_RESP_TIMEOUT && Tx:PAN[](); WAIT_PAA
+ eap_piggyback()
+
+ EAP_DISCARD && Tx:PAN[](); CLOSED
+ eap_piggyback() SessionTimerStop();
+ Disconnect();
+
+ EAP_FAILURE || SessionTimerStop(); CLOSED
+ (EAP_DISCARD && Disconnect();
+ !eap_piggyback())
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------------
+ State: WAIT_EAP_RESULT
+ ----------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - -
+ EAP_SUCCESS if (PAR.exist_avp OPEN
+ ("Key-Id"))
+ Tx:PAN[C]("Key-Id");
+ else
+ Tx:PAN[C]();
+ Authorize();
+ SessionTimerReStart
+ (LIFETIME_SESS_TIMEOUT);
+
+
+
+
+Fajardo, et al. Informational [Page 18]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ EAP_FAILURE Tx:PAN[C](); CLOSED
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------------------
+ State: WAIT_EAP_RESULT_CLOSE
+ ----------------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - -
+ EAP_SUCCESS || if (EAP_SUCCESS && CLOSED
+ EAP_FAILURE PAR.exist_avp("Key-Id"))
+ Tx:PAN[C]("Key-Id");
+ else
+ Tx:PAN[C]();
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ -----------
+ State: OPEN
+ -----------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - (liveness test initiated by PaC)- - - - - -
+ PANA_PING Tx:PNR[P](); WAIT_PNA_PING
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - - (re-authentication initiated by PaC)- - - - - -
+ REAUTH NONCE_SENT=Unset; WAIT_PNA_REAUTH
+ Tx:PNR[A]();
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 19]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ - - - - - - - - - (re-authentication initiated by PAA)- - - - - -
+ Rx:PAR[] EAP_RespTimerStart(); WAIT_EAP_MSG
+ TxEAP();
+ if (!eap_piggyback())
+ Tx:PAN[]("Nonce");
+ else
+ NONCE_SENT=Unset;
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - -(Session termination initiated by PAA) - - - - - -
+ Rx:PTR[] Tx:PTA[](); CLOSED
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - -(Session termination initiated by PaC) - - - - - -
+ TERMINATE Tx:PTR[](); SESS_TERM
+ RtxTimerStart();
+ SessionTimerStop();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------------
+ State: WAIT_PNA_REAUTH
+ ----------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - -(re-authentication initiated by PaC) - - - - -
+ Rx:PNA[A] RtxTimerStop(); WAIT_PAA
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - -(Session termination initiated by PAA) - - - - - -
+ Rx:PTR[] RtxTimerStop(); CLOSED
+ Tx:PTA[]();
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ --------------------
+ State: WAIT_PNA_PING
+ --------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - -(liveness test initiated by PaC) - - - - - - -
+ Rx:PNA[P] RtxTimerStop(); OPEN
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+
+Fajardo, et al. Informational [Page 20]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ - - - - - - - - - (re-authentication initiated by PAA)- - - - -
+ Rx:PAR[] RtxTimerStop(); WAIT_EAP_MSG
+ EAP_RespTimerStart();
+ TxEAP();
+ if (!eap_piggyback())
+ Tx:PAN[]("Nonce");
+ else
+ NONCE_SENT=Unset;
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - -(Session termination initiated by PAA) - - - - - -
+ Rx:PTR[] RtxTimerStop(); CLOSED
+ Tx:PTA[]();
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------
+ State: SESS_TERM
+ ----------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - -(Session termination initiated by PaC) - - - - -
+ Rx:PTA[] Disconnect(); CLOSED
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+8. PAA State Machine
+
+8.1. Interface between PAA and EAP Authenticator
+
+ The interface between a PAA and an EAP authenticator provides a
+ mechanism to deliver EAP messages for the EAP authenticator as well
+ as a mechanism to notify the EAP authenticator of PAA events and to
+ receive notification of EAP authenticator events. These message
+ delivery and event notification mechanisms occur only within context
+ of their associated states or exit actions.
+
+8.1.1. EAP Restart Notification from PAA to EAP Authenticator
+
+ An EAP authenticator state machine defined in [RFC4137] has an
+ initialization procedure before sending the first EAP request. To
+ initialize the EAP state machine, the PAA state machine defines an
+ event notification mechanism to send an EAP (re)start event to the
+ EAP authenticator. The event notification is done via EAP_Restart()
+ procedure in the initialization action of the PAA state machine.
+
+
+
+
+Fajardo, et al. Informational [Page 21]
+
+RFC 5609 PANA State Machines August 2009
+
+
+8.1.2. Delivering EAP Responses from PAA to EAP Authenticator
+
+ TxEAP() procedure in the PAA state machine serves as the mechanism to
+ deliver EAP-Responses contained in PANA-Auth-Answer messages to the
+ EAP authenticator. This procedure is enabled only after an EAP
+ restart event is notified to the EAP authenticator and before any
+ event resulting in a termination of the EAP authenticator session.
+ In the case where the EAP authenticator follows the EAP authenticator
+ state machines defined in [RFC4137], TxEAP() procedure sets eapResp
+ variable of the EAP authenticator state machine and puts the EAP
+ response in eapRespData variable of the EAP authenticator state
+ machine.
+
+8.1.3. Delivering EAP Messages from EAP Authenticator to PAA
+
+ An EAP request is delivered from the EAP authenticator to the PAA via
+ EAP_REQUEST event variable. The event variable is set when the EAP
+ authenticator passes the EAP request to its lower layer. In the case
+ where the EAP authenticator follows the EAP authenticator state
+ machines defined in [RFC4137], EAP_REQUEST event variable refers to
+ eapReq variable of the EAP authenticator state machine and the EAP
+ request is contained in eapReqData variable of the EAP authenticator
+ state machine.
+
+8.1.4. EAP Authentication Result Notification from EAP Authenticator to
+ PAA
+
+ In order for the EAP authenticator to notify the PAA of the EAP
+ authentication result, EAP_SUCCESS, EAP_FAILURE, and EAP_TIMEOUT
+ event variables are defined. In the case where the EAP authenticator
+ follows the EAP authenticator state machines defined in [RFC4137],
+ EAP_SUCCESS, EAP_FAILURE, and EAP_TIMEOUT event variables refer to
+ eapSuccess, eapFail, and eapTimeout variables of the EAP
+ authenticator state machine, respectively. In this case, if
+ EAP_SUCCESS event variable is set to TRUE, an EAP-Success message is
+ contained in eapReqData variable of the EAP authenticator state
+ machine, and additionally, eapKeyAvailable variable is set to TRUE
+ and eapKeyData variable contains an MSK if the MSK is generated as a
+ result of successful authentication by the EAP authentication method
+ in use. Similarly, if EAP_FAILURE event variable is set to TRUE, an
+ EAP-Failure message is contained in eapReqData variable of the EAP
+ authenticator state machine. The PAA uses EAP_SUCCESS and
+ EAP_FAILURE event variables as a trigger to send a PAR message to the
+ PaC.
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 22]
+
+RFC 5609 PANA State Machines August 2009
+
+
+8.2. Variables
+
+ OPTIMIZED_INIT
+
+ This variable indicates whether the PAA is able to piggyback an
+ EAP-Request in the initial PANA-Auth-Request. Otherwise, it is
+ set to FALSE.
+
+ PAC_FOUND
+
+ This variable is set to TRUE as a result of a PAA-initiated
+ handshake.
+
+ REAUTH_TIMEOUT
+
+ This event variable is set to TRUE to indicate that the PAA
+ initiates a re-authentication with the PaC. The re-authentication
+ timeout should be set to a value less than the session timeout
+ carried in the Session-Lifetime AVP if present.
+
+ EAP_SUCCESS
+
+ This event variable is set to TRUE when an EAP conversation
+ completes with success. This event accompanies an EAP-Success
+ message passed from the EAP authenticator.
+
+ EAP_FAILURE
+
+ This event variable is set to TRUE when an EAP conversation
+ completes with failure. This event accompanies an EAP-Failure
+ message passed from the EAP authenticator.
+
+ EAP_REQUEST
+
+ This event variable is set to TRUE when the EAP authenticator
+ delivers an EAP Request to the PAA. This event accompanies an
+ EAP-Request message received from the EAP authenticator.
+
+ EAP_TIMEOUT
+
+ This event variable is set to TRUE when an EAP conversation times
+ out without generating an EAP-Success or an EAP-Failure message.
+ This event does not accompany any EAP message.
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 23]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ EAP_DISCARD
+
+ This event variable is set to TRUE when the EAP authenticator
+ indicates that it has silently discarded the last received EAP-
+ Response message. This event does not accompany any EAP message.
+ In the case where the EAP authenticator follows the EAP
+ authenticator state machines defined in [RFC4137], this event
+ variable refers to eapNoReq.
+
+8.3. Procedures
+
+ boolean new_key_available()
+
+ This is a procedure to check whether the PANA session has a new
+ PANA_AUTH_KEY. If the state machine already has a PANA_AUTH_KEY,
+ it returns FALSE. If the state machine does not have a
+ PANA_AUTH_KEY, it tries to retrieve an MSK from the EAP entity.
+ If an MSK has been retrieved, it computes a PANA_AUTH_KEY from the
+ MSK and returns TRUE. Otherwise, it returns FALSE.
+
+8.4. PAA State Transition Table
+
+ ------------------------------
+ State: INITIAL (Initial State)
+ ------------------------------
+
+ Initialization Action:
+
+ OPTIMIZED_INIT=Set|Unset;
+ NONCE_SENT=Unset;
+ RTX_COUNTER=0;
+ RtxTimerStop();
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - (PCI and PAA initiated PANA) - - - - - - - - -
+ (Rx:PCI[] || if (OPTIMIZED_INIT == INITIAL
+ PAC_FOUND) Set) {
+ EAP_Restart();
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ }
+ else {
+ if (generate_pana_sa())
+ Tx:PAR[S]("PRF-Algorithm",
+ "Integrity-Algorithm");
+ else
+ Tx:PAR[S]();
+
+
+
+Fajardo, et al. Informational [Page 24]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ }
+
+ EAP_REQUEST if (generate_pana_sa()) INITIAL
+ Tx:PAR[S]("EAP-Payload",
+ "PRF-Algorithm",
+ "Integrity-Algorithm");
+ else
+ Tx:PAR[S]("EAP-Payload");
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ - - - - - - - - - - - - - - (PAN Handling) - - - - - - - - - -
+ Rx:PAN[S] && if (PAN.exist_avp WAIT_EAP_MSG
+ ((OPTIMIZED_INIT == ("EAP-Payload"))
+ Unset) || TxEAP();
+ PAN.exist_avp else {
+ ("EAP-Payload")) EAP_Restart();
+ SessionTimerReStart
+ (FAILED_SESS_TIMEOUT);
+ }
+
+ Rx:PAN[S] && None(); WAIT_PAN_OR_PAR
+ (OPTIMIZED_INIT ==
+ Set) &&
+ ! PAN.exist_avp
+ ("EAP-Payload")
+
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ -------------------
+ State: WAIT_EAP_MSG
+ -------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - -(Receiving EAP-Request)- - - - - - - - -
+ EAP_REQUEST if (NONCE_SENT==Unset) { WAIT_PAN_OR_PAR
+ Tx:PAR[]("Nonce",
+ "EAP-Payload");
+ NONCE_SENT=Set;
+ }
+ else
+ Tx:PAR[]("EAP-Payload");
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - - - -(Receiving EAP-Success/Failure) - - - - -
+ EAP_FAILURE PAR.RESULT_CODE = WAIT_FAIL_PAN
+ PANA_AUTHENTICATION_
+
+
+
+Fajardo, et al. Informational [Page 25]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ REJECTED;
+ Tx:PAR[C]("EAP-Payload");
+ RtxTimerStart();
+ SessionTimerStop();
+
+ EAP_SUCCESS && PAR.RESULT_CODE = WAIT_SUCC_PAN
+ Authorize() PANA_SUCCESS;
+ if (new_key_available())
+ Tx:PAR[C]("EAP-Payload",
+ "Key-Id");
+ else
+ Tx:PAR[C]("EAP-Payload");
+ RtxTimerStart();
+
+ EAP_SUCCESS && PAR.RESULT_CODE = WAIT_FAIL_PAN
+ !Authorize() PANA_AUTHORIZATION_
+ REJECTED;
+ if (new_key_available())
+ Tx:PAR[C]("EAP-Payload",
+ "Key-Id");
+ else
+ Tx:PAR[C]("EAP-Payload");
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - (Receiving EAP-Timeout or invalid message) - - - - -
+ EAP_TIMEOUT || SessionTimerStop(); CLOSED
+ EAP_DISCARD Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ --------------------
+ State: WAIT_SUCC_PAN
+ --------------------
+
+ Event/Condition Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - - -
+ Rx:PAN[C] RtxTimerStop(); OPEN
+ SessionTimerReStart
+ (LIFETIME_SESS_TIMEOUT);
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ --------------------
+ State: WAIT_FAIL_PAN
+ --------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - -
+
+
+
+Fajardo, et al. Informational [Page 26]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ Rx:PAN[C] RtxTimerStop(); CLOSED
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ -----------
+
+ State: OPEN
+ -----------
+
+ Event/Condition Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - (re-authentication initiated by PaC) - - - - - -
+ Rx:PNR[A] NONCE_SENT=Unset; WAIT_EAP_MSG
+ EAP_Restart();
+ Tx:PNA[A]();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - (re-authentication initiated by PAA)- - - - - -
+ REAUTH || NONCE_SENT=Unset; WAIT_EAP_MSG
+ REAUTH_TIMEOUT EAP_Restart();
+
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - (liveness test based on PNR-PNA exchange initiated by PAA)-
+ PANA_PING Tx:PNR[P](); WAIT_PNA_PING
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - (Session termination initiated from PAA)- - - -
+ TERMINATE Tx:PTR[](); SESS_TERM
+ SessionTimerStop();
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - (Session termination initiated from PaC)- - - -
+ Rx:PTR[] Tx:PTA[](); CLOSED
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ --------------------
+ State: WAIT_PNA_PING
+ --------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - -(PNA processing) - - - - - - - - - -
+ Rx:PNA[P] RtxTimerStop(); OPEN
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - (re-authentication initiated by PaC) - - - - - -
+ Rx:PNR[A] RtxTimerStop(); WAIT_EAP_MSG
+ NONCE_SENT=Unset;
+
+
+
+Fajardo, et al. Informational [Page 27]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ EAP_Restart();
+ Tx:PNA[A]();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - (Session termination initiated from PaC)- - - -
+ Rx:PTR[] RtxTimerStop(); CLOSED
+ Tx:PTA[]();
+ SessionTimerStop();
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------------
+ State: WAIT_PAN_OR_PAR
+ ----------------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+ - - - - - - - - - - - - - (PAR Processing)- - - - - - - - - - -
+ Rx:PAR[] TxEAP(); WAIT_EAP_MSG
+ RtxTimerStop();
+ Tx:PAN[]();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - (Pass EAP Response to the EAP authenticator)- - - -
+ Rx:PAN[] && TxEAP(); WAIT_EAP_MSG
+ PAN.exist_avp RtxTimerStop();
+ ("EAP-Payload")
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - - - (PAN without an EAP response) - - - - - - -
+ Rx:PAN[] && RtxTimerStop(); WAIT_PAN_OR_PAR
+ !PAN.exist_avp
+ ("EAP-Payload")
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - - - - - -(EAP retransmission) - - - - - - - - - -
+ EAP_REQUEST RtxTimerStop(); WAIT_PAN_OR_PAR
+ Tx:PAR[]("EAP-Payload");
+ RtxTimerStart();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - - - - - - - (EAP authentication timeout or failure)- - - - -
+ EAP_FAILURE || RtxTimerStop(); CLOSED
+ EAP_TIMEOUT || SessionTimerStop();
+ EAP_DISCARD Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ ----------------
+ State: SESS_TERM
+ ----------------
+
+ Exit Condition Exit Action Exit State
+ ------------------------+--------------------------+------------
+
+
+
+Fajardo, et al. Informational [Page 28]
+
+RFC 5609 PANA State Machines August 2009
+
+
+ - - - - - - - - - - - - - -(PTA processing) - - - - - - - - - -
+ Rx:PTA[] RtxTimerStop(); CLOSED
+ Disconnect();
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+9. Implementation Considerations
+
+9.1. PAA and PaC Interface to Service Management Entity
+
+ In general, it is assumed that each device or network equipment has a
+ PANA protocol stack available for use by other modules within the
+ device or network equipment. One such module is the Service
+ Management Entity (SME). The SME is a generic term for modules that
+ manage different services (including network protocols) that are
+ installed on a device or equipment. To integrate the PANA protocol
+ with the SME, it is recommended that a generic interface (i.e., the
+ SME-PANA interface) between the SME and the PANA protocol stack be
+ provided by the implementation. This interface should include common
+ procedures such as startup, shutdown, and re-authenticate signals.
+ It should also provide for extracting keying material. For the PAA,
+ the SME-PANA interface should also provide a method for communicating
+ filtering parameters to the Enforcement Point(s) when cryptographic
+ filtering is used. The filtering parameters include keying material
+ used for bootstrapping secured transport such as IPsec. When a PAA
+ device interacts with the backend authentication server using a AAA
+ protocol, its SME may also provide an interface to the AAA protocol
+ to obtain authorization parameters such as the authorization lifetime
+ and additional filtering parameters.
+
+10. Security Considerations
+
+ This document's intent is to describe the PANA state machines fully.
+ To this end, any security concerns with this document are likely a
+ reflection of security concerns with PANA itself.
+
+11. Acknowledgments
+
+ This work was started from state machines originally made by Dan
+ Forsberg.
+
+12. References
+
+12.1. Normative References
+
+ [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A.
+ Yegin, "Protocol for Carrying Authentication for Network
+ Access (PANA)", RFC 5191, May 2008.
+
+
+
+
+Fajardo, et al. Informational [Page 29]
+
+RFC 5609 PANA State Machines August 2009
+
+
+12.2. Informative References
+
+ [RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba,
+ "State Machines for Extensible Authentication Protocol
+ (EAP) Peer and Authenticator", RFC 4137, August 2005.
+
+Authors' Addresses
+
+ Victor Fajardo (editor)
+ Telcordia Technologies
+ 1 Telcordia Drive
+ Piscataway, NJ 08854
+ USA
+
+ Phone: +1 732 699 5368
+ EMail: vfajardo@research.telcordia.com
+
+
+ Yoshihiro Ohba
+ Toshiba Corporate Research and Development Center
+ 1 Komukai-Toshiba-cho, Saiwai-ku
+ Kawasaki, Kanagawa 212-8582
+ Japan
+
+ Phone: +81 44 549 2230
+ EMail: yoshihiro.ohba@toshiba.co.jp
+
+
+ Rafa Marin-Lopez
+ University of Murcia
+ Campus de Espinardo S/N, Facultad de Informatica
+ Murcia 30100
+ Spain
+
+ Phone: +34 868 888 501
+ EMail: rafa@um.es
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fajardo, et al. Informational [Page 30]
+