The Kerberized Handover Keying (KHK) protocol

The Kerberized Handover Keying protocol (1) was proposed as an answer to IETF HOKEY working group problem statement which aims at reducing EAP authentication delays. KHK leverages the Kerberos protocol to perform mutual authentication between the EAP authenticator (The access point) and the EAP supplicant (wireless station). KHK defines two modes of operations; the Proactive mode and the Reactive mode, both of which will be detailed in the following article.

The KHK Proactive mode

In this mode, when the wireless station discovers neighboring access points, it uses its ongoing connection and issues a Kerberos TGS-REQ message to the Kerberos Key Distribution Center managing the local access network in order to obtain Kerberos service tickets for the APs. Then, during the handoff, the wireless station issues a Kerberos AP-REQ message to which the AP replies by issuing an AP-REP message. The AP-REQ/REP exchange allows both the station and the access point to perform mutual authentication without the need to contact any remote entity.

The KHK Reactive mode

In the reactive mode, the Kerberos client and server roles are inverted. During the handoff, the wireless station provides its identity to the access point which will obtain a service ticket for the wireless station by performing a TGS-REQ/TGS-REP exchange with the Kerberos Key Distribution Center. The access points then uses the ticket to perform mutual authentication with the station.

KHK bootstrapping

In order to use the KHK fast handoff protocol, the wireless station needs to be configured and registered as a Kerberos principal in the Kerberos KDC of the local access network. This initialization is the role of the bootstrapping process. As specified by the KHK proposal, a special EAP method “EAP-EXT” is used between the wireless station and the AAA server of the local access network to perform EAP authentication and initialization of KHK. The EAP-EXT method encapsulates a legacy EAP method negotiated by the EAP peer and the EAP server. Upon successful authentication using the inner method, EAP-EXT adds a new entry to the Kerberos KDC and provides the IP address of the KDC as well as all necessary bootstrapping information to the station. The Kerberos messages between the wireless station and the access point are encapsulated using link-layer specific frames. For example, in the case of 802.11, the KHK proposal suggests the use of IEEE 802.1X frames. This requires update at the link layer to define the encapsulation of Kerberos messages. These changes in the access points may represent a financially costly operation in case of large scale access networks.


  • (1) Yoshihiro Ohba, Subir Das, and Ashutosh Dutta, “Kerberized handover keying: a media independent handover key management architecture,” in MobiArch ’07: Proceedings of 2nd ACM/IEEE international workshop on Mobility in the evolving internet architecture, New York, NY, USA, 2007, pp. 1–7, ACM
You could leave a comment if you were logged in.


Electronics | Computers | Outdoor Gear


wireless security and more