2004-07-14 Project IEEE C802.20-04/65 IEEE 802.20 Working Group on Mobile Broadband Wireless Access <http://grouper.ieee.org/groups/802/20/> Title Functional Requirements for 802.20 Security Date Submitted 2004-06-28 Source(s) Sarvar Patel 67 Whippany Road, Whippany, NJ 07981 Re: MBWA Call for Contributions: Session # 9 - July 12-16, 2004 Abstract This document discusses security issues related to 802.20 requirements. Purpose Address 802.20 security. Notice Release Patent Policy Voice: 973-386-6558 Email: sarvar@lucent.com This document has been prepared to assist the IEEE 802.20 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.20. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development <http://standards.ieee.org/board/pat/guide.html>. {INSERT DATE} P<designation>D<number> IEEE P 802.20™ V13 Date: May 17, 2004 Draft 802.20 Permanent Document <802.20 Requirements Document – Ver. 13> This document is a Draft Permanent Document of IEEE Working Group 802.20. Permanent Documents (PD) are used in facilitating the work of the WG and contain information that provides guidance for the development of 802.20 standards. This document is work in progress and is subject to change. 2 {May 17, 2004} IEEE P802.20-PD<number>/V<13> 1 2 3 4.1.11 Link Layer Security 4 5 6 7 8 9 10 Link layer security in MBWA systems shall protect the service provider from theft of service and protect the user from network impersonation. It shall provide privacy protection of the data sent over the air interface and also provide data integrity consistent with the best current commercial practice. The 802.20 standard shall minimize the risk of denial of service attacks wherever possible. 802.20 security provides only link layer protection and may be complemented by end-to-end security protocols operating at higher layers such as SSL/TLS and IPSec. 11 12 4.1.11.1 Authenticated Key Agreement and Authorization 13 14 15 The network and the mobile terminal shall perform a mutual entity authentication and session key agreement protocol. After authentication of the mobile terminal the network shall perform authorization before providing service. 16 4.1.11.2 Privacy and Integrity Methods 17 18 19 20 A method that will provide message integrity across the air interface to protect user data traffic and signaling messages from unauthorized modification shall be provided. It shall be possible to operate the 802.20 MAC and PHY with any of the following combinations of privacy and integrity: 21 encryption and message integrity; 22 encryption and no message integrity; 23 message integrity and no encryption; 24 no message integrity and no encryption. 25 26 Encryption across the air interface to protect user data traffic and signaling messages, from unauthorized disclosure shall be supported. 27 4.1.11.3 User Anonymity 28 29 The system shall provide protection from unauthorized disclosure of the permanent identity to eavesdroppers. 30 4.1.11.4 Denial of Service Attacks 31 32 It shall be possible to provide protection against Denial of Service (DOS) attacks wherever possible. device 3 {May 17, 2004} IEEE P802.20-PD<number>/V<13> 1 4.1.11.5 Security Algorithm 2 AES shall be the mandatory and the default underlying algorithm for encryption. 3 4 All underlying cryptographic algorithms shall be publicly available on a fair and nondiscriminatory basis. 5 6 National or international standards bodies shall have approved the underlying cryptographic algorithms. 7 8 The underlying cryptographic algorithms shall have been extensively analysed by the cryptographic community to resist all currently known attacks. 9 4