2004-07-14
Project
IEEE C802.20-04/65
IEEE 802.20 Working Group on Mobile Broadband Wireless Access
<http://grouper.ieee.org/groups/802/20/>
Title
Functional Requirements for 802.20 Security
Date
Submitted
2004-06-28
Source(s)
Sarvar Patel
67 Whippany Road,
Whippany, NJ 07981
Re:
MBWA Call for Contributions: Session # 9 - July 12-16, 2004
Abstract
This document discusses security issues related to 802.20 requirements.
Purpose
Address 802.20 security.
Notice
Release
Patent
Policy
Voice: 973-386-6558
Email: sarvar@lucent.com
This document has been prepared to assist the IEEE 802.20 Working Group. It is offered as a basis
for discussion and is not binding on the contributing individual(s) or organization(s). The material in
this document is subject to change in form and content after further study. The contributor(s)
reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this
contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to
copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of
this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part
the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.20.
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA
Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in
Understanding
Patent
Issues
During
IEEE
Standards
Development
<http://standards.ieee.org/board/pat/guide.html>.
{INSERT DATE}
P<designation>D<number>
IEEE P 802.20™ V13
Date: May 17, 2004
Draft 802.20 Permanent Document
<802.20 Requirements Document – Ver. 13>
This document is a Draft Permanent Document of IEEE Working Group 802.20. Permanent Documents
(PD) are used in facilitating the work of the WG and contain information that provides guidance for the
development of 802.20 standards. This document is work in progress and is subject to change.
2
{May 17, 2004}
IEEE P802.20-PD<number>/V<13>
1
2
3
4.1.11 Link Layer
Security
4
5
6
7
8
9
10
Link layer security in MBWA systems shall protect the service provider from theft of
service and protect the user from network impersonation. It shall provide privacy
protection of the data sent over the air interface and also provide data integrity consistent
with the best current commercial practice. The 802.20 standard shall minimize the risk of
denial of service attacks wherever possible. 802.20 security provides only link layer
protection and may be complemented by end-to-end security protocols operating at
higher layers such as SSL/TLS and IPSec.
11
12
4.1.11.1 Authenticated Key Agreement and Authorization
13
14
15
The network and the mobile terminal shall perform a mutual entity authentication and
session key agreement protocol. After authentication of the mobile terminal the network
shall perform authorization before providing service.
16
4.1.11.2 Privacy and Integrity Methods
17
18
19
20
A method that will provide message integrity across the air interface to protect user data
traffic and signaling messages from unauthorized modification shall be provided. It shall
be possible to operate the 802.20 MAC and PHY with any of the following combinations
of privacy and integrity:
21

encryption and message integrity;
22

encryption and no message integrity;
23

message integrity and no encryption;
24

no message integrity and no encryption.
25
26
Encryption across the air interface to protect user data traffic and signaling messages,
from unauthorized disclosure shall be supported.
27
4.1.11.3 User Anonymity
28
29
The system shall provide protection from unauthorized disclosure of the
permanent identity to eavesdroppers.
30
4.1.11.4 Denial of Service Attacks
31
32
It shall be possible to provide protection against Denial of Service (DOS) attacks
wherever possible.
device
3
{May 17, 2004}
IEEE P802.20-PD<number>/V<13>
1
4.1.11.5 Security Algorithm
2
AES shall be the mandatory and the default underlying algorithm for encryption.
3
4
All underlying cryptographic algorithms shall be publicly available on a fair and nondiscriminatory basis.
5
6
National or international standards bodies shall have approved the underlying
cryptographic algorithms.
7
8
The underlying cryptographic algorithms shall have been extensively analysed by the
cryptographic community to resist all currently known attacks.
9
4