Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Network-aided and Autonomous Secure Direct Communications in wireless access network Document Number:

advertisement 
Network-aided and Autonomous Secure Direct Communications in wireless
access network
Document Number:
IEEE C802.16n-10/0009r1
Date Submitted:
2011-03-06
Source:
Joseph Chee Ming Teo, Jaya Shankar, Yeow Wai Leong, Hoang Anh Tuan,
Wang Haiguang, Zheng Shoukang, Mar Choon Hock
E-mail: cmteo@i2r.a-star.edu.sg
Institute for Infocomm Research
1 Fusionopolis Way, #21-01, Connexis (South Tower)
Singapore 138632
*<http://standards.ieee.org/faqs/affiliationFAQ.html>
Re:
Call for contributions for 802.16n AWD
Base Contribution:
N/A
Purpose:
To be discussed and adopted by TG802.16n
Notice:
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field
above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein.
Copyright Policy:
The contributor is familiar with the IEEE-SA Copyright Policy <http://standards.ieee.org/IPR/copyrightpolicy.html>.
Patent Policy:
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.
Introduction

802.16n SRD specifies requirement for HR Network


One requirement is for mobile stations (HR-MSs) to
communicate directly with each other in the event of
network failure
Use case scenario

Public Protection and Disaster Relief (PPDR)




HR-MS to HR-MS direct communications is necessary as the
backbone network may be destroyed
Rescue teams (e.g. firemen and police officers) would have to
communicate directly with each other without backbone networks
Current 802.16 standards does not support this use case.
Security procedures for authentication and key
exchange in 802.16n are necessary


To ensure that an attacker is not able to eavesdrop into the
direct communications and/or impersonate HR-MS in the
network
DC Security currently not specified in 802.16 standards.
Introduction

The 802.16n SRD specifies

Section 6.1.4.1 Security procedures for HR-Network


Section 6.1.4.1.1 Network aided mutual authentication of
HR-MS and data security


HR-Network shall support secure communication and session
establishment among HR-stations, and between HR-stations and
external AAA-servers.
HR-MSs shall be able to establish a security association with each
other. A security server may be used to facilitate the establishment
of security associations.
Section 6.1.4.1.2 Autonomous (limited) mutual
authentication of HR-MS and data security for direct
communication


HR-MS shall be able to mutually authenticate themselves without
access to a security server.
HR-MS shall be able to establish encrypted communication without
access to a security server.
Network aided Use Case Scenario

Suppose HR-MS1 and HR-MS2 wishes to establish a security
association with each other with the help of the network
infrastructure (i.e. security server). Figure 1 shows the
depicted scenario.
Network aided Use Case Scenario


Then HR-BS shall be involved to aid/assist HR-MS1 and HRMS2 to establish a pre-shared key denoted as DMK (Direct
Master Key) to be used for security association afterwards,
when the network is down.
In this contribution we shall present a security procedure for
HR-BS to aid HR-MS1 and HR-MS2 to establish the DMK.
Autonomous Use Case Scenario


Autonomous Mutual Authentication of HR-MS and data
security for Direct Communications
HR-MS1 and HR-MS2 wishes to mutually authenticate each
other and establish encrypted communications without
access to security server
Autonomous Use Case Scenario


HR-MS1 and HR-MS2 shall use the pre-established DMK
during network aided use case to mutually authenticate each
other and establish encrypted communications.
In this contribution, we shall present a security procedure to
perform mutual authentication and establish the security
associations for encrypted communications.

Network aided Mutual authentication of HR-MS
and data security
Flow Diagram

Network aided Mutual authentication of HR-MS
and data security
Flow Chart
Network aided Mutual authentication of HR-MS
and data security
Step 1: HR-MS1 selects nonce NHR-MS1, computes θHR-MS1 = MACCMAC1(“DC_REQ_MS”|THR-MS1| NHRMS1|HR-MS1Addr|HR-MS2Addr and sends a DC_Request_MSG#1 message to HR-BS to request for a
direct communication pre-shared key DMK to be shared with HR-MS2, where DC_Request_MSG#1 =
“DC_REQ_MS"|THR-MS1| NHR-MS1|HR-MS1Addr|HR-MS2Addr| θHR-MS1 .
Step 2: HR-BS checks THR-MS1, NHR-MS1 for message freshness and θHR-MS1 for message authentication. If the
verifications are correct, HR-BS selects NHR-BS, computes θHR-BS = MACCMAC2(“DC_REQ_BS”| THR-BS|NHRBS|HR- MS1Addr|HR-MS2Addr and sends DC_Request_MSG#2 to HR-MS2 to inform HR-MS2 of the
direct connection request from HR-MS1, where DC_Request_MSG#2 = “DC_REQ_BS”|THR-BS|NHR-BS|HRMS1Addr|HR-MS2Addr|θHR-BS.
Step 3: HR-MS2 checks THR-BS, NHR-BS for message freshness and θHR-BS for message authentication. If the
verifications are correct, HR-MS2 selects NHR-MS2, computes θHR-MS2 = MACCMAC2(“DC_REPLY_MSG”|
THR-MS2|NHR-MS2|HR-MS1Addr|HR-MS2Addr|NHR-BS and sends DC_REPLY_MSG#3 to HR-BS to inform
HR-BS of its decision to directly communication with HR-MS1, where DC_REPLY_MSG#3 =
“DC_REPLY_MSG”|THR-MS2|NHR-MS2|HR-MS1Addr|HR-MS2Addr|NHR-BS| θHR-MS2. Note that
“DC_REPLY_MSG” = “DC_REPLY_OK” if HR-MS2 agrees for direct communications with HR-MS1 and
“DC_REPLY_MSG” = “DC_REPLY_NOTOK” if HR-MS2 refuses direct communications with HR-MS1.
Network aided Mutual authentication of HR-MS
and data security
Step 4: HR-BS checks THR-MS2, NHR-MS2 for message freshness and θHR-MS2 for message authentication. If the
verifications are correct, HR-BS checks the response from HR-MS2. If “DC_REPLY_MSG” =
“DC_REPLY_NOTOK”, then the protocol stops and HR-BS selects NHR-BS', computes θHR-BS' =
MACCMAC1(“DC_REPLY_NOK_BS”|THR-BS'|NHR-BS'| NHR-MS1) and sends DC_REPLY_MSG#4 message to
HR-MS1, where DC_REPLY_MSG#4 = DC_REPLY_NOK_BS”|THR-BS'|NHR-BS'|NHR-MS1| θHR-BS'.
Otherwise, If “DC_REPLY_MSG” = “DC_REPLY_OK”, then HR-BS generates DMK, selects NHR-BS' and
encrypts EHR-MS1_KEK(DMK, key_lifetime, HR-MS1Addr, HR-MS2Addr) and computes θHR-BS' =
MACCMAC1(“DC_REPLY_OK_BS”| THR-BS'|NHR-BS'| EHR-MS1_KEK(DMK, key_lifetime, HR-MS1Addr, HRMS2Addr)|HR-MS1Addr|HR-MS2Addr| NHR-MS1) and sends DC_REPLY_MSG#5 message to HR-MS1,
where DC_REPLY_MSG#5 = “DC_REPLY_OK_BS”| THR-BS'|NHR-BS'| EHR-MS1_KEK(DMK, key_lifetime,
HR-MS1Addr, HR-MS2Addr)|HR-MS1Addr|HR-MS2Addr| NHR-MS1|θHR-BS'.
HR-BS also encrypts EHR-MS2_KEK(DMK, key_lifetime, HR-MS2Addr, HR-MS1Addr) and computes θHR-BS''
= MAC CMAC2(“DC_REPLY_OK_BS”|THR-BS''|NHR-BS|EHR-MS2_KEK(DMK, key_lifetime, HR-MS2Addr, HRMS1Addr)|HR-MS2Addr|HR-MS1Addr|NHR-MS2) and sends DC_REPLY_MSG#6 message to HR-MS2,
where DC_REPLY_MSG#6 = “DC_REPLY_OK_BS”| THR-BS''|NHR-BS|EHR-MS2_KEK(DMK, key_lifetime, HRMS2Addr, HR-MS1Addr)|HR-MS2Addr|HR-MS1Addr|NHR-MS2| θHR-BS''.
Step 5a: HR-MS1 first checks THR-BS', NHR-BS' and NHR-MS1 for freshness and θHR-BS' for message
authentication. If the verifications are correct, then HR-MS1 decrypts EHR-MS1_KEK(DMK, key_lifetime, HRMS1Addr, HR-MS2Addr) and obtains DMK and its lifetime key_lifetime.
Step 5b: HR-MS2 first checks THR-BS'', NHR-BS and NHR-MS2 for freshness and θHR-BS'' for message
authentication. If the verifications are correct, then HR-MS2 decrypts EHR-MS2_KEK(DMK, key_lifetime, HRMS2Addr, HR-MS1Addr) and obtains DMK and its lifetime key_lifetime.
Autonomous Mutual Authentication of HR-MS and
data security for Direct Communications

Flow Diagram
Autonomous Mutual Authentication of HR-MS and
data security for Direct Communications

Flow Chart
Autonomous Mutual Authentication of HR-MS and
data security for Direct Communications
Step 1: HR-MS1 selects nonce NHR-MS1 and uses the shared DMK and computes DAK = Dot16KDF ( DMK, HRMS1Addr|HR-MS2Addr| “DAK”, 160), the DCMAC = Dot16KDF(DAK, “DCMAC_KEYS”, 128) and θHR-MS1 =
MACDCMAC(N HR-MS1|DMK_Sequence_No|DAKID|Key_lifetime) and DTEK = DOT16KDF(DAK, “DTEK_KEY”,
128). Finally, HR-MS1 sends the DirectComms_KeyAgreement_MSG_#1 message to HR-MS2, where
DirectComms_KeyAgreement_MSG_#1 = NHR-MS1| DMK_Sequence_No| DAKID|Key_lifetime| θHR-MS1.
Step 2: HR-MS2 first verifies the received nonce is fresh and uses the shared DMK and computes DAK =Dot16KDF
(DMK, {HR-MS1Addr|{HR-MS2Addr|”DAK”, 160), the DCMAC = Dot16KDF(DAK, “DCMAC_KEYS”, 128),
DTEK = DOT16KDF(DAK, “DTEK_KEY”, 128) and uses DCMAC to checks θHR-MS1. If the verification is correct,
HR-MS2 selects NHR-MS2 and computes θHR-MS2 = MACDCMAC(N HR-MS1|N HRMS2|DAKID|DMK_Sequence_No|DC_Security_Parameters). Finally, HR-MS2 sends
DirectComms_KeyAgreement_MSG_#2 message to HR-MS1, where DirectComms_KeyAgreement_MSG_#2 = N
HR-MS1|N HR-MS2|DAKID|DMK_Sequence_No|DC_Security_Parameters|θHR-MS2.
Step 3: HR-MS1 receives the above message from HR-MS2 and checks the received nonces for freshness and also
checks DAKID and θ HR-MS2. If the verifications are correct, HR-MS1 computes θHR-MS1' = MACDCMAC(NHR-MS1|N HRMS2|DMK_Sequence_No|DC_SAID|DC_Security_Parameters). Finally, HR-MS1 sends
DirectComms_KeyAgreement_MSG_#3 message to HR-MS2, where DirectComms_KeyAgreement_MSG_#3 =
NHR-MS1|N HR-MS2|DMK_Sequence_No|DC_SAID|DC_Security_Parameters|θHR-MS1'.
Step 4: Upon receiving the above message, HR-MS2 checks the received nonces for freshness and θHR-MS1'. If the
verifications are correct, HR-MS2 applies the negotiated security parameters and is ready for direct communications
with HR-MS1. Otherwise, if θHR-MS1' is invalid, then HR-MS2 shall ignore the
DirectComms_KeyAgreement_MSG_#3 message.
Proposed text for IEEE802.16n AWD
[-------------------------------------------------Start of Text Proposal---------------------------------------------------]
Please refer to C80216n-11_0009r1.doc for proposed text.
[-------------------------------------------------End of Text Proposal---------------------------------------------------]
Related documents
Secure Direct Communications in wireless access network without network infrastructure Document Number:
Secure Direct Communications in wireless access network without network infrastructure Document Number:
Officer Do`s and Don`ts - NAAE Communities of Practice
Officer Do`s and Don`ts - NAAE Communities of Practice
Fitting it in to today’s busy schedule and reducing family stress.
Fitting it in to today’s busy schedule and reducing family stress.
LAB 2: CL programming
LAB 2: CL programming
Lesson Plan Tuesday 12-15
Lesson Plan Tuesday 12-15
Lab 5
Lab 5
IEEE C802.16n-11/0009r1 Project Title
IEEE C802.16n-11/0009r1 Project Title
Download
advertisement