Security Support for Multi-cast Traffic in M2M communication

advertisement
Security Support for Multi-cast Traffic in M2M communication
Document Number:
IEEE C802.16p-10/0032
Date Submitted:
2011-03-07
Source:
Inuk Jung, Kiseon Ryu, JinSam Kwak
LG Electronics
Re:
Email: inuk.jung@lge.com
Call for contributions for the IEEE 802.16p Amendment working document
Venue:
IEEE Session #72
Base Contribution: IEEE 802.16p-10/0018
Purpose:
To be discussed and adopted by TGp.
Notice:
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in
the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
Release:
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an
IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s
sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.16.
Patent Policy:
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.
Overview of Grouping in M2M

Assumptions



A number of devices are grouped by some criteria
Devices share a common M2M Group ID (MGID)
To join a group, a device first must be network authorized


Problem Statement



Implies retrieval of MSK/PMK and successful authentication of TEK/CMAC
If all devices are applying their local security suites for group data transmission,
much burden will be passed to the BS since it has to encode multicast data with
security suites of each device. Furthermore, such data is not multicast but unicast.
However, security appliance cannot be abstracted for multicast data transmission
since they may convey group configuration information, which may be critical to the
deployed system, especially for M2M environments
Objective


Like a Group ID, a common group security key can help the BS and devices to
encode/decode multicast data efficiently.
This requires
1.
2.
3.
a new Key hierarchy for generating Group Key related security parameters
Group Key update procedure
Group Key version indication method
Enhanced Multi-cast Security compared to 16e

Possible factors for enhancement of 16e Multi-cast security




In general, the security of 16m is an enhancement to 16e



Unencrypted PKM message
Complicated Key Hierarchy
PUSH based key update for key management
Key management is done locally (i.e. using key count for local update
generation: local key derivation)
However, there is no security mechanism for Multi-cast transmission in
16m
Hence, an enhancement to the Multi-cast security mechanism
is required, which should be based on 16m security, with
consideration of 16e’s Multi-cast security feature (i.e.
simplifying key hierarchy, enhanced key management, secured
key exchange procedure)
Group Key Generation by BS

BS acquires (i.e. from M2M server) or locally generates Group Master Key
(GMK)



For cell specific Group Security management, the BS may locally generate the
GMK
For cell common Group Security management, the BS may request the GMK
from the M2M server
From the GMK, the BS derives the GTEK (Group TEK) by the following
function:




GTEK = Dot16KDF(GMK, MGID, GTEK_COUNT | “GTEK”, ‘N’)
Here, GTEK_COUNT indicates the version of the currently used GTEK, which the devices
should apply to derive the GTEK. The update of the GTEK depends on the GTEK_COUNT
Here, MGID is the M2M Group ID the AMS and GMK is associated with
GTEK_COUNT Indication methods of GTEK

The 2 LSB of GTEK_COUNT is the EKS (Encryption Key Sequence), which serves as
indication of current GTEK version
Group Key Hierarchy

GMK derived by BS through local generation or request to M2M servers
Acquired from M2M
server or locally
generated by BS
Update seeds for GTEK
Group Key Acquisition by device

Device’s Group Key Acquisition




A device first performs network entry at BS
Device performs security key exchange, which for now follows IEEE802.16m
security key procedure.
After device is authorized & authenticated it performs group join procedure
If device is accepted to join a group, BS informs the device about the groups
MGID and its related Group security keys. These parameters are delivered
using specific encrypted MAC management message. The following parameters
may be included,




MGID (M2M Multi-cast Group ID)
GMK
GTEK_COUNT
For any group related data transmission, the device will use the Group
security keys.


This will require further concepts such as Group SAID mapping
For example, combination of device specific security with Group security
application
Group Key Acquisition Signaling Procedure

BS locally generates GMK or acquires from M2M server
Group Key Update based on GTEK_COUNT

When does GTEK need an update?




Where is the update initiated?


Exhaustion of PN space
Expiry of GTEK/GMK lifetime
Mismatch detection of EKS or GTEK_COUNT
GTEK update is initiated by BS ONLY
How is the update performed?


If GMK still valid, the GTEK_COUNT should be incremented to update the GTEK
Hence, in case of an update, the BS multicasts the incremented GTEK_COUNT
value to its group

There are several methods of informing an update of GTEK
1.
2.
3.
4.

Update for connected (active), devices using MAC message
Update for Idle mode devices, using Paging Advertisement message
Implicit update via data payload, using MAC PDU‘s EKS value and GTEK update using locally
incremented GTEK_COUNT
Implicit update via data payload, using MAC PDU‘s EKS value, with explicit request of
GTEK_COUNT to BS
Each device, updates their TEK values using the GTEK_COUNT

Each device should respond with an ACK checking the correct security appliance by the
newly generated CMAC value
Text Proposal (1) – Key Derivation
Insert the following texts and figure in 16p amendment document :
--------------------------- Text Start -------------------------- 16.2.5 AAI Security
 …
 16.2.5.5 Security Support for Multi-cast Traffic
Security for Multi-cast traffic provides encryption and integrity protection of such
data information for secure group informing and management. A common security
key is used by devices within a group.

16.2.5.5.1 Key Derivation
The key hierarchy defines what keys are present in the system for Multi-cast
traffic and how keys are generated. The BS may derive the Group Master Key (GMK)
from the M2M authentication server or generate it locally. The group traffic encryption
key (GTEK) is derived directly from the GMK.
Text Proposal (2) – Key Derivation

16.2.5.5.1.1 GTEK Derivation
The GTEK is the transport encryption key used to encrypt Multi-cast data
The GTEK (Group Traffic Encryption Key) is derived based on the GMK (Group Master
Key). The GMK is provided by the ABS during the network entry through the AAIREG-RSP message, which also includes GTEK_COUNT and MGID.
The GTEK derivation is done:
GTEKi = Dot16KDF (GMK, MGID, GTEK_COUNT | ”GTEK”, 128),
Where:
 GMK is the Group Master Key.
 GTEK_COUNT is a counter used to derive different GTEKs for the same GMK,
the value of the counter is changed every time a new GTEK need to be derived
within the time the same GMK is valid.
 MGID is the identifier of the group, which the AMS and GMK is associated with
Text Proposal (3) – Key Hierarchy

16.2.5.5.2 Key Hierarchy
Figure N outlines the process to calculate the GTEK based on a GMK
provided by the ABS.
Text Proposal (4) – Key Usage/Update


16.2.5.5.3 Key Usage
16.2.5.5.3.1 GTEK Usage
The GTEK is used for encrypting DL multi-cast data by the ABS, which is also used for
decrypting such DL multi-cast data by the AMS.
Each GTEK has its own PN counter size of 22bits.

16.2.5.5.3.1 GTEK Update
The GTEK update is triggered whenever GTEK is running out the relevant PN space.

16.2.5.5.3.2 Key Update during Location Update
The AMS shall include its current GTEK_COUNT in the AAI_RNG_REQ message during
location update to the ABS. If ABS detects that the AMS has an old GTEK_COUNT, the
ABS shall include the current GTEK_COUNT of the GMK in the AAI_RNG_RSP message
and send it to the AMS. Otherwise, no GTEK update will be performed.

16.2.5.5.3.3 Key Update during Handover
During handover, the serving ABS shall include the new GTEK information via AAIHO-MCD message, if the MGID of the AMS changes. If the MGID does not change for
AMS, the serving ABS shall indicate that no change of GTEK is required.
--------------------------- Text End ---------------------------
Download