Security Support for Multi-cast Traffic in M2M communication

advertisement
Security Support for Multi-cast Traffic in M2M communication
Document Number:
IEEE C802.16p-10/0022
Date Submitted:
2010-12-30
Source:
Inuk Jung, Kiseon Ryu, JinSam Kwak
LG Electronics
Re:
Email: inuk.jung@lge.com
802.16p amendment texts
Venue:
IEEE Session #71
Base Contribution: IEEE 802.16ppc-10/0004r1
Purpose:
To be discussed and adopted by TGp.
Notice:
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in
the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
Release:
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an
IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s
sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.16.
Patent Policy:
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.
Overview of Group Management in M2M

Assumptions



A number of devices are grouped by some criteria
Devices share a common Group ID (GID)
To join a group, a device first must be network authorized


Motivation





Implies retrieval of MSK/PMK and successful authentication of TEK/CMAC
In M2M environments, a deployment of massive devices is controlled most efficiently in
group based manner.
Such efficient management is achieved by simplified control over a large number of
devices, which is based on Multi-cast transmission.
In aspect if communication contents, such group controlled communication can consist of
trivial and/or confidential data (i.e. Group device control, firmware upgrade, scheduling
configuration control data etc).
Hence, security appliance cannot be abstracted away for multicast data transmission for
Multi-cast transmission, especially for M2M deployments.
Objective


Like a Group ID, a common group security key can help the BS and devices to
encrypt/decrypt multicast data efficiently.
This requires
1.
2.
a new Key hierarchy and Key derivation method for Group Key related security parameters
Group Key update procedure
Enhanced Multi-cast Security compared to 16e

Possible factors for enhancement of 16e Multi-cast security




In general, the security of 16m is an enhancement to 16e



Unencrypted PKM message
Complicated Key Hierarchy
PUSH based key update for key management
Key management is done locally (i.e. using key count for local update
generation: local key derivation)
However, there is no security mechanism for Multi-cast transmission in
16m
Hence, an enhancement to the Multi-cast security mechanism
is required, which should be based on 16m security, with
consideration of 16e’s Multi-cast security feature (i.e.
simplifying key hierarchy, enhanced key management, secured
key exchange procedure)
Conceptual Key hierarchy (GMK/GTEK)

2-level key hierarchy
Text Proposal
Insert the following texts and figure in 16p amendment document:
 16.2.29 MAC Support of M2M
 16.2.29.n Security

16.2.29.n.1 Group Security for Multi-cast Traffic
Security for Multi-cast traffic provides confidentiality (i.e. encryption) and integrity
protection of such data information for secure group informing and management. A
common security key is used by devices within a group.

16.2.29.n.1.1 Key Derivation
The key hierarchy defines what keys are present in the system for Multi-cast
traffic and how keys are generated. The BS may derive the Group Master Key (GMK)
by local generation. The group traffic encryption key (GTEK) is derived directly from
the GMK, which is used for encryption/decryption of Multi-cast traffic.







16.2.29.n.1.1.1 GMK Derivation
16.2.29.n.1.1.2 GTEK Derivation
16.2.29.n.1.2 Key Hierarchy
16.2.29.n.1.3 Key Agreement
16.2.29.n.1.4 Key Usage
16.2.29.n.1.4.1 GTEK Usage
16.2.29.n.1.4.1 GTEK Update
Download