Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0022 Date Submitted: 2010-12-30 Source: Inuk Jung, Kiseon Ryu, JinSam Kwak LG Electronics Re: Email: inuk.jung@lge.com 802.16p amendment texts Venue: IEEE Session #71 Base Contribution: IEEE 802.16ppc-10/0004r1 Purpose: To be discussed and adopted by TGp. Notice: This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16. Patent Policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>. Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >. Overview of Group Management in M2M Assumptions A number of devices are grouped by some criteria Devices share a common Group ID (GID) To join a group, a device first must be network authorized Motivation Implies retrieval of MSK/PMK and successful authentication of TEK/CMAC In M2M environments, a deployment of massive devices is controlled most efficiently in group based manner. Such efficient management is achieved by simplified control over a large number of devices, which is based on Multi-cast transmission. In aspect if communication contents, such group controlled communication can consist of trivial and/or confidential data (i.e. Group device control, firmware upgrade, scheduling configuration control data etc). Hence, security appliance cannot be abstracted away for multicast data transmission for Multi-cast transmission, especially for M2M deployments. Objective Like a Group ID, a common group security key can help the BS and devices to encrypt/decrypt multicast data efficiently. This requires 1. 2. a new Key hierarchy and Key derivation method for Group Key related security parameters Group Key update procedure Enhanced Multi-cast Security compared to 16e Possible factors for enhancement of 16e Multi-cast security In general, the security of 16m is an enhancement to 16e Unencrypted PKM message Complicated Key Hierarchy PUSH based key update for key management Key management is done locally (i.e. using key count for local update generation: local key derivation) However, there is no security mechanism for Multi-cast transmission in 16m Hence, an enhancement to the Multi-cast security mechanism is required, which should be based on 16m security, with consideration of 16e’s Multi-cast security feature (i.e. simplifying key hierarchy, enhanced key management, secured key exchange procedure) Conceptual Key hierarchy (GMK/GTEK) 2-level key hierarchy Text Proposal Insert the following texts and figure in 16p amendment document: 16.2.29 MAC Support of M2M 16.2.29.n Security 16.2.29.n.1 Group Security for Multi-cast Traffic Security for Multi-cast traffic provides confidentiality (i.e. encryption) and integrity protection of such data information for secure group informing and management. A common security key is used by devices within a group. 16.2.29.n.1.1 Key Derivation The key hierarchy defines what keys are present in the system for Multi-cast traffic and how keys are generated. The BS may derive the Group Master Key (GMK) by local generation. The group traffic encryption key (GTEK) is derived directly from the GMK, which is used for encryption/decryption of Multi-cast traffic. 16.2.29.n.1.1.1 GMK Derivation 16.2.29.n.1.1.2 GTEK Derivation 16.2.29.n.1.2 Key Hierarchy 16.2.29.n.1.3 Key Agreement 16.2.29.n.1.4 Key Usage 16.2.29.n.1.4.1 GTEK Usage 16.2.29.n.1.4.1 GTEK Update