C80216m_09/1065r2 Project IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16> Title Proposed AWD Text for AMS Privacy Date Submitted 2009-04-27 Source(s) GeneBeck Hahn, KiSeon Ryu and Ronny YongHo Kim Voice: +82-31-450-7188 E-mail: gbhan@lge.com, ksryu@lge.com and ronnykim@lge.com LG Electronic Inc. LG R&D Complex, 533 Hogye-1dong, Dongan-gu, Anyang, 431-749, Korea Re: IEEE 802.16m-09/xxx. ”Call for Comments and Contributions on Project 802.16m Amendment Working Document” Target topic "AMS Privacy" Abstract This contribution proposes the texts for AMS privacy section to be included in the 802.16m amendment. Purpose To be discussed and adopted by TGm for the IEEE 802.16m amendment Notice Release Patent Policy This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16. The contributor is familiar with the IEEE-SA Patent Policy and Procedures: <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>. Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat>. Proposed AWD Text for AMS Privacy Gene Beck Hahn, Ki Seon Ryu and Ronny Yong Ho Kim LG Electronics 1 C80216m_09/1065r2 1. Introduction This contribution proposes the amendment text to illustrate the 802.16m AMS privacy and is intended as the section to be included in 802.16m amendment. The proposed text is developed so that it can be combined with 802.16 Rev2/D9 [1], it is compliant to 802.16m SRD [2] and 802.16m SDD [3]. This contribution follows the tentative outline and style guide in [4]. The text proposal is based on the current 802.16m SDD [3]. In Section 2, the main changes with regard to 802.16m SDD are outlined, which is aimed at helping the understanding of the amendment text. 2. Modification from the SDD and Key Descriptions The text proposed in this contribution is based on Subclause 10.6.6 in 802.16m SDD. The modifications to the current SDD text are summarized below: Updated the detailed procedure for AMS privacy support. Subclause 10.6.6 of 802.16m SDD [3] defined high level view of AMS privacy. We added the detailed descriptions on the initial ranging procedures with location privacy support. 3. References [1] IEEE P802.16 Rev2 / D9, “Draft IEEE Standard for Local and Metropolitan Area Networks: Air Interface for Broadband Wireless Access,” [2] IEEE 802.16m-07/002r7, “802.16m System Requirements Document (SRD)” [3] IEEE 802.16m-08/003r7, “The Draft IEEE 802.16m System Description Document” [4] IEEE 802.16m-08/043, “Style guide for writing the IEEE 802.16m amendment” [5] IEEE 802.16m-08/050, “IEEE 802.16m Amendment Working Document” 4. Text Proposal for AMS Privacy Section of 802.16m Amendment ============================= Start of Proposed Text ============================= 15.2.3.6 AMS Privacy The AMS privacy support is the process of protecting the mapping of AMS MAC address and station ID so that an intruder cannot obtain the mapping between AMS MAC address and Station ID, based on which perform specific attacks to that user by monitoring the ranging procedure. In order to protect the mapping between STID and AMS MAC address, two types of STIDs are assigned to the AMS during network entry - Temporary STID 2 C80216m_09/1065r2 (TSTID) and (normal) STID. A TSTID is assigned during initial ranging process, and is used until the STID is allocated. The STID is then assigned during registration process after the successful authentication/authorization process, and is encrypted during transmission. The TSTID is released after STID is assigned. The STID is used for all the remaining transactions. The detailed ranging procedures are described as follows: The AMS shall send CDMA code at the power level measured at the antenna connector. If the AMS does not receive response, the AMS sends new CMDA code at the next suitable initial ranging transmission opportunity and adjust its power level. If the AMS receives RNG-RSP containing parameters of the code it has sent and the status Continue, it shall consider the transmission attempt unsuccessful but implement corrections specified in the RNG-RSP and issue another CDMA code after random selection of one Ranging Slot in a single frame. In case the AMS receives a UL-MAP containing CDMA Allocation IE with the parameters of the code it has sent, it shall consider the RNG-RSP reception successful, and proceed to send a unicast RNG-REQ on the allocated bandwidth. The AMS sends RNG-REQ to identify itself to ABS. The RNG-REQ contains the AMS MAC address Once the ABS has successfully received the RNG-REQ, it shall return RNG-RSP containing information on TSTID (instead of STID), RF power level/offset frequency adjustments as well as any timing offset corrections. At this point, the ABS shall start using invited initial ranging intervals addressed to the corresponding AMS’s TSTTID to complete the ranging process, unless the status of RNG-RSP is success, in which case initial ranging procedure shall end. If the status of RNG-RSP is continue, the AMS shall wait for an individual initial ranging interval assigned to its TSTID. Using this interval, the AMS shall send another RNG-REQ using the TSTID along with any power level and timing offset corrections. The ABS returns another RNG-RSP to the AMS with any additional fine tuning required. The ranging request and response steps shall be repeated until the response contains the ranging successful notification or the ABS aborts ranging. Once successfully ranged (RNG-REQ is within the tolerance of the ABS), the AMS joins normal data traffic in the UL. On receiving the RNG-RSP instruction to move to new DL frequency, the AMS shall consider any previously assigned TSTID/STID to be de-assigned and shall obtain the new TSTID/STID via initial ranging/registration. It is possible that the RNG-RSP may be lost after transmission by the ABS. The AMS shall recover by timing out and reissuing its initial RNG-REQ. Since the AMS is uniquely identified by the AMS MAC address hash in ranging request, the ABS may immediately reuse the TSTID/STID previously assigned. If the ABS assigns the new TSTID/STID, it shall make some provision for aging out the old IDs that went unused. The ABS maintains the mapping of MAC address hash, TSTID and STID. After being assigned, the TSTID is used for subsequent network entry procedures until STID is allocated. The STID is assigned after authentication process, and the assignment message (REG-RSP) shall be encrypted. The TSTID is released immediately after the STID is assigned. The STID is then used for all remaining transactions. Figure 4 shows the overall network entry procedures. 3 C80216m_09/1065r2 AMS ABS AMS DL Synchronization Reserved Station ID for Initial Network Entry RNG-REQ (AMS MAC Address) RNG-RSP (TSTID) MAP (TSTID) Pre-authentication Capabilities Negotiation Temporary Station ID AMS Authentication/Authorization Phase Key Agreement REG-REQ REG-RSP (STID) Station ID Initial Service Flow Establishment (STID) Figure 4: Network Entry Procedure to Support AMS Location Privacy in IEEE 802.16m ============================= End of Proposed Text ============================= 4