C80216m_09/xxx
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Proposed AWD Text for AMS Privacy
Date
Submitted
2009-04-27
Source(s)
GeneBeck Hahn, KiSeon Ryu and Ronny
YongHo Kim
Voice: +82-31-450-7188
E-mail: gbhan@lge.com, ksryu@lge.com and
ronnykim@lge.com
LG Electronic Inc.
LG R&D Complex, 533 Hogye-1dong,
Dongan-gu, Anyang, 431-749, Korea
Re:
IEEE 802.16m-09/xxx. ”Call for Comments and Contributions on Project 802.16m Amendment
Working Document”
Target topic "AMS Privacy"
Abstract
This contribution proposes the texts for AMS privacy section to be included in the 802.16m
amendment.
Purpose
To be discussed and adopted by TGm for the IEEE 802.16m amendment
Notice
Release
Patent
Policy
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for
discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole
discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The
contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
AMS Privacy
Gene Beck Hahn, Ki Seon Ryu and Ronny Yong Ho Kim
LG Electronics
1
C80216m_09/xxx
1. Introduction
This contribution proposes the amendment text to illustrate the 802.16m AMS privacy and is intended as the
section to be included in 802.16m amendment. The proposed text is developed so that it can be combined with
802.16 Rev2/D9 [1], it is compliant to 802.16m SRD [2] and 802.16m SDD [3]. This contribution follows the
tentative outline and style guide in [4]. The text proposal is based on the current 802.16m SDD [3]. In Section 2,
the main changes with regard to 802.16m SDD are outlined, which is aimed at helping the understanding of the
amendment text.
2. Modification from the SDD and Key Descriptions
The text proposed in this contribution is based on Subclause 10.6.6 in 802.16m SDD. The modifications to
the current SDD text are summarized below:

Updated the detailed procedure for AMS privacy support.
Subclause 10.6.6 of 802.16m SDD [3] defined high level view of AMS privacy. We added the detailed
descriptions on the initial ranging procedures with location privacy support. Also, we describe the new
feature of 16m ABS broadcasting the level of location privacy support.
3. References
[1] IEEE P802.16 Rev2 / D9, “Draft IEEE Standard for Local and Metropolitan Area Networks: Air Interface
for Broadband Wireless Access,”
[2] IEEE 802.16m-07/002r7, “802.16m System Requirements Document (SRD)”
[3] IEEE 802.16m-08/003r7, “The Draft IEEE 802.16m System Description Document”
[4] IEEE 802.16m-08/043, “Style guide for writing the IEEE 802.16m amendment”
[5] IEEE 802.16m-08/050, “IEEE 802.16m Amendment Working Document”
4. Text Proposal for AMS Privacy Section of 802.16m Amendment
============================= Start of Proposed Text =============================
15.2.3.6 AMS Privacy
The AMS privacy support is the process of protecting the mapping of AMS MAC address and station ID so
that an intruder cannot obtain the mapping between AMS MAC address and Station ID, based on which perform
specific attacks to that user by monitoring the ranging procedure. In order to protect the mapping between STID
2
C80216m_09/xxx
and AMS MAC address, two types of STIDs are assigned to the AMS during network entry - Temporary STID
(TSTID) and (normal) STID. A TSTID is assigned during initial ranging process, and is used until the STID is
allocated. The STID is then assigned during registration process after the successful authentication/authorization
process, and is encrypted during transmission. The TSTID is released after STID is assigned. The STID is used
for all the remaining transactions.
The detailed ranging procedures are described as follows:
The AMS shall send CDMA code at the power level measured at the antenna connector. If the AMS does not
receive response, the AMS sends new CMDA code at the next suitable initial ranging transmission opportunity
and adjust its power level. If the AMS receives RNG-RSP containing parameters of the code it has sent and the
status Continue, it shall consider the transmission attempt unsuccessful but implement corrections specified in
the RNG-RSP and issue another CDMA code after random selection of one Ranging Slot in a single frame. In
case the AMS receives a UL-MAP containing CDMA Allocation IE with the parameters of the code it has sent,
it shall consider the RNG-RSP reception successful, and proceed to send a unicast RNG-REQ on the allocated
bandwidth.
The AMS sends RNG-REQ to identify itself to ABS. The RNG-REQ contains the AMS MAC address
Once the ABS has successfully received the RNG-REQ, it shall return RNG-RSP containing information on
TSTID (instead of STID), RF power level/offset frequency adjustments as well as any timing offset corrections.
At this point, the ABS shall start using invited initial ranging intervals addressed to the corresponding AMS’s
TSTTID to complete the ranging process, unless the status of RNG-RSP is success, in which case initial ranging
procedure shall end.
If the status of RNG-RSP is continue, the AMS shall wait for an individual initial ranging interval assigned to
its TSTID. Using this interval, the AMS shall send another RNG-REQ using the TSTID along with any power
level and timing offset corrections.
The ABS returns another RNG-RSP to the AMS with any additional fine tuning required. The ranging request
and response steps shall be repeated until the response contains the ranging successful notification or the ABS
aborts ranging. Once successfully ranged (RNG-REQ is within the tolerance of the ABS), the AMS joins normal
data traffic in the UL.
On receiving the RNG-RSP instruction to move to new DL frequency, the AMS shall consider any previously
assigned TSTID/STID to be de-assigned and shall obtain the new TSTID/STID via initial ranging/registration.
It is possible that the RNG-RSP may be lost after transmission by the ABS. The AMS shall recover by timing
out and reissuing its initial RNG-REQ. Since the AMS is uniquely identified by the AMS MAC address hash in
ranging request, the ABS may immediately reuse the TSTID/STID previously assigned. If the ABS assigns the
new TSTID/STID, it shall make some provision for aging out the old IDs that went unused.
The ABS maintains the mapping of MAC address hash, TSTID and STID. After being assigned, the TSTID is
used for subsequent network entry procedures until STID is allocated. The STID is assigned after authentication
process, and the assignment message (REG-RSP) shall be encrypted. The TSTID is released immediately after
the STID is assigned. The STID is then used for all remaining transactions.
Figure 4 shows the overall network entry procedures.
3
C80216m_09/xxx
AMS
ABS
AMS DL Synchronization
Reserved Station ID for
Initial Network Entry
RNG-REQ (AMS MAC Address)
RNG-RSP (TSTID)
MAP (TSTID)
Pre-authentication Capabilities Negotiation
Temporary Station ID
AMS Authentication/Authorization Phase
Key Agreement
REG-REQ
REG-RSP (STID)
Station ID
Initial Service Flow Establishment (STID)
Figure 4: Network Entry Procedure to Support AMS Location Privacy in IEEE 802.16m
============================= End of Proposed Text =============================
4