IEEE C80216m-09/0397 Project Title Date

advertisement
IEEE C80216m-09/0397
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Management Message Protection in 802.16m
Date
Submitted
2009-2-27
Source(s)
Chengyan Feng
ZTE Corporation
Email: feng.chengyan@zte.com.cn
*<http://standards.ieee.org/faqs/affiliationFAQ.html>
Re:
TGm SDD: 10.6.5.2.1 Management Message Protection
Abstract
Propose management message protection to support the selective confidentiality protection over
MAC management messages.
Purpose
For discussion and adoption in 802.16m SDD
Notice
Release
Patent
Policy
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for
discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole
discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The
contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
IEEE C80216m-09/0397
Management Message Protection in 802.16m
Chengyan Feng
ZTE Corporation
1. Introduction
IEEE 802.16m supports the selective confidentiality protection over MAC management messages. Through
capability negotiation, AMS and ABS know whether the selective confidentiality protection is applied or not.
If the selective confidentiality protection is activated, the negotiated keying materials and cipher suites are
used to encrypt the management messages. And three levels of selective confidentiality protection over
management messages in SDD have been defined. They are NO Protection, CMAC based integrity
protection and AES-CCM based authenticated encryption.
Which key is used to encrypt management messages is not clear in SDD. If we use TEK, it seems that there
are some problems.
First of all, only after TEK is derived (eg. during Key-Agreement procedure), the management messages can
be encrypted by TEK. So the messages during Key-Agreement procedure can’t be encrypted. But some
important parameters are negotiated during this process, such as SA-Descriptor, Security Negotiation
parameters, which need to be encryted better.
And then if TEK update is delayed because of some error, it will cause communication between AMS and
ABS interrupted. For example, if new TEK isn’t updated timely when old TEK has been expired or PN has
reached its range, how does the network do? Because both the management messages and transport data are
encrypted by TEK, TEK update can’t be executed in this situation. While if management messages and
transport data are encrypted by different keys, this problem can’t occur. Only traffic transmission is effected,
but management messages (eg. TEK update messages) can still be transmitted. So the transport
communications can be halted until new TEKs are installed.
Based on the reasons above, we propose that management messages and transport data should be encrypted
by different keys. And this also accommodates the trend that control plane and user plane develop
independently. Moreover, no matter CMAC based integrity protection is required or AES-CCM based
authenticated encryption is required, we can use the same key to protect management messages, which can
reduce the overheads of the network.
In SDD, CMAC Keys are defined to protect integrity of management messages, which are CMAC_KEY_U
and CMAC_KEY_D in 802.16-2005. We can extend these keys’ function to both authenticate and encrypt
the messages.
IEEE C80216m-09/0397
2. Solution
In this section, we propose a method to support the selective confidentiality protection over MAC
management messages. We use CMAC keys to protect management messages no matter CMAC based
integrity protection is required or AES-CCM based authenticated encryption is required. Maybe we can call
the CMAC keys Message Encryption Key(MEK) better.
During SBC procedure, AMS and ABS negotiate the management message protection policy: NO Protection,
CMAC based integrity protection or AES-CCM based authenticated encryption.
When NO Protection is selected, the management messages are neither encrypted nor authenticated.
When CMAC based integrity protection or AES-CCM based authenticated encryption is selected, AMS and
ABS use MEK to protect the management messages. When only CMAC is required, MEK is used as the
CMAC key to protect integrity of the messages. And after the successful initial authentication, MEK can be
used to authenticate the Key Agreement messages. When authenticated encryption is required, MEK is used
as the encryption and authentication key based on AES CCM mode. And after the successful initial
authentication, MEK can be used to encrypt and authenticate the Key Agreement messages.
MEK is derived locally by using the AK, the KEY_COUNT, BSID and SAID of SA concerned with control
plane/management signaling, as well as other identity parameters. MEK is divided into MEK_U and
MEK_D. And MEK_U is used to protect UL management messages, while MEK_D is used to protect DL
management messages.
IEEE C80216m-09/0397
AMS
ABS
RNG-REQ/RSP
SBC-REQ/RSP
(management message protection policy)
Authentication
AK generation
AK generation
MEK generation
MEK generation
Key Agreement (Protected)
REG-REQ/RSP (Protected)
Figure 1 Management Message Protection
3. Text Proposal
============================== Start of Proposed Text ===============
10.6.3.1 Key Derivation
All IEEE 802.16m security keys are either derived directly / indirectly from the MSK or generated randomly
by the ABS.
The Pairwise Master Key (PMK) is derived from the MSK and then this PMK is used to derive the
Authorization Key (AK).
Some security keys are respectively derived and updated by both the ABS and the AMS.
The Authorization Key (AK) is used to derive other keys:
• Key Encryption Key (KEK)
• Transmission Encryption Key (TEK)
• Management Message Encryption Key(MEK)
IEEE C80216m-09/0397
After completing (re)authentication process and obtaining an AK, key agreement is performed to verify the
newly created AK and exchange other required security parameters.
KEK derivation follows procedures as defined in the WirelessMAN-OFDMA Reference system..
TEK is derived at AMS and ABS by feeding identity parameters into a key derivation function. Parameters
such as AK, Security Association ID (SAID), NONCE, KEY_COUNT, BSID, AMS MAC address can be
used.
NONCE is generated by ABS and distributed to AMS. If more than one TEK is to be created for an SA,
separate KEY_COUNTs are maintained for each TEK.
The MEK is derived locally by using the AK, the KEY_COUNT and SAID of SA concerned with control
plane/management signaling, as well as other identity parameters.
TEK(s) and MEK(s) are derived in the following situations:
•
•
•
•
Initial authentication
Re-authentication
Key update procedure for unicast connection.
Network re-entry to new ABS.
In the last two cases, KEY_COUNT value is incremented prior derivation.
10.6.5.2 Control Plane Signaling Protection
10.6.5.2.1 Management Message Protection
IEEE 802.16m supports the selective confidentiality protection over MAC management messages. Through
capability negotiation, AMS and ABS negotiate the management message protection policy: NO Protection,
CMAC based integrity protection and AES-CCM based authenticated encryption. When only CMAC is
required, MEK is used as the CMAC key to protect integrity of the messages.When AES-CCM based
authenticated encryption is selected, AMS and ABS use MEK to encryt and authenticate the management
messages. How to contain information required for selective confidentiality support is FFS.
============================== End of Proposed Text ===============
Download