Session #57 Security Contribution Summary

advertisement
Session #57 Security Contribution Summary
IEEE 802.16 Presentation Submission Template (Rev. 9)
Document Number: C802.16m-08/1223
Date Submitted:
2007-09-16
Source:
David Johnston, Intel Corporation
Ranga Reddy, US Army
Wei-peng Chen, Fujitsu
Voice:
E-mail:
david.johnston@ieee.org
Venue:
Kobe, September 08
Base Contribution:
Purpose:
Informational Summary of Security contributions submitted to 802.16 session #57.
Notice:
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in
the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
Release:
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an
IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s
sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.16.
Patent Policy:
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.
Security Comments
#
T/E
41
T
Doc#
542
T
9075r12
543
544
E
T
907r1
545
546
T
T
1141
966
547
548
T
T
879r1
880r1
549
550
T
T
881r1
1099r2
551
T
1087
552
553
554
T
T
T
1167
1168
1169
604
T
923
Subject
Role of security management
block
Management Frame
Protection
Location of security section in mac or on its own
Dynamic CMAC length
Authenticated HCS for
signalling headers
New encrypted PDU format
Polynomial TEK Derivation /
Distributed trust
MS ID Privacy, through Certs
ECC Crypto instead of RSA in
authorization
MAP Protection
MSID Privacy & MFP, using
Temporay ID.
Authentication before
capability exchange
1 byte PN
Encryption at SDU level
PDU Sequence number
replacing PN
Notes/Harmonization
Suggestions
Erroneous doc number. Should be
905r2. Harmonize with 987 ?
Harmonize with 545/Doc 1141 ?
Harmonize with 544/ Doc 907r1 ?
Harmonize with #604/doc 923 ?
Harmonize with 542 doc905r2 ?
Harmonize with 604 & 546 ?
Harmonize with #546 / Doc 966 ?
Security Contributions Without Comments
T/E
T
Doc#
Subject
892r1
Secure Multicast. GTEK updates
etc.
Notes
T
987
Management Frame Protection
T
988
Derived TEKs
989
MAC Address Privacy through
temp IDs
1119r2
MAC Address Privacy through
DH or RSA tunnel setup
T
T
Harmonize with
905r2 ?
Proposal Concepts
•
Management Frame Protection/MAP Protection
– 905r2, 1099r2, 1087, 987
•
PN Size Reduction / Authentication Tuple overhead reduction
– 966, 1168, 923
•
MS ID Privacy
– 880r1, 1087, 989, 1119r2
•
Uplink header authentication
– 907r1, 1141,
•
Link Cipher at MAC CS
– 1169
•
Derived TEKs, Multicast GTEK Update
– 879r1, 892r1, 988
•
Dynamic SA creation
– 879r1
•
ECC Certificates
– 881r1
•
Authentication before Capability Exchange
– 1167
•
Others/Misc – Comment #41, #543
Non Security Classified Contributions with
Security Overlap
• 906r1
– Compressed MAC header.
• Proposes 3-state EKS to merge EKS and EC bits.
• 1059
– Short MAC header formats
• Proposes no encryption mode & 1 bit EKS.
• 1067
– Manipulation of EC, EKS and PN
• 1081
– 1 bit EKS & removed EC
• 1088
– MS ID Hiding. Should be MAC: Security
Download