IEEE C802.16m_08/988
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
TEK Management for IEEE 802.16m
Date
Submitted
2008-09-05
Source(s)
GeneBeck Hahn, KiSeon Ryu and
Ronny YongHo Kim
Voice: +82-31-450-7188
E-mail: gbhan@lge.com, ksryu@lge.com and
ronnykim@lge.com
LG Electronic Inc.
LG R&D Complex, 533 Hogye-1dong,
Dongan-gu, Anyang, 431-749, Korea
Re:
Re: MAC: Security; in response to the TGm Call for Contributions and Comments in
802.16m-08/033 for Session 57
Abstract
This contribution describes a method of AK-based TEK management for IEEE 802.16m
Purpose
To be discussed and adopted by TGm for use in the IEEE 802.16m SDD
Notice
Release
Patent
Policy
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis
for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw
material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this
contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to
copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this
contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the
resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
TEK Management for IEEE 802.16m
Gene Beck Hahn, Ki Seon Ryu and Ronny Yong Ho Kim
LG Electronics
1. Problem Definition
In legacy IEEE 802.16 systems, TEK (Traffic Encryption Key) is defined in two respective ways for
1
IEEE C802.16m_08/988
the protection of data services. One is for the MSs during authorization and the other is for the MSs
during HO (Handoff). In detail, TEK is made as a random number in a BS as a result of authorization
and transferred between corresponding BS and MS via TEK exchange. Also, TEK is generated by BS
and MS respectively during HO for the support of seamless HO. Hence, TEK is made independently
for authorization and HO. That is, BS and MS shall maximally maintain two types of TEK materials
prior to HO. This seems to add complexity to both MS and BS.
According to IEEE 802.16m SRD, the impact of security procedures on the performance of system
functions shall be minimized. In this contribution, we propose a method of unified TEK management
for IEEE 802.16m systems. Our scheme has an advantage of consistency in generating and updating
TEK materials. Besides, our scheme can avoid the delayed distribution of TEK to MS during HO. This
ensures MS’s immediate access to the received data and avoids the disruption of service continuity,
QoS degradation.
2. AK based TEK Management for IEEE 802.16m
The design rationale of our scheme is to simplify the method of TEK generation and update of IEEE
802.16m systems. Also, the proposed scheme shall not incur lots of overhead to IEEE 802.16m systems.
The proposed method designs a unified TEK generation and update. In detail, TEK is made by using
AK after the authorization phase of MS. The proposed method extends the TEK generation method
defined in legacy systems. However, it does not require maintaining redundant TEK materials. The
TEK made at serving BS can be also used at target BS after HO by exchanging parameters required to
derive the TEK between serving BS and target BS. That is, the TEK used at target BS can be made in
advance of HO to the BS and the pre-made TEK can be used to process the received data immediately
after HO to the target BS.
In case the legacy method of TEK generation and update is adopted, MS is assigned TEK from BS
after authorization. At the time of HO, however, the HO TEK shall be generated independently at MS
and BS. Although the use of HO TEK seems to be fairly good to the real-time multimedia streaming
services requiring high level QoS, the costs on managing the redundant TEK materials may incur an
overhead to both MS and BS.
Figure 1 depicts the procedure of TEK generation and update for IEEE 802.16m. The idea is to use
AK and nonce for TEK generation and update. The proposed method for generation and update of
TEK does not need to work independently. Besides, the proposed method will avoid of compromise
of service continuity and reduce the degradation of QoS. As we can see, the nonce is sent from
serving BS to MS instead of TEK via PKM messages during network entry. The MS and BS derive
TEK whenever the nonce is exchanged. The nonce shall be automatically updated with the periodic
TEK update. That is, upon the expiration of TEK refresh timer, PKM messages shall be used to
exchange nonce between MS and BS. The latest nonce used to derive TEK at serving BS can be reused
at target BS. That is, the nonce is sent from serving BS to target BS during HO. After HO, the nonce
received from serving BS can be used to derive TEK at target BS. The target BS derives new TEK
using the nonce from serving BS, AK and TEK counter that is incremented for each HO trial. The TEK
counter prevents from using the same TEK in case where MS performs HO to the BS previously
2
IEEE C802.16m_08/988
visited. When CMAC is supported, CMAC key counter can be used as a TEK counter. When CMAC
is not supported, the TEK counter is reset when the nonce is refreshed. Obviously, the nocne shall be
exchanged during TEK refresh. In case TEK is derived based on AK and nonce, data packets can be
processed immediately after HO.
MS
S-BS
Nonce Exchange
TEK = Dot16KDF (AK, Nonce |
SAID | “TEK”, 128)
T-BS
During
Network
Entry
Use the TEK generated from
Nonce and AK for S-BS
Nonce Exchange
TEK = Dot16KDF (AK, Nonce |
SAID | “TEK”, 128)
Nonce is refreshed
based on
key lifetime
Decide HO
to T-BS
Nonce
TEK = Dot16KDF (AK, Nonce |
SAID | TEK Counter | “TEK”,
128)
Handover 
Use the TEKs generated from Nonce and AK for T-BS
:
:
TEK = Dot16KDF (AK, Nonce |
SAID | TEK Counter | “TEK”,
128)
Figure 1: AK based TEK Generation for IEEE 802.16m
Text Proposal for IEEE 802.16m SDD
============================= Start of Proposed Text =============================
12 Security
12.3 Key Management
12.3.1 TEK Management for IEEE 802.16m
In IEEE 802.16m systems, the unified method of TEK generation and update is required. Figure 1
describes the procedure of TEK generation and update for IEEE 802.16m. The idea is to use AK and
nonce for TEK generation and update. In IEEE 802.16, TEK is generated and updated independently
for authorization and HO. This incurs systematic costs and adds complexity to both MS and BS. The
proposed method for generation and update of TEK does not need to work independently at MS and
BS. During HO, the proposed method avoids the compromise of service continuity and reduces the
degradation of QoS.
3
IEEE C802.16m_08/988
MS
S-BS
Nonce Exchange
TEK = Dot16KDF (AK, Nonce |
SAID | “TEK”, 128)
Use the TEK generated from
Nonce and AK for S-BS
Nonce Exchange
T-BS
During
Network
Entry
TEK = Dot16KDF (AK, Nonce |
SAID | “TEK”, 128)
Nonce is refreshed
based on
key lifetime
Decide HO
to T-BS
Nonce
TEK = Dot16KDF (AK, Nonce |
SAID | TEK Counter | “TEK”,
128)
Handover 
Use the TEKs generated from Nonce and AK for T-BS
:
:
TEK = Dot16KDF (AK, Nonce |
SAID | TEK Counter | “TEK”,
128)
Figure 1: AK based TEK Generation for IEEE 802.16m
As we can see, the nonce is sent from serving BS to MS instead of TEK during network entry. MS
and BS derive TEK whenever the nonce is exchanged. The nonce shall be automatically updated with
periodic TEK update. That is, upon the expiration of TEK refresh timer, nonce is exchanged between
MS and BS. The latest nonce used to derive TEK at serving BS can be reused at target BS. That is, the
nonce is sent from serving BS to target BS during HO. After HO, the nonce received from serving BS
can be used to derive TEK at target BS. The target BS derives TEK using the nonce sent from serving
BS, AK and TEK counter that is incremented for each HO trial. The TEK counter prevents from using
the same TEK in case where MS performs HO to the BS previously visited.
============================= End of Proposed Text =============================
4