IEEE C802.16.1-11/0001 Project Title Date

advertisement
IEEE C802.16.1-11/0001
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Clarifications on key update during handover (reply contribution on comment #75002)
Date
Submitted
2011-09-18
Source(s)
Youngkyo Baek, Hyunjeong Kang,
youngkyo.baek@samsung.com
Yeongmoon Son, Jungshin Park
Samsung Electronics
Wasuke Sato, Kenji Saito
wasuke@uqc.jp
UQC
Satoshi Imata
sa-imata@kddilabs.jp
KDDI Labs
Re:
Call for Reply Comment on the P802.16.1
Abstract
The contribution proposes to clarify PKMv2/PKMv3 sharing state machine and PMK context during
handover between 16e BS and 16m ABS, and handover between LZone and MZone.
Purpose
To be discussed and adopted in 802.16Maint TG
Notice
Release
Patent
Policy
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion.
It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any
IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion
to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also
acknowledges and accepts that this contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
1
IEEE C802.16.1-11/0001
Clarifications on key update during handover (reply contribution on
comment #75002)
Youngkyo Baek, Hyunjeong Kang, Yeongmoon Son, Jungshin Park
Samsung Electronics
Wasuke Sato, Kenji Saito
UQC
Satoshi Imata
KDDI Labs
1. Introduction
This contribution proposes to clarify PKMv2/PKMv3 sharing state machine and PMK context during handover
between 16e BS and 16m ABS, and during handover between LZone and MZone.
2. Proposed Text Change
Adopt the following remedies in IEEE P802.16.1/D0.
----------------------------------------------------- Start of Proposed Text ----------------------------------------------------[Remedy #1: Modify subclause 6.2.5.2.1.5.4 as indicated (pp.291, line 1):]
6.2.5.2.1.5.4 Key update during handover
During Intra-WirelessMAN-Advanced Air Interface Handover (with handover process optimization bitmap bit 1 = 1 “omit PKM
authentication phase”), AK, CMAC keys, and TEKs shall be derived by the T-ABS and AMS respectively as described in 6.2.5.2.
In particular,
— AK derivation follows the same procedure as defined in 6.2.5.2.1.1.2, where usage of AMSID or AMSID* is defined in
6.2.5.3.1.
— In TEK derivation, COUNTER_TEK is set to be 0 and 1, in order to generate two new TEKs to be used at the T-ABS.
Corresponding EKS is also reset to be 0 and 1, respectively.
When Seamless_Handover Flag = 1 in AAI-HO-CMD, the AMS and T-ABS may use derived TEKs for the T-ABS to resume data
communications before initiation of AAI-RNG-REQ for network reentry procedure.
When the Network_Reentry_Mode = 1, for which the AMS is to maintain communications with S-ABS during network reentry at
the T-ABS, the AMS shall manage two sets of key context for AK, CMAC keys, and TEKs, where the context associated with the
S-ABS is used to maintain communications with S-ABS until Disconnection Time, and the “new” context associated with the
T-ABS is used to perform required network reentry procedures with T-ABS. The AMS discards key context associated with the
S-ABS when the network reentry procedure finishes. The S-ABS discards this MS’s key context (along with other MAC context
associated with the AMS) upon either the expiration of the ABS_Resource_Retain_Timer or a HO Complete signaling from T-ABS
via backbone.
2
IEEE C802.16.1-11/0001
During direct HO procedure from WirelessMAN-OFDMA R1 Reference BS to WirelessMAN-Advanced Air Interface ABS with
either S-SFH Network Configuration bit = 0b0 when AMSID privacy is disabled or S-SFH Network Configuration bit = 0b1, key
update follows the PMK context is shared between PKMv2 in the serving BS and PKMv3 in the T-ABS so that its PMK in the
serving BS is re-used in the T-ABS, and the AMS obtains a proper value for AK_COUNT from the current CMAC_KEY_COUNT
(refer to 6.2.5.2.1.1.2.2). Similarly to Intra-WirelessMAN-Advanced Air Interface Handover, the AMS stays in the Authenticated
state of PKM v3 Auth FSM if AAI-RNG-REQ/RSP messages of NW reentry are validated correctly by CMAC/ICV calculated
based on the same key update procedure as defined for intra-WirelessMAN-Advanced Air Interface Handover.
During direct HO from WirelessMAN-OFDMA R1 Reference BS to WirelessMAN-Advanced Air Interface ABS with S-SFH
Network Configuration bit = 0b0 and AMSID privacy is enabled, the PMK context is shared between PKMv2 in the serving BS and
PKMv3 in the T-ABS so that its PMK is re-used in the T-ABS, and the AMS obtains a proper value for AK_COUNT from the
current CMAC_KEY_COUNT (refer to 6.2.5.2.1.1.2.2). Similarly to Intra-WirelessMAN-Advanced Air Interface Handover, the
AMS stays in the Authenticated state of PKM v3 Auth FSM if AAI-RNG-REQ/RSP messages of NW reentry are validated
correctly by CMAC/ICV calculated based on the new AK, CMAC keys, and TEKs that are derived as follows:
— AMS obtains proper value for AK_COUNT according to 6.2.5.2.1.1.2.2
— AMS sets generates random NONCE_ABS on calculating the value of AMSID* by its AMSID. AMS derives new AK, its
CMAC key, and TEK based on the AMSID*.
— AMS sends AAI-RNG-REQ message containing the attributes required for Authenticator to derive AK, i.e., AMSID*, and
CMAC tuple, which is based on the new CMAC key.
— On receiving the AAI-RNG-REQ message, network entities, assumed to be Authenticator, derive new AK and transfer AK
context to ABS, and ABS subsequently derives TEK and CMAC keys. ABS validates the AAI-RNG-REQ by CMAC tuple. If the
CMAC is valid, ABS responds with AAI-RNG-RSP message, where the AAI-RNG-RSP is transferred in encrypted manner by the
new TEK.
— If the AMS decrypts and decodes successfully the AAI-RNG-RSP message, then the AMS regards it as completion of a
successful security key update procedure.
During direct HO procedure from WirelessMAN-Advanced Air Interface ABS to WirelessMAN-OFDMA R1 Reference BS, the
PMK context is shared between PKMv3 in the S-ABS and PKMv2 in the target BS so that its PMK is re-used and the AMS obtains
a proper value for CMAC_KEY_COUNT from the current AK_COUNT (refer to 6.2.5.2.1.1.2.2). Similarly to
Intra-WirelessMAN-OFDMA R1 Interface Handover, the AMS stays in the Authenticated state of PKM v2 Auth FSM if
RNG-REQ/RSP messages of NW reentry are validated correctly by CMAC calculated based on the key update procedure of the
intra-WirelessMAN-OFDMA R1 Interface Handover (refer to 7.2.2.2).
[Remedy #2: Modify subclause 6.2.5.2.1.5.6 asindicated (pp.292, line 4):]
6.2.5.2.1.5.6 Key update during zone switching from LZone to MZone
ABS shall include the STID to be used in target MZone in the zone switch information.
During zone switch from LZone to MZone (with handover process optimization bitmap bit 1 = 1 “omit PKM authentication phase”
and S-SFH Network Configuration bit = 0b0 and AMSID privacy is enabled), AMS shall perform network reentry procedure in
MZONE to derive the PMK context is shared between PKMv2 in the serving LZone and PKMv3 in the target MZone so that its
PMK is re-used in the MZone, and the AMS obtains a proper value for AK_COUNT from the current CMAC_KEY_COUNT (refer
to 6.2.5.2.1.1.2.2). Similarly to Intra-WirelessMAN-Advanced Air Interface Handover, the AMS stays in the Authenticated state of
PKM v3 Auth FSM if AAI-RNG-REQ/RSP messages are validated correctly by CMAC/ICV calculated based on new AK, CMAC
keys, and TEKs to be used in MZone derived as follows:
— AMS obtain proper value for AK_COUNT according to 6.2.5.2.1.1.2.2
3
IEEE C802.16.1-11/0001
— AMS generates random NONCE_AMS on calculating AMSID*. AMS derives new AK, and its CMAC key and TEK based on
the AMSID*.
— AMS sends AAI-RNG-REQ message containing the attributes required for Authenticator to derive AK, i.e., AMSID*, and
CMAC digest, which is based on the new CMAC key.
— On receiving the AAI-RNG-REQ message, network entities, assumed to be Authenticator, derive new AK and transfer AK
context to ABS, and ABS subsequently derives TEK and CMAC keys.ABS validates the AAI-RNG-REQ by CMAC tuple. If the
CMAC is valid, ABS responds with AAI-RNG-RSP message, where the AAI-RNG-RSP is transferred in encrypted manner by the
new TEK.
— If the AMS decrypts and decodes successfully the AAI-RNG-RSP message, then the AMS regards it as completion of a
successful security key update.
— Seamless_Handover Flag shall be 0 for this zone switching scenario.
During zone switch from LZone to MZone (with handover process optimization bitmap bit 1 = 1 “omit PKM authentication phase”
and either S-SFH Network Configuration bit = 0b0 when AMSID privacy is disabled or S-SFH Network Configuration bit = 0b1),
AMS shall perform network reentry procedure in MZone to derive the PMK context is shared between PKMv2 in the serving
LZone and PKMv3 in the target MZone so that its PMK is re-used in the MZone and the AMS obtains a proper value for
AK_COUNT from the current CMAC_KEY_COUNT (refer to 6.2.5.2.1.1.2.2). Similarly to Intra-WirelessMAN-Advanced Air
Interface Handover, the AMS stays in the Authenticated state of PKM v3 Auth FSM if AAI-RNG-REQ/RSP messages are
validated correctly by CMAC/ICV calculated based on new AK, CMAC keys, and TEKs to be used in MZone derived as follows:
— AMS obtains a proper value for AK_COUNT according to 6.2.5.2.1.1.2.2.
— AMS derives new AK, and its CMAC key and TEK based on AMSID.
— AMS sends AAI-RNG-REQ message containing the attributes required for Authenticator to derive AK, i.e., AMSID, and
CMAC digest, which is based on the new CMAC key.
— On receiving the AAI-RNG-REQ message, network entities, assumed to be Authenticator, derive new AK and transfer AK
context to ABS, and ABS subsequently derives TEK and CMAC keys. Alternatively, network entities, assumed to be Authenticator,
may derive new AK and transfer AK context to ABS and ABS subsequently derives TEK and CMAC keys earlier when zone
switching is initiated by ABS. ABS validates the AAI-RNG-REQ by CMAC tuple. If the CMAC is valid, ABS responds with
AAI-RNG-RSP message, where the AAI-RNG-RSP is transferred in encrypted manner by the new TEK.
— If the AMS decrypts and decodes successfully the AAI-RNG-RSP message, then the AMS regards it as completion of a
successful security key update.
[Remedy #3: Modify subclause 6.2.5.2.1.5.7 as indicated (pp.292, line 50):]
6.2.5.2.1.5.7 Key update during zone switch from MZone to LZone
During zone switch from MZone to LZone (with handover process optimization bitmap bit 1 = 1 “omit PKM authentication phase”),
the PMK context is shared between PKMv3 in the serving MZone and PKMv2 in the target LZone so that its PMK is re-used in the
LZone and AMS obtains a proper value for CMAC_KEY_COUNT from the current AK_COUNT according to 6.2.5.2.1.1.2.2.
Similarly to Intra-WirelessMAN-OFDMA R1 Interface Handover, the AMS stays in the Authenticated state of PKM v2 Auth FSM
if RNG-REQ/RSP messages of NW reentry are validated correctly by CMAC calculated based on the key update procedure of the
intra-WirelessMAN-OFDMA R1 Interface Handover (refer to 7.2.2.2).
4
IEEE C802.16.1-11/0001
New AK, KEK, and CMAC keys are derived according to 7.2.2.2. New TEKs are derived according to 7.2.2.2 if in AAI-HO-CMD
message Seamless HO is set to 1. Otherwise, TEKs to be used in LZone are obtained via TEK transfer encrypted by KEK.
----------------------------------------------------- End of Proposed Text -----------------------------------------------------
5
Download