Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

1. Introduction

advertisement 
IEEE C802.16j-07/495r2
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Relay MAC PDU Construction in centralized security scenario
Date
Submitted
2007-11-04
Source(s)
Hang Zhang, Peiying Zhu, Mo-Han Fong,
Wen Tong, David Steer, Gamini
Senarath, G.Q. Wang, Derek Yu, Israfil
Bahceci, Robert Sun and Mark Naden
Nortel
3500 Carling Avenue
Ottawa, Ontario K2H 8E9
Re:
IEEE 802.16j-07/019: “Call for Technical Comments Regarding IEEE Project 802.16j”
Voice: +613-763-1315
E-mail: wentong@nortel.com
Voice: +613-765-8983
E-mail: pyzhu@nortel.com
Abstract
Purpose
Notice
Release
Patent
Policy
To incorporate the proposed text into the P802.16j Baseline Document (IEEE 802.16j-06/026r4)
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for
discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole
discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The
contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
Relay MAC PDU Construction in Centralized Security Scenario
Hang Zhang, Peiying Zhu, Mo-Han Fong, Wen Tong, David Steer, Gamini Senarath, G.Q. Wang,
Derek Yu, Israfil Bahceci, Robert Sun and Mark Naden
Nortel
1. Introduction
In current baseline document, both centralized and distributed security modes are described. In centralized
security mode, the security materials of a MS are kept by the MS and the corresponding MR-BS. The MR-BS
performs traffic encryption and message authentication of a MS. In the current baseline document, the MPDU
and R-MAC PDU constructions in this scenarios needs more detailed descriptions. This contribution is
addressing this topic.
1
IEEE C802.16j-07/495r2
2. Proposal
In centralized security scenario, the security materials of a MS are kept by the MS and the corresponding MRBS. The MR-BS performs MS traffic encryption and decryption. The access RS simply relay encrypted MS
MPDUs.
In transmission using tunnel or destination RS CID case, the realy MAC (R-MAC) sub-layer is used to carry
encrypted MS MPDUs over forwarding path.
For DL, the MR-BS CPS sub-layer creates MS MAC PDUs encapsulating SDUs of MSs received from upper
layer and encrypts the payload of the MPDU using MSs security materials. R-MAC sub-layer then encapsulates
one, multiple or a fragment of such MPDU in a R-MAC PDU. The R-MAC PDU is transmitted on R-link and
the intermediate RS, if any in the forwarding path, receives the R-MAC PDU and shall de-capsulate the R-MAC
PDU and recover any MPDU within the payload which is fragmented by the sender. The intermediate RS
reconstructs an R-MAC PDU in the similar way of a MR-BS and send the R-MAC PDU to the next hop RS.
The access RS, after receiving an R-MAC PDU over its R-link, the RS shall de-capsulate the R-MAC PDU and
recover any MPDU which is fragmented by the sender. Those MPDUs then are sent to MSs over access link of
this access RS. Finally, MSs will decrypt MPDUs using their individual security materials and recover SDU
carried by MPDUs.
For UL, the access RS receives UL MPDUs from MS over access link. The R-MAC sub-layer of the access RS
over R-link encapsulates one, multiple or a fragment of such MPDU in an R-MAC PDU. The processes of RMAC PDU of intermediate RS(s) are the same as those for DL. The MR-BS, after receiving R-MAC PDUs,
shall de-capsulate the R-MAC PDU and obtain MS MPDU(s). Those MS MPDUs are then decrypted by MRBS using security materials of MSs and the recovered SDUs are delivered to the upper layer.
The R-MAC PDU construction, i.e., fragmentation and packing of MS encrypted MPDUs, follows the same
rules defined for MS MPDU construction. The only difference is that the definition of fragment sequence
number (FSN) in fragmentation sub-header (FSH) and packing sub-header (PSH). In MPDU, the FSN is
meaningful for one MS service flow. In R-MAC PDU, the FSN is meaningful for a particular QoS class or a
transport tunnel which could carry an aggregated MS service flow. The FSN is set to each encrypted MS MPDU
by R-MAC sub-layer of the source station in the forwarding path and is used to keep the order of MS MPDUs
between the two ends of forwarding path.
In the last hop of a forwarding path, the MS MDPU may be sent without using R-MAC PDU.
The R-MAC PDU construction is shown in Figure 1.
2
IEEE C802.16j-07/495r2
R-GMH
SDU ( MS_x) Ciphertext CRC
FSH
R-MAC PDU to be
sent over R-link
GMH PN
R-CRC
SDU2 (MS_y)
GMH
GMH PN
R-GMH
SDU (MS_y)
GMH
Ciphertext CRC
GMH PN
R-CRC
R-GMH
SDU2 to MS_z
SDU (MS_z)
Ciphertext CRC
PSH
MS MAC PDU
after encryption
using per MS’s
TEK, AEC CCM
mode
SDU ( MS_x)
PSH
GMH
PSH
MS MAC
PDU before
encryption
SDU2 (MS_z)
SDU2 (MS_y)
SDU (MS_x)
PSH
MS MAC SDUs received
from upper layer
R-CRC
(a) DL R-PDU construction in MR-BS (AEC CCM encryption mode is assumed)
R-GMH
SDU ( MS_y) Ciphertext CRC
GMH PN
R-CRC
R-GMH
SDU (MS_z)
Ciphertext CRC
PSH
R-CRC
GMH PN
PSH
Ciphertext CRC
PSH
R-GMH
SDU (MS_x)
PSH
R-MAC PDU to be
sent over R-link
GMH PN
FSH
Encrypted MS MAC PDU
received from MSs over
access link
R-CRC
First fragment of
MAC PDU i+1
R-CRC
R-GMH
PSH
R-GMH
MAC PDU i+2
R-CRC
MAC PDU i+2
PSH
R-CRC
Second (last) fragment
of MAC PDU i+1
PSH
Second (last) fragment
of MAC PDU i
MAC PDU i+1
PSH
R-MAC PDU to be sent
over R-link to
R-GMH
superordinate station
(MR-BS or RS) for UL or
over R-link to
subordinate RS for DL
MAC PDU i
PSH
MS MAC PDU reassembled from
R-MAC PDUs
R-GMH
PSH
R-GMH First fragment of MAC PDU i R-CRC
PSH
R-MAC PDU received over Rlink from superordinate station
(MR-BS or RS) for DL or
received over R-link from
subordinate RS for UL
PSH
(b) UL R-MAC PDU construction in access RS (AEC CCM encryption mode is assumed)
R-CRC
(c) R-MAC PDU construction in intermediate RS.
Figure 1. R-MAC PDU construction in centralized security scenario.
3. Proposed text change
[Add the following section 6.3.3.8.3 as indicated]
++++++++++++++++++++++ Start Text ++++++++++++++++++++++++++++++++
6.3.3.8.3 R-MAC PDU construction in relay network
6.3.3.8.3.1 R-MAC PDU construction and forwarding in centralized security scenario
In centralized security scenario, the security materials of a MS are kept by the MS and the corresponding MRBS. The MR-BS performs MS traffic encryption and decryption. The access RS simply relay encrypted MS
MPDUs.
3
IEEE C802.16j-07/495r2
In transmission using tunnel or destination RS CID case, the realy MAC (R-MAC) sub-layer is used to carry
encrypted MS MPDUs over forwarding path.
For DL, the MR-BS CPS sub-layer creates MS MAC PDUs encapsulating SDUs of MSs received from upper
layer and encrypts the payload of the MPDU using MSs security materials. R-MAC sub-layer then encapsulates
one, multiple or a fragment of such MPDU in a R-MAC PDU. The R-MAC PDU is transmitted on R-link and
the intermediate RS, if any in the forwarding path, receives the R-MAC PDU and shall de-capsulate the R-MAC
PDU and recover any MPDU within the payload which is fragmented by the sender. The intermediate RS
reconstructs an R-MAC PDU in the similar way of a MR-BS and send the R-MAC PDU to the next hop RS.
The access RS, after receiving an R-MAC PDU over its R-link, the RS shall de-capsulate the R-MAC PDU and
recover any MPDU which is fragmented by the sender. Those MPDUs then are sent to MSs over access link of
this access RS. Finally, MSs will decrypt MPDUs using their individual security materials and recover SDU
carried by MPDUs.
For UL, the access RS receives UL MPDUs from MS over access link. The R-MAC sub-layer of the access RS
over R-link encapsulates one, multiple or a fragment of such MPDU in an R-MAC PDU. The processes of RMAC PDU of intermediate RS(s) are the same as those for DL. The MR-BS, after receiving R-MAC PDUs,
shall de-capsulate the R-MAC PDU and obtain MS MPDU(s). Those MS MPDUs are then decrypted by MRBS using security materials of MSs and the recovered SDUs are delivered to the upper layer.
The R-MAC PDU construction, i.e., fragmentation and packing of MS encrypted MPDUs, follows the same
rules defined for MS MPDU construction. The only difference is that the definition of fragment sequence
number (FSN) in fragmentation sub-header (FSH) and packing sub-header (PSH). In MPDU, the FSN is
meaningful for one MS service flow. In R-MAC PDU, the FSN is meaningful for a particular QoS class or a
transport tunnel which could carry an aggregated MS service flow. A sequence number is assigned to each
encrypted MS MPDU by R-MAC sub-layer of the source station in the forwarding path and is used to keep the
order of MS MPDUs between the two ends of forwarding path. The sequence number is carried by the sequence
number subheader (SNSH) of R-MAC PDU.
In the last hop of a forwarding path, the MS MDPU may be sent without using R-MAC PDU.
The R-MAC PDU construction with is shown in Figure xxx.
R-GMH
PN
GMH
SDU ( MS_x) Ciphertext CRC
R-CRC
R-GMH
GMH
PN
SDU2 (MS_y)
SDU (MS_y)
GMH
Ciphertext CRC
GMH
R-CRC
R-GMH
PN
SDU2 to MS_z
SDU (MS_z)
Ciphertext CRC
PSH
R-MAC PDU to be
sent over R-link
GMH
FSH
MS MAC PDU
after encryption
using per MS’s
TEK, AEC CCM
mode
SDU ( MS_x)
PSH
GMH
PSH
MS MAC
PDU before
encryption
SDU2 (MS_z)
SDU2 (MS_y)
SDU (MS_x)
PSH
MS MAC SDUs received
from upper layer
a) DL R-PDU construction in MR-BS (AEC CCM encryption mode is assumed)
4
R-CRC
IEEE C802.16j-07/495r2
GMH PN
R-CRC
R-GMH
SDU (MS_z)
Ciphertext CRC
PSH
R-GMH
SDU ( MS_y) Ciphertext CRC
PSH
R-CRC
GMH PN
PSH
R-GMH
SDU (MS_x) Ciphertext CRC
FSH
R-MAC PDU to be
sent over R-link
GMH PN
PSH
Encrypted MS MAC PDU
received from MSs over
access link
R-CRC
MAC PDU i
R-CRC
R-GMH
PSH
R-GMH
(c) R-MAC PDU construction in intermediate RS.
Figure xxx. R-MAC PDU construction in centralized security scenario.
5
MAC PDU i+2
MAC PDU i+2
MAC PDU i+1
R-CRC
Second (last) fragment
of MAC PDU i+1
PSH
First fragment of
MAC PDU i+1
PSH
Second (last) fragment
of MAC PDU i
PSH
R-MAC PDU to be sent
over R-link to
R-GMH
superordinate station
(MR-BS or RS) for UL or
over R-link to
subordinate RS for DL
PSH
MS MAC PDU reassembled from
R-MAC PDUs
R-GMH
PSH
R-GMH First fragment of MAC PDU i R-CRC
PSH
R-MAC PDU received over Rlink from superordinate station
(MR-BS or RS) for DL or
received over R-link from
subordinate RS for UL
PSH
b) UL R-MAC PDU construction in access RS (AEC CCM encryption mode is assumed)
R-CRC
R-CRC
Related documents
PSE Line Card (DOC) - Power Support Engineering
PSE Line Card (DOC) - Power Support Engineering
Form DPS-A Professional Development Unit Application Course
Form DPS-A Professional Development Unit Application Course
Slides
Slides
1-Introduction :
1-Introduction :
ISC`12 EEHPC-LRZ
ISC`12 EEHPC-LRZ
Ch. 7 - OSI Data Link Layer
Ch. 7 - OSI Data Link Layer
1. Problem Description
1. Problem Description
C25-20041018
C25-20041018
Download
advertisement