-----Original Message-----
From: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG [mailto:owner-stds-802-16-mobile@LISTSERV.IEEE.ORG]On Behalf Of JUNHYUK SONG
Sent: Tuesday, June 01, 2004 8:53 AM
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2
Jeff,
Here is my minimum requirements for PKMv2.
0. Reuse PKM structure as much as we can
1. Extended 256 bits Key Hierarchy for enhanced key derivation
1.1 Shall provide enough key materials to support MAC message protection key and Group Key generations, and future expansion
1.2 Shall be able to support EAP inner method Key derivation function if AAA key was generated by inner method
2. Define top level Security Association that manages security info of MAC messages in either awake and idles state
3. Mutual authentication is EAP method specific requirement and may not be captured in 802.16e, unless we want to extend existing PKI based authentication
4. Secure MAC management messages support (Note: Here MAC Managements messages including PKM EAP encapsulation messages)
4.1 Crpyto Synchronized Integrity check support against Replay Attack
4.2 Confidentiality support for Identity and session info protection
5. fix and complete EAP encapsulation message defined in current baseline to encapsulate EAP messages as defined in RFC 2284bis ID.
6. Hardware Friendly AES Authentication mode, Authenticated encryption mode, and Encryption mode support
7. Pre-authentication/Fast Reauthentication support based on below criteria
7.1 Shall minimize HO reconnection time
7.2 Shall not degrade Security defined in SA
8. Shall be able to support MBS and other multimedia service
8.1 Shall support Macro diversity in neighborhood cells
8.2 Shall be able to support crypto binding between PKM based link layer Encrpytion Key and MBS and other application service encryption key from third party service provider
9. May support optional flexable Encrpytion location
Thanks,
JH SONG
HanaFOS.com