I can't speak
for JunHuk's reasons, but my own are..
1) Protecting PKM-EAP
exchanges
2) Protecting from high
impact spoofed management messages (like dissasociate)
DJ
Dear JH
SONG,
Could you
please explain the rationale behind encrypting MAC messages, and specifically
which MAC messages will be encrypted and what delay you expect such encryption
to introduce.
Thanks,
Yigal
Jeff,
Here is my minimum requirements for PKMv2.
0. Reuse PKM structure as much as we can
1. Extended 256 bits Key Hierarchy for enhanced key derivation
1.1 Shall provide enough key materials to support MAC
message protection key and Group Key generations, and future
expansion
1.2 Shall be able to support EAP inner method Key
derivation function if AAA key was generated by inner method
2. Define top level Security Association that manages security info of
MAC messages in either awake and idles state
3. Mutual authentication is EAP method specific requirement and may
not be captured in 802.16e, unless we want to extend existing PKI based
authentication
4. Secure MAC management messages support (Note: Here MAC Managements
messages including PKM EAP encapsulation messages)
4.1 Crpyto Synchronized Integrity check support against
Replay Attack
4.2 Confidentiality support for Identity and
session info protection
5. fix and complete EAP encapsulation message defined in current baseline
to encapsulate EAP messages as defined in RFC 2284bis ID.
6. Hardware Friendly AES Authentication mode, Authenticated encryption
mode, and Encryption mode support
7. Pre-authentication/Fast Reauthentication support based on below
criteria
7.1 Shall minimize HO reconnection time
7.2 Shall not degrade Security defined in SA
8. Shall be able to support MBS and other multimedia service
8.1 Shall support Macro diversity in neighborhood
cells
8.2 Shall be able to support
crypto binding between PKM based link layer
Encrpytion Key and MBS and other application service encryption
key from third party service provider
9. May support optional flexable Encrpytion location
Thanks,
JH SONG HanaFOS.com
|