Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements f

Thread Links	Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Thread Links

Date Links

Thread Prev

Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2

To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG

Subject: Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2

From: "Johnston, Dj" <dj.johnston@INTEL.COM>

Date: Tue, 1 Jun 2004 21:28:10 -0700

Reply-To: "Johnston, Dj" <dj.johnston@INTEL.COM>

Sender: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG

Thread-Index: AcRIG4IQsvB8SpukSw+eDyS0xF6NxwAPlZrw

Thread-Topic: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2

Title: Message

I can't speak for JunHuk's reasons, but my own are..

1) Protecting PKM-EAP exchanges

2) Protecting from high impact spoofed management messages (like dissasociate)

-----Original Message-----
From: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG [mailto:owner-stds-802-16-mobile@LISTSERV.IEEE.ORG] On Behalf Of Yigal Leiba
Sent: Tuesday, June 01, 2004 1:59 PM
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2

Dear JH SONG,

Could you please explain the rationale behind encrypting MAC messages, and specifically which MAC messages will be encrypted and what delay you expect such encryption to introduce.

Thanks,

Yigal

-----Original Message-----
From: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG [mailto:owner-stds-802-16-mobile@LISTSERV.IEEE.ORG]On Behalf Of JUNHYUK SONG
Sent: Tuesday, June 01, 2004 8:53 AM
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2

Jeff,

Here is my minimum requirements for PKMv2.

0. Reuse PKM structure as much as we can

1. Extended 256 bits Key Hierarchy for enhanced key derivation

    1.1 Shall provide enough key materials to support MAC message protection key and Group Key generations, and future expansion

    1.2 Shall be able to support EAP inner method Key derivation function if AAA key was generated by inner method

2. Define top level Security Association that manages security info of MAC messages in either awake and idles state

3. Mutual authentication is EAP method specific requirement and may not be captured in 802.16e, unless we want to extend existing PKI based authentication

4. Secure MAC management messages support (Note: Here MAC Managements messages including PKM EAP encapsulation messages)

   4.1 Crpyto Synchronized Integrity check support against Replay Attack

   4.2 Confidentiality support for Identity and session info protection

5. fix and complete EAP encapsulation message defined in current baseline to encapsulate EAP messages as defined in RFC 2284bis ID.

6. Hardware Friendly AES Authentication mode, Authenticated encryption mode, and Encryption mode support

7. Pre-authentication/Fast Reauthentication support based on below criteria

    7.1 Shall minimize HO reconnection time

    7.2 Shall not degrade Security defined in SA

8. Shall be able to support MBS and other multimedia service

    8.1 Shall support Macro diversity in neighborhood cells

    8.2 Shall be able to support crypto binding between PKM based link layer Encrpytion Key and MBS and other application service encryption key from third party service provider

9. May support optional flexable Encrpytion location

Thanks,

JH SONG

HanaFOS.com