Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-16-MOBILE] [security] Replay protection



Jeff,

Thanks for initiating email thread.
I believe Replay protection for MAC message was one of the essential thing has been missing from PKMv1.
We should fix it this time.

> 1.  Can we extend this proposal to the other MAC messages (eg. HO_Ind) also?

Yes, it basically can be extended to other MAC message with HMAC.

>
> 2.   Is the PHY Sync field something that will reliably not repeat
> within a AK lifetime?

Actually, it could be reapted, since PHY Sync field is only 24bits and default AK lifetime is 7 days.
But in 16e system MSS is more likely to be handoffed to other BS or AK can be set to just a couple of hours.

One other way to enchance it is adding BS specific info on MAC generation, such as BSID.
It will ensure that message cannot be repeated in case of HO.


My two cents,

JH SONG

>
> 3.  Any other comments?
>
>
> - Jeff Mandin
> Security Adhoc Chair
>
>