Re: [STDS-802-16-MOBILE] [security] Replay protection

[Jeff Mandin <jmandin@STREETWAVES-NETWORKS.COM>]

Title:

Hi JunHyuk,


JunHyuk Song wrote:
> > 2.   Is the PHY Sync field something that will reliably not repeat
> > within a AK lifetime?
> >   
>
> Actually, it could be reapted, since PHY Sync field is only 24bits and default AK lifetime is 7 days.
> But in 16e system MSS is more likely to be handoffed to other BS or AK can be set to just a couple of hours.
> One other way to enchance it is adding BS specific info on MAC generation, such as BSID.
> It will ensure that message cannot be repeated in case of HO.
>
>   
In my opinion, we shouldn't assume that 16e devices will always be
moving .16e compliant systems will also provide fixed service, and
mobile devices can stay put for a long time.

Another thing is that most of the 24 bits are "wasted".  What I mean by
this is that within a particular cycle of the Frame Number, only a few
values will be used to protect a particular MAC management message
type.  

Alternative Suggestion:  Substitute a specialized Counter rather than
using the Frame Number.  

What do you think?

- Jeff