Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
A lot of this makes good sense. Looking at it from
a deployment point of view brings up the need
for interfacing to existing
networks and inter-technology
hand-over, for example with
WiFi. Many user related security issues should be the same between dot11 and dot16, at least for the
mobile applications and probably for the fixed applications as well. Having
the same solution, notably where the network side of things is concerned, would
be very useful from the
viewpoint of those who already operate WiFi networks.
In the
case of dot11, the (external) AAA services and related protocol elements are
part of the security spec rather then the Network Management spec. Would that
model be useful here too?
Regards,
Jan
-----Original Message-----
From: owner-stds-802-16@listserv.ieee.org [mailto:owner-stds-802-16@listserv.ieee.org] On Behalf Of Johnston, Dj Sent: 30 March 2004 02:04 To: STDS-802-16@listserv.ieee.org Subject: Re: [STDS-802-16] [NETMAN_SG] Network Management Study Group Here's
my thoughts on what we might do with security:
There
are arguably three (partially overlapping) layers to 802.16 mobile security, the
link cipher (AES-CCM and DES-CBC), the local network entry and key management
(PKM) and the interaction with network side AAA architectures (currently lightly
defined but involving EAP).
Not
withstanding the need for a more efficient secure link cipher (GCM based?) I
believe the link ciphers are done for now. It would be prudent to wait for
802.1ae and others to go through the pain of specifying an authenticated
encryption mode that is fast, efficient and secure (pick any two) before 802.16
attempts another upgrade. In the meantime, I think the actual requirements will
become much more detailed as we gain deployment experience.
We
know PKM to have a number of security flaws, albeit mitigated by the very high
practical barriers to misuse that derive from the nature of P2PM high frequency
fixed equipment. Rather than attempt incremental upgrades to security with
backwards compatible delta changes to the PKM messaging, I suggest that we go
for a separate PKMv2 with messaging aimed at the needs of mobile equipment. In
the medium term there would be a rough alignment of fixed=PKMv1 and
mobile=PKMv2. PKMv2 would have secure authenticated key exchange, mutual
authentication, base certs etc., generally borrowed from
current examples available elsewhere (802.11i, IETF). This would allow
us to let the current PKMv1 go through without too much fuss and meet the needs
of fixed equipment. Mobile equipment might have something that meets the needs
of mobile operators with PKMv2.
PKMv2
could be done in 16e, A network management PAR or a security
PAR. I think 16e is becoming a stretch and dealing with PKMv2 in a new PAR
would remove a road block from the other mobility work in
16e.
The
AAA network interaction is something tied into the nature of the networks 802.16
becomes part of. I see this as being right on track for a network management
PAR.
So in
summary..
Ignore
link ciphers until a clear need for something new turns up.
PKM
remains as it is, with a version 1 tag as per the current
spec.
PKMv2
gets defined either in a network management PAR or a security
PAR.
AAA is
an integral part of a network management PAR.
Feedback is most welcome..
DJ
|