Comment on 21-09-0180-00-0000-response-to-comments-for-802-21c-par
Vivek,
I respectfully do not agree with your draft response to my
comment.
The response says:
"As part of the Single Radio HO presentations/discussions in
802.21 WG in July/Sept it has ALWAYS been mentioned that MIH
Protocol is intended to be used for sending Network Entry
messages for preparing the target access system. The liaison
from WiMAX Forum does not say anything new or different in
that respect. There is no security work intended as part of
this project."
Although it has been mentioned that MIH Protocol is intended
to be used for sending Network Entry messages for preparing
the target access system, this does not mean I or other WG
members agreed with the view. Otherwise, why the statement
on 802.21a was added in 5C? Now having seeing the WiMAX
liaison, I strongly believe that the added statement on
802.21a should be emphasized in the PAR rather than 5C.
Also let me explain why I believe there is security related
aspect in the proposed project.
First, carrying link-layer frames that are used for
authentication and key establishment over a tunnel between
MN and target network is actually security signaling,
because such frames carry security parameters that are
eventually used for establishing a security association
between target link-layer entities. Furthermore, what is
the scope and usage of the established key using the tunnel?
There would be an issue if the same key material is used in
different contexts such as inside and outside the target
radio. What is the lifetime of the key established using
the tunnel? How can security signaling over the tunnel and
over the target radio can be distinguished by the target MAC
if it uses the same link-layer frames for both cases?
Without distinguishing the two, it does not work.
Second, how Network Entry messages can be securely delivered
to the target network. If 802.16 management frames are
carried over a tunnel, how such a tunnel can be securely
established between MN and the other end-point of the tunnel?
These are definitely security issues, and 802.21a is the TG
to address security aspects related to 802.21.
Therefore, I still request to move the following text from
5C to PAR: "Security optimizations as defined in 802.21a
should apply to both dual and single radio handovers."
Best Regards,
Yoshihiro Ohba