draft-urien-16ng-security-api-00.txt

1 /10 Pascal URIEN, IETF 69th, Monday July 23rd Chicago, IL, USA

draft-urien-16ng-security-api-00.txt

Security API for the IEEE 802.16 Security Sublayer

[email protected]

www.enst.fr


Draft summary

IEEE 802.16e specifies cryptographic algorithms and security procedures, but it doesn’t describe how critical functions are delegated to tamper resistant devices in order to avoid theft of service.

This draft describes a security Application Programming Interface (API), which aims at supporting tamper resistant devices that perform collaborative tasks with the IEEE 802.16 security sublayer.

The security sublayer should provide operators with strong protection from theft of service.

Security APIs enable to transfer critical calculations or protocol processing to trusted computers, such as smart cards or trusted platform modules (TPMs).


The IEEE 802.16e-2005 security sublayer

+----------------------+ | EAP Method | +-----------+----------+ | +-----------+----------+ | EAP Layer | +-----------+----------+ |+--------------------+--------------------+-----------+-----------+| RSA based Authen- | Authorization / SA | EAP encapsulation || –tication (RSA-OP) | Control (SA-CNTL) | decapsulation (EAP-OP)|+--------------------+--------------------+-----------------------+| PKM Control Management (PKM-CM) |+---------------------------------+-------------------------------+| Traffic Data | Control Message Processing || Encryption/Authentication | (PKM-CMP) || Processing | +------------------------+| | + Message Authentication || (TDEAP) +------+------+ Processing (PKM-MAP)|+--------------------------+ PHY SAP +------------------------+ +------+------+ |


This draft+-------------------------------------------------------+| || +------------+ || TAMPER RESISTANT DEVICE | EAP Method | || +------+-----+ || +----------------+ | || | RSA Operations | +-------------------------+-------+| +----------------+ | | | | +------+-----+| Secure Data Storage | | EAP Layer || | +------+-----++-|---------|---------+ |<.|.........|..............SECURITY API.........|.................> | | | | +------ V----------+------------------+-----V-----------------+ | |RSA based Authen- |Authorization / SA| EAP encapsulation | | |–tication (RSA-OP)|Control (SA-CNTL) | decapsulation (EAP-OP)|+-V-+------------------+------------------+-----------------------+| PKM Control Management (PKM-CM) |+---------------------------------+-------------------------------+| Traffic Data | Control Message Processing || Encryption/Authentication | (PKM-CMP) || Processing | +------------------------+| | + Message Authentication || (TDEAP) +------+------+ Processing (PKM-MAP)|+--------------------------+ PHY SAP +------------------------+ +------+------+


Two classes of trusted services

Basic services

Only deal with RSA calculations and/or EAP packets processing.

Extended services

Cache the Authorization Key (AK) in a trusted computing platform.

In that case the AK value is never exposed to the security sublayer.

All calculations dealing with AK are performed by a tamper resistant device, which computes and exports keys needed by security associations.


PKMv1 Services

Basic services

Get-SS-Certificate() collects the Subscriber Station (SS) certificate

Compute-SS-RSA-Priv(Message) decrypts a message with the SS RSA private key.

Extended services

Get-Certificate() collects the SS certificate

Set-AK(AK-SN, Message) pushes a message that contains an encrypted value of AK, identified by its index AK-SN, towards the tamper resistant device.

Get-KEK(AK-SN) collects a KEK key whose index is AK-SN.

Get-HMAC-U(AK-SN) collects an HMAC-U key, whose index is AK-SN

Get-HMAC-D(AK-SN) collects an HMAC-D key, whose index is AK-SN


PKMv2 Basic Services

Basic services

Get-SS-Certificate () collects the SS certificate.

Compute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key.

Process-EAP(packet) processes an EAP request and returns an EAP response.

Get-MSK() returns the MSK 512 bits value, available after the completion of a successful EAP session.


PKMv2 Extended Services 1/2Data Management

Set-Mode(mode) resets the tamper resistant device and gives the current mode of operation

a choice among four alternatives, single PKMv2-RSA, single PKMv2-EAP, single PKMv2-RSA and single PKMv2-EAP, double PKMv2-EAP session.

Set-SS-MAC-Address() gives the SS MAC addressSet-Current-BSID() gives the current BS identifier.Set-Current-AK-SN() gives the current AK key sequence number.

PKMv2-RSAGet-SS-Certificate () collects the SS certificateCompute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key.Compute-Pre-PAK(value) decrypts the Pre-PAK value with the SS private key, the PAK value is calculated and securely stored in the tamper resistant device.Set-Pre-PAK(value) the security sublayer exclusively manages the PKMv2-RSA protocol and provides this value to the tamper resistant device.

PKMv2-EAPProcess-EAP-first-session (packet) processes an EAP request belonging to a first EAP session and returns an EAP response.Process-EAP-second-session (packet) processes an EAP request belonging to a second EAP session and returns an EAP response.


PKMv2 Extended Services 2/2

SA-TEK 3-way HandshakeGet-AKID(AK-SN, list of parameters) computes an AK value (associated to the AK-SN index) from a list of parameters (that may be empty) and returns the AKID value.

Broadband facilitiesCompute-MTK(MGTEK) computes the MTK value from the MGTEK parameter.

KeysGet-KEK(AK-SN) returns value of the KEK key.Get-HMAC-U(AK-SN) returns the value of the HMAC-U key.Get-HMAC-D(AK-SN) returns the value of the HMAC-D key.Get-CMAC-U(AK-SN) returns the value of the CMAC-U key.Get-CMAC-D(AK-SN) returns the value of the CMAC-D key.Get-EIK-RSA(AK-SN) returns the value of the EIK key deduced from a previous PKMv2-RSA operation.Get-EIK-EAP(AK-SN) returns the value of the EIK key deduced from a previous EAP session.


Questions ?

draft-urien-16ng-security-api-00.txt

Documents

Transcript of draft-urien-16ng-security-api-00.txt