Security Support for Multi-cast Traffic in M2M communication

Document Number: IEEE C802.16p-10/0022

Date Submitted: 2010-12-30

Source:Inuk Jung, Kiseon Ryu, JinSam Kwak Email: inuk.jung@lge.com LG Electronics

Re: 802.16p amendment texts

Venue: IEEE Session #71

Base Contribution: IEEE 802.16ppc-10/0004r1

Purpose:To be discussed and adopted by TGp.Notice:This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein.

Release:The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution

may be made public by IEEE 802.16.

Patent Policy:The contributor is familiar with the IEEE-SA Patent Policy and Procedures:

<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.

Overview of Group Management in M2M Assumptions

A number of devices are grouped by some criteria Devices share a common Group ID (GID) To join a group, a device first must be network authorized

Implies retrieval of MSK/PMK and successful authentication of TEK/CMAC

Motivation In M2M environments, a deployment of massive devices is controlled most efficiently in

group based manner. Such efficient management is achieved by simplified control over a large number of

devices, which is based on Multi-cast transmission. In aspect if communication contents, such group controlled communication can consist of

trivial and/or confidential data (i.e. Group device control, firmware upgrade, scheduling configuration control data etc).

Hence, security appliance cannot be abstracted away for multicast data transmission for Multi-cast transmission, especially for M2M deployments.

Objective Like a Group ID, a common group security key can help the BS and devices to

encrypt/decrypt multicast data efficiently. This requires

1. a new Key hierarchy and Key derivation method for Group Key related security parameters2. Group Key update procedure

Enhanced Multi-cast Security compared to 16e Possible factors for enhancement of 16e Multi-cast security

Unencrypted PKM message Complicated Key Hierarchy PUSH based key update for key management

In general, the security of 16m is an enhancement to 16e Key management is done locally (i.e. using key count for local update

generation: local key derivation) However, there is no security mechanism for Multi-cast transmission in

16m

Hence, an enhancement to the Multi-cast security mechanism is required, which should be based on 16m security, with consideration of 16e’s Multi-cast security feature (i.e. simplifying key hierarchy, enhanced key management, secured key exchange procedure)

Conceptual Key hierarchy (GMK/GTEK)

2-level key hierarchy

Text Proposal

Insert the following texts and figure in 16p amendment document: 16.2.29 MAC Support of M2M 16.2.29.n Security 16.2.29.n.1 Group Security for Multi-cast TrafficSecurity for Multi-cast traffic provides confidentiality (i.e. encryption) and

integrity protection of such data information for secure group informing and management. A common security key is used by devices within a group.

16.2.29.n.1.1 Key DerivationThe key hierarchy defines what keys are present in the system for Multi-cast

traffic and how keys are generated. The BS may derive the Group Master Key (GMK) by local generation. The group traffic encryption key (GTEK) is derived directly from the GMK, which is used for encryption/decryption of Multi-cast traffic.

16.2.29.n.1.1.1 GMK Derivation 16.2.29.n.1.1.2 GTEK Derivation 16.2.29.n.1.2 Key Hierarchy 16.2.29.n.1.3 Key Agreement 16.2.29.n.1.4 Key Usage 16.2.29.n.1.4.1 GTEK Usage 16.2.29.n.1.4.1 GTEK Update