1 / 10

draft-urien-16ng-security-api-00.txt

draft-urien-16ng-security-api-00.txt. Security API for the IEEE 802.16 Security Sublayer Pascal.Urien@enst.fr. www.enst.fr. Draft summary.

hina
Download Presentation

draft-urien-16ng-security-api-00.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. draft-urien-16ng-security-api-00.txt Security API for the IEEE 802.16 Security Sublayer Pascal.Urien@enst.fr www.enst.fr

  2. Draft summary • IEEE 802.16e specifies cryptographic algorithms and security procedures, but it doesn’t describe how critical functions are delegated to tamper resistant devices in order to avoid theft of service. • This draft describes a security Application Programming Interface (API), which aims at supporting tamper resistant devices that perform collaborative tasks with the IEEE 802.16 security sublayer. • The security sublayer should provide operators with strong protection from theft of service. • Security APIs enable to transfer critical calculations or protocol processing to trusted computers, such as smart cards or trusted platform modules (TPMs).

  3. The IEEE 802.16e-2005 security sublayer +----------------------+ | EAP Method | +-----------+----------+ | +-----------+----------+ | EAP Layer | +-----------+----------+ | +--------------------+--------------------+-----------+-----------+ | RSA based Authen- | Authorization / SA | EAP encapsulation | | –tication (RSA-OP) | Control (SA-CNTL) | decapsulation (EAP-OP)| +--------------------+--------------------+-----------------------+ | PKM Control Management (PKM-CM) | +---------------------------------+-------------------------------+ | Traffic Data | Control Message Processing | | Encryption/Authentication | (PKM-CMP) | | Processing | +------------------------+ | | + Message Authentication | | (TDEAP) +------+------+ Processing (PKM-MAP)| +--------------------------+ PHY SAP +------------------------+ +------+------+ |

  4. This draft +-------------------------------------------------------+ | | | +------------+ | | TAMPER RESISTANT DEVICE | EAP Method | | | +------+-----+ | | +----------------+ | | | | RSA Operations | +-------------------------+-------+ | +----------------+ | | | | +------+-----+ | Secure Data Storage | | EAP Layer | | | +------+-----+ +-|---------|---------+ | <.|.........|..............SECURITY API.........|.................> | | | | +------ V----------+------------------+-----V-----------------+ | |RSA based Authen- |Authorization / SA| EAP encapsulation | | |–tication (RSA-OP)|Control (SA-CNTL) | decapsulation (EAP-OP)| +-V-+------------------+------------------+-----------------------+ | PKM Control Management (PKM-CM) | +---------------------------------+-------------------------------+ | Traffic Data | Control Message Processing | | Encryption/Authentication | (PKM-CMP) | | Processing | +------------------------+ | | + Message Authentication | | (TDEAP) +------+------+ Processing (PKM-MAP)| +--------------------------+ PHY SAP +------------------------+ +------+------+

  5. Two classes of trusted services • Basic services • Only deal with RSA calculations and/or EAP packets processing. • Extended services • Cache the Authorization Key (AK) in a trusted computing platform. • In that case the AK value is never exposed to the security sublayer. • All calculations dealing with AK are performed by a tamper resistant device, which computes and exports keys needed by security associations.

  6. PKMv1 Services • Basic services • Get-SS-Certificate() collects the Subscriber Station (SS) certificate • Compute-SS-RSA-Priv(Message) decrypts a message with the SS RSA private key. • Extended services • Get-Certificate() collects the SS certificate • Set-AK(AK-SN, Message) pushes a message that contains an encrypted value of AK, identified by its index AK-SN, towards the tamper resistant device. • Get-KEK(AK-SN) collects a KEK key whose index is AK-SN. • Get-HMAC-U(AK-SN) collects an HMAC-U key, whose index is AK-SN • Get-HMAC-D(AK-SN) collects an HMAC-D key, whose index is AK-SN

  7. PKMv2 Basic Services • Basic services • Get-SS-Certificate () collects the SS certificate. • Compute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key. • Process-EAP(packet) processes an EAP request and returns an EAP response. • Get-MSK() returns the MSK 512 bits value, available after the completion of a successful EAP session.

  8. PKMv2 Extended Services 1/2 • Data Management • Set-Mode(mode) resets the tamper resistant device and gives the current mode of operation • a choice among four alternatives, single PKMv2-RSA, single PKMv2-EAP, single PKMv2-RSA and single PKMv2-EAP, double PKMv2-EAP session. • Set-SS-MAC-Address() gives the SS MAC address • Set-Current-BSID() gives the current BS identifier. • Set-Current-AK-SN() gives the current AK key sequence number. • PKMv2-RSA • Get-SS-Certificate () collects the SS certificate • Compute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key. • Compute-Pre-PAK(value) decrypts the Pre-PAK value with the SS private key, the PAK value is calculated and securely stored in the tamper resistant device. • Set-Pre-PAK(value) the security sublayer exclusively manages the PKMv2-RSA protocol and provides this value to the tamper resistant device. • PKMv2-EAP • Process-EAP-first-session (packet)processes an EAP request belonging to a first EAP session and returns an EAP response. • Process-EAP-second-session (packet)processes an EAP request belonging to a second EAP session and returns an EAP response.

  9. PKMv2 Extended Services 2/2 • SA-TEK 3-way Handshake • Get-AKID(AK-SN, list of parameters) computes an AK value (associated to the AK-SN index) from a list of parameters (that may be empty) and returns the AKID value. • Broadband facilities • Compute-MTK(MGTEK) computes the MTK value from the MGTEK parameter. • Keys • Get-KEK(AK-SN) returns value of the KEK key. • Get-HMAC-U(AK-SN) returns the value of the HMAC-U key. • Get-HMAC-D(AK-SN) returns the value of the HMAC-D key. • Get-CMAC-U(AK-SN) returns the value of the CMAC-U key. • Get-CMAC-D(AK-SN) returns the value of the CMAC-D key. • Get-EIK-RSA(AK-SN) returns the value of the EIK key deduced from a previous PKMv2-RSA operation. • Get-EIK-EAP(AK-SN) returns the value of the EIK key deduced from a previous EAP session.

  10. Questions ?

More Related