Embed Size (px)
Citation preview
January 2005
Robert Cragie, Jennic Ltd.Slide 1
doc.: IEEE 802.15-05-0082-00-004b
Submission
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)
Submission Title: [Security clarifications]Date Submitted: [19 January, 2005]Source: [Robert Cragie] Company [Jennic Ltd.]Address [Furnival Street, Sheffield, S1 4QT, UK]Voice:[+44 114 281 4512], FAX: [+44 114 281 2951], EMail:[[email protected]]
Re: [Response to the call for proposal of IEEE 802.15.4b, Security enhancements]
Abstract: [Discussion for several potential enhancements for current IEEE 802.15.4 MAC]
Purpose: [For the discussion at IEEE 802.15.4b Study Group]
Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.
January 2005
Robert Cragie, Jennic Ltd.Slide 2
doc.: IEEE 802.15-05-0082-00-004b
Submission
Security Clarifications
Robert CragieJennic Limited
January 2005
Robert Cragie, Jennic Ltd.Slide 3
doc.: IEEE 802.15-05-0082-00-004b
Submission
Introduction
• Proposes data structures for enhancements to security
• Companion document in 15-04-0539
January 2005
Robert Cragie, Jennic Ltd.Slide 4
doc.: IEEE 802.15-05-0082-00-004b
Submission
Outgoing frame security parameters
• Key• Nonce
– Frame Counter– Source Extended Address– Security Control
• Where the authentication data ends and where the encrypted data starts
– Dependent on frame type and security level
January 2005
Robert Cragie, Jennic Ltd.Slide 5
doc.: IEEE 802.15-05-0082-00-004b
Submission
Security Material classes
• Two classes of Security Material– Link Key– Network Key
• The names may not be entirely appropriate but are familiar to the security subgroup
January 2005
Robert Cragie, Jennic Ltd.Slide 6
doc.: IEEE 802.15-05-0082-00-004b
Submission
Link key
• Key shared between two devices only• Point-to-point frame (source to destination)• Implicit lookup information at destination• Source address could also be transported (see also
Device Lookup table optimisations)• Source:
– Key Lookup: Destination address– Device Lookup: Source address (i.e. self)
• Destination– Key Lookup: Source address– Device Lookup: Source address
January 2005
Robert Cragie, Jennic Ltd.Slide 7
doc.: IEEE 802.15-05-0082-00-004b
Submission
Network key (1)
• Key sequence shared across multiple devices• Owner is Key Source, which has an Identifier (e.g. a Trust
Centre combined with a Key Sequence Number)• The Key Source Identifier is unique over the lifetime of the
system• There is a notion of ‘current Key Source Identifier’, which
is always used by the source device to lookup key• Current Key Source Identifier is always transported in
frame to provide explicit lookup information at destination
January 2005
Robert Cragie, Jennic Ltd.Slide 8
doc.: IEEE 802.15-05-0082-00-004b
Submission
Network key (2)
• Source address could also be transported (see also Device Lookup table optimisations)
• Point-to-point, broadcast or group address frame (source to destination(s))
• Source:– Key Lookup: Key Source Identifier– Device Lookup: Source address (i.e. self)
• Destination– Key Lookup: Key Source Identifier– Device Lookup: Source address
January 2005
Robert Cragie, Jennic Ltd.Slide 9
doc.: IEEE 802.15-05-0082-00-004b
Submission
Key sequence
• Network Key is infact a sequence of keys• The current yey being used is indicated by the
Key Sequence Number• When a particular key in a sequence cannot be
used any more, e.g. due to frame counter wrapping, it is ‘retired’ and never used again
• The Key Sequence Number is then incremented, indicating that the next key in the sequence is then used
January 2005
Robert Cragie, Jennic Ltd.Slide 10
doc.: IEEE 802.15-05-0082-00-004b
Submission
MAC PIB tables for security
Key Table lookup Key Table entry
Device Table lookup Device Table entry
MAC PIB
Destination Filter Table lookupDestination Filter Table
Destination Filter Table entry
Source Filter Table lookup Source Filter Table entry
Destination Filter TableDestination Filter Table
Destination Filter TableDestination Filter TableSource Filter Table
Destination Filter TableDestination Filter TableDevice Table
Destination Filter TableDestination Filter TableKey Table
January 2005
Robert Cragie, Jennic Ltd.Slide 11
doc.: IEEE 802.15-05-0082-00-004b
Submission
Key Table
• A table of keys which can be matched to to retrieve the key information for the unsecuring process
January 2005
Robert Cragie, Jennic Ltd.Slide 12
doc.: IEEE 802.15-05-0082-00-004b
Submission
Device Table
• A table of devices which can be matched to to retrieve
– Nonce extended address – Frame counter for freshness checking– Security level for checking
January 2005
Robert Cragie, Jennic Ltd.Slide 13
doc.: IEEE 802.15-05-0082-00-004b
Submission
Source Filter Table
• A table of source addresses which can be matched to to allow limiting of devices you wish to receive from
• ‘backwards group addressing’• Perhaps should not be considered as part
of security but frame filtering process
January 2005
Robert Cragie, Jennic Ltd.Slide 14
doc.: IEEE 802.15-05-0082-00-004b
Submission
Destination Filter Table
• A table of destination addresses which can be matched to to allow group addressing
• Perhaps should not be considered as part of security but frame filtering process
• Already done in a fashion; broadcast address and self-address matching already specified in 802.15.4-2003
January 2005
Robert Cragie, Jennic Ltd.Slide 15
doc.: IEEE 802.15-05-0082-00-004b
Submission
Lookup method
• As tables are used, there must be some sort of lookup method; Idea is to capture only what data and class of data can be used for the lookup
• Data used to lookup can conceptually be anything up to 8 octets (i.e. extended address)
• It may be possible to have more than one matching method per table entry (e.g. short address and extended address matching)
• How the lookup list and matching method is implemented is deliberately not specified and left to the implementer (e.g. could be hash table, relational database etc.)
January 2005
Robert Cragie, Jennic Ltd.Slide 16
doc.: IEEE 802.15-05-0082-00-004b
Submission
Key Table entry
• Key• Device List
– A list of devices using this key, including whether they are blacklisted
January 2005
Robert Cragie, Jennic Ltd.Slide 17
doc.: IEEE 802.15-05-0082-00-004b
Submission
Key Table lookup
• Lookup List– A list of Lookup Descriptors which are used to match to
• PAN ID and short address pair• Extended address• Trust centre number and key sequence number
pair• In the most generic case, a variable length
number which needs to be bitwise matched with another number of the same length
January 2005
Robert Cragie, Jennic Ltd.Slide 18
doc.: IEEE 802.15-05-0082-00-004b
Submission
Device Table entry
• Extended Address– Used for nonce
• Frame Counter– Used for freshness checking
• Minimum Security Level– Used to discard frames which do not meet minimum
security level– Depends on frame type as well
• There is one entry for yourself and one entry for each device you are in communication with
January 2005
Robert Cragie, Jennic Ltd.Slide 19
doc.: IEEE 802.15-05-0082-00-004b
Submission
Device Table lookup
• Lookup Entry– A Lookup Descriptor which is used to match to
• Can only be PAN ID and short address pair• Device Table entry’s Extended Address can
always be used to match to• In the most generic case, a variable length
number which needs to be bitwise matched with another number of the same length
January 2005
Robert Cragie, Jennic Ltd.Slide 20
doc.: IEEE 802.15-05-0082-00-004b
Submission
Device Table lookup optimisations
• If the extended address can always be implied from the frame, there is no need to store an extended address in a Device Table entry
• This means:– Either explicitly transporting the extended address– Or always using source address mode equal to 3
• Tradeoff:↓ Longer frames or less room for payload↑ Less storage requirement
January 2005
Robert Cragie, Jennic Ltd.Slide 21
doc.: IEEE 802.15-05-0082-00-004b
Submission
Source Filter Table entry
• No data – purely used for membership testing
January 2005
Robert Cragie, Jennic Ltd.Slide 22
doc.: IEEE 802.15-05-0082-00-004b
Submission
Source Filter Table lookup
• Lookup Entry– A Lookup Descriptor which is used to match to
• PAN ID and Short Address• Extended Address• In the most generic case, a variable length
number which needs to be bitwise matched with another number of the same length
January 2005
Robert Cragie, Jennic Ltd.Slide 23
doc.: IEEE 802.15-05-0082-00-004b
Submission
ACL mode
• Simply implemented• Device table is used• If matched in Device Table, can be considered
to be pass filtering
January 2005
Robert Cragie, Jennic Ltd.Slide 24
doc.: IEEE 802.15-05-0082-00-004b
Submission
Restricting mandates
• Propose not use any text which implies:– Sharing of MAC PIB with higher layers– Single-threaded operation
• These are entirely implementation-specific issues and have no place in a specification
• This categorically does not preclude an This categorically does not preclude an implementation from implementing it in this implementation from implementing it in this fashion should it so choose.fashion should it so choose.
January 2005
Robert Cragie, Jennic Ltd.Slide 25
doc.: IEEE 802.15-05-0082-00-004b
Submission
Frame counters
• Propose to not use compressed form, as wraparound can occur quite quickly
• Propose to have a Frame Counter per protocol stack level, e.g. the one used at the MAC level is independent from the one used at a network layer level
• This is because essentially the frame counter is changes on every frame secured at that particular stack level.
January 2005
Robert Cragie, Jennic Ltd.Slide 26
doc.: IEEE 802.15-05-0082-00-004b
Submission
Group addressing
• Simply a form of packet filtering using the Destination Filter Table
• Network Key essentially becomes a ‘Group Key’, i.e. is distributed only to nodes in the group
• Propose to base it on bitmap and mask• No further implication as destination address of
frame is never used for Network Key lookup.
January 2005
Robert Cragie, Jennic Ltd.Slide 27
doc.: IEEE 802.15-05-0082-00-004b
Submission
Automatic Device Table entry addition
• A method to prevent having to preconfigure the Device Table
• If you receive a frame and it successfully looks up the key, then allocate a temporary Device Table entry for it
• If the unsecuring process passes, install the Device Table entry into the Device Table
• Need a PIB attribute to allow this or not
![IEEE Life Cycle Standards and the CMMI Implementation Considerations · 2017-05-19 · [IEEE 1998] IEEE 1062, IEEE Recommended Practice for Software Acquisition [IEEE 2005] IEEE 15288,](https://img.pdfslide.us/doc/110x75/5e740ab442e6042c3d2f498e/ieee-life-cycle-standards-and-the-cmmi-implementation-considerations-2017-05-19.jpg)
