IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: 21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Title: Proposal on the security of 802.21
Date Submitted: May 13, 2015
Presented at IEEE 802.21 session #68 in Vancouver, Canada
Authors or Source(s):
Yuji Unagami, Yusuke Shimizu(Panasonic)
Abstract: This document proposed a security of the 802.21. We have been studying to use 802.21 standard as the security technology with HEMS. We propose two items for flexible implementation.
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
IEEE 802.21 presentation release statementsThis document has been prepared to assist the IEEE 802.21 Working Group. It is
offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21.
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>
IEEE 802.21 presentation release statementsThis document has been prepared to assist the IEEE 802.21 Working Group. It is
offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21.
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Background of this proposal
• Japanese Government(METI: Ministry of Economy, Trade and Industry) is leading the initiative to achieve HEMS(Home Energy Management System) systems.
• Note: Currently Each manufacture is using their own proprietary technology.
• Panasonic is one of the board member of this initiative to utilize ECHONET-Lite protocol for seamless communication between various home appliance product.
• Panasonic has been studying to use 802.21 standard as the security technology with ECHONET-Lite.
Home gateway
Home gatewaydevice
device
Currently
Home gateway
Future
Proprietary
Proprietary
non-interoperability
non-interoperability Interoperability
with standardizedInteroperability
with standardizedHome gateway
device
device
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Background of this proposal
• We are studying to use 802.21d protocol for HEMS in Japan market.
• PoS with Group Manager : home gateway• PoS : device(e.g. air conditioner, sensor, etc..)
• Flexible implementation is very important for the use of 802.21d.
• Processing of signature for each multicast transmission is too burden for air conditioner.
PoS with Group Manager
PoS PoS
MN MN MN MN
Multicast Transport Multicast Transport
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
ID_TYPE of SAID TLV
• Add new parameter in “ID_TYPE” field for the use of other key management technology.
• e.g. ECDH, Key distribution from the PoS with Group Manager, etc.
TYPE LENGTH SEQUENCE (ID_TYPE, ID_VALUE)
SAID TLV
ID_TYPE0: TLS-generated1: EAP-generated2: GKB-generated3: Other-generated
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
MIC of AES_CCM
• It is stated in the specification of 802.21d. (8.4.2)• A Signature TLV should be used for multicast MIH messages in order
to provide source origin authentication for multicast MIH massages. • Otherwise, a message alternation(alteration?) attack by an
insider who has a GKB SA is possible even if the multicast MIH message is integrity protected by the group key corresponding to the GKB SA.
• Signature verification process is too much burden for the low-power computing device, however, there should be some scheme to prevent tampering by a third party.
MIH header(S=1)
Source MIHFIdentifier TLV
Destination MIHFIdentifier TLV SAID TLV Service Specific TLV
AES_CCM
MIH header(S=1)
Source MIHFIdentifier TLV
Destination MIHFIdentifier TLV SAID TLV ENC_DATA MIC_DATA
Security TLVa message alteration attack by a third partywho does not have a GKB SA is possible
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
MIC of AES_CCM
• Generate MIC_DATA not only by Service Specific TLV but also MIH frame.
MIH header(S=1)
Source MIHFIdentifier TLV
Destination MIHFIdentifier TLV SAID TLV Service Specific TLV
AES_CCM(MIC)
AES_CCM(Enc)
MIH header(S=1)
Source MIHFIdentifier TLV
Destination MIHFIdentifier TLV SAID TLV
Security TLV
ENC_DATA MIC_DATA
• Third party who does not have GKB SA can not execute alteration attack.
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Supplement
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Background details
• Japanese Government is leading the initiative to achieve HEMS systems.
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
The scope of standardization in HEMS-TF
I/F
home appliance
Stationary battery
PV
Referencehttp://www.meti.go.jp/press/2011/02/20120224007/20120224007-2.pdf
Device List•Smart meter•PV(Photovoltaics)•Stationary battery•Fuel cell•EVPS(EV Power Station)•Air conditioner•Lighting•Hot water dispenser
Background details
• The Japanese government has recommended ECHONET Lite as standard interface.
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
home appliance
housing equipment
energy equipment
Service
Network
Command
Protocol
ECHONET Lite standard
Network of lower layer(PHY, MAC)
Discussed in HEMS-TF
Communication address using IP address
IP address
Referencehttp://www.meti.go.jp/press/2011/02/20120224007/20120224007-2.pdf
Background details
• HEMS-TF were selected standard media.
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Referencehttp://www.meti.go.jp/press/2013/05/20130515004/20130515004-6.pdf
Layer 5-7
Layer 4
Layer 3
Layer 2
Layer 1
Network layer
Network of lower layer
920MHz 2.4GHz PLC
Service
5GHz Ethernet
Background details
• 802.21d is implemented between UDP and ECHONET Lite
21-15-0051-02-REVP-Proposal-on-the-security-of-802.21
Referencehttp://www.meti.go.jp/press/2013/05/20130515004/20130515004-6.pdf
Layer 5-7
Layer 4
Layer 3
Layer 2
Layer 1
920MHz 2.4GHz PLC5GHz Ethernet
802.21d802.21d
Including state machine, fragment.
Including state machine, fragment.