Project IEEE 802.20 Working Group on Mobile Broadband Wireless Access <http://grouper.ieee.org/groups/802/20/>

Title Moving forward on IEEE 802.20 security: where are we and where do we want to go?

Date Submitted

2004-06-28

Source(s) Florent Bersani Email: florent.bersani@francetelecom.com

Re: MBWA Call for Contributions

Abstract Providing security to wireless communication technologies is a rather well-understood problem from a theoretical point of view. However, effectively delivering it in real world standards is something quite different. Security must de done by experts to which a clear set of requirements is provided.

Purpose Prompt the 802.20 WG to refine its security requirements and plan the way it will want security to be handled.

Notice This document has been prepared to assist the IEEE 802.20 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.20.

Patent Policy The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development <http://standards.ieee.org/board/pat/guide.html>.

2004-06-28 IEEE C802.20-04/62

What this presentation is about:

• The previous contributions to MBWA on security

• The way the security of MBWA is perceived by a newbie

• How security could/should be handled by MBWA

2004-06-28 IEEE C802.20-04/XX

What this presentation is not about:

• The state of the art on the security for wireless communication technologies

2004-06-28 IEEE C802.20-04/XX

Caveat (1/2)

• When you listen to a presentation on security: be paranoid and use your brain!– Never trust a speaker that is not recognized as a

security expert, for instance, do not trust this presentation ;-)

– Even if the speaker is recognized as a security expert, make sure there are no misunderstandings with him and that his position reflects a consensus

2004-06-28 IEEE C802.20-04/XX

Caveat (2/2)

• This presentation is not made by:– A security expert– A networking expert– An IEEE 802 expert

• Feel free to correct or interrupt!

2004-06-28 IEEE C802.20-04/XX

The security contributions to 802.20 so far (1/2)

• IEEE C802.20-03/06&07 - Wireless Security Threats– A tentative threat model and some solutions?

• IEEE C802.0-03/21 - Distributed Security Proposal Certicom– Distributed vs. Centralized security architecture

• IEEE C802.20-03/74&88 - An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption– Physical layer encryption

2004-06-28 IEEE C802.20-04/XX

The security contributions to 802.20 so far (2/2)

• IEEE C802.20-04/09 - DoD Wireless Security Requirements for Sensitive but Unclassified information– Prompting 802.20 to meet US DoD requirements

• IEEE C802.20-04/41- IEEE 802.20 MBWA Security Architecture– Security Requirements and proposed solutions

• IEEE C802.20-04/56r1 - On Security Issues In Wireless Communications Systems– Selection of cryptographic primitives (AES and/or RC4)

2004-06-28 IEEE C802.20-04/XX

The way 802.20 security is perceived by a newbie (1/5)

• The PAR:– « Security Support AES (Advanced Encryption

Standard) »

• The 802.20 requirements document:– « 4.1.11 Network Security

• Network security in MBWA systems shall protect the service provider from theft of service, the user’s privacy and mitigate against denial of service attacks. Provision shall be made for authentication of both base station and mobile terminal, for privacy, and for data integrity consistent with the best current commercial practice. 802.20 security is expected to be a partial solution complemented by end-to-end solutions at higher protocol layers such as EAP, TLS, SSL, IPSec, etc. »

2004-06-28 IEEE C802.20-04/XX

The way 802.20 security is perceived by a newbie (2/5)

• The 802.20 requirements document (continued):– « 

• 4.1.11.1 Access Control– Access control shall be provided using a cryptographic method.

• 4.1.11.2 Privacy Methods – A method that will provide message integrity across the air

interface to protect user data traffic, as well as signaling messages from unauthorized modification will be specified.

– Encryption across the air interface to protect user data traffic, as well as signaling messages, from unauthorized disclosure will be incorporated.

• 4.1.11.3 User Privacy – The system will prevent the unauthorized disclosure of the user

identity. »

2004-06-28 IEEE C802.20-04/XX

The way 802.20 security is perceived by a newbie (3/5)

• The 802.20 requirements document (continued):– « 

• 4.1.11.4 Denial of Service Attacks – It shall be possible to prevent replay attacks by minimizing the

likelihood that authentication signatures are reused.– It shall be possible to provide protection against Denial of Service

(DOS) attacks.

• 4.1.11.5 Security Algorithm – The authentication and encryption algorithms shall be publicly

available on a fair and non-discriminatory basis.– National or international standards bodies shall have approved the

algorithms.

• The algorithms shall have been extensively analysed by the cryptographic community to resist all currently known attacks. »

2004-06-28 IEEE C802.20-04/XX

The way 802.20 security is perceived by a newbie (4/5)

• The security contributions– A collection of motley documents:

• Large tutorials vs. concrete propositions

• Correct vs. Incorrect assertions*

• Low level vs. High level preoccupations

* The latter is really a major concern!!!

2004-06-28 IEEE C802.20-04/XX

The way 802.20 security is perceived by a newbie (5/5)

• Yet another standard that does not take into account:– The lessons of the past?

• IPsec (http://www.schneier.com/paper-ipsec.html*)

• IEEE 802.11 (http://www.drizzle.com/~aboba/IEEE/wep-draft.zip*)

– The work that is going/has gone on elsewhere?• IEEE 802.1AE&AF (http://www.ieee802.org/1/pages/802.1ae.html)

• IEEE 802.16&IEEE 802.11i…

* among others

2004-06-28 IEEE C802.20-04/XX

How security could/should be handled by MBWA

• Further refine the security requirements so that they can fed as unique input to security experts, in an ad-hoc group?

• Organize the security experts group that will be fed the input requirements and the proposed solution outputs?

• Keep up the good work and the positive attitude demonstrated so far towards security , e.g.– Taking security into account right from the start– Requiring « standard » and public security solutions

2004-06-28 IEEE C802.20-04/XX

Example questions to be discussed (1/7)

• What is the target architecture?

– Ad-hoc networks, e.g. IBSS in 802.11 jargon (only STAs)

– Infrastructure networks, e.g. BSS in 802.11 jargon (STAs communicating thanks to an AP)

• What is the time-line for 802.20?

– Tentative answer in IEEE C802.20-04/59– Necessary if 802.20 wishes to reuse security

standards that are not yet finished like .1ae&.1af

2004-06-28 IEEE C802.20-04/XX

Example questions to be discussed (2/7)

• How much flexibility in the security?

– Supporting many cipher suites and versions• Expected performances of the cryptographic&security

algorithms:

– Latency, Throughput, Resource consumption (on which devices?)

– Ease of deployment&ease of use

2004-06-28 IEEE C802.20-04/XX

Example questions to be discussed (3/7)

• Placement of the of the security sublayer and interface to it– Where does the security sublayer fit in?

• Below the MAC, at the PHY? C802.20-03/74&88 • Just below LLC? – see e.g. IEEE 802.10-1998*• Integrated to the MAC?

– Which frames shall be protected?• Data• Control• Management

– Which different types of protection will be available?• Confidentiality and Integrity/Replay protection• Only Integrity/Replay protection

*withdrawn standard

Example questions to be discussed (4/7)

• Broadcast/multicast handling– Many ways to secure this trafic: how to compare them:

• Bandwidth consumption• Resource requirements• Security/Functional issues (e.g., synchronization)

• Handover impacts– Delay possibly added to handover by security– Various ways to deal with this (architectural,

protocolary,…)

Example questions to be discussed (5/7)

• Security architecture: « . 802.20 security is expected to be a partial solution complemented by end-to-end solutions at higher protocol »– To what extent is the solution partial?

• Denial of service attacks– Be prepared to much discussion on what is a

serious DoS attack and what is not– Anyway, there still is the bovine jamming

attack

Example questions to be discussed (6/7)

• Identity protection: « system will prevent the unauthorized disclosure of the user identity »– Current wording allows protocol that prompt authorized

disclosure of identity ;-)– Anyway what is the user’s identity?

• MAC address? See the debate on this in 802.1 Link Sec• Other, e.g., NAI for EAP?

• How many bytes per frame can be sent on security?– Security typically needs a Nonce, a MIC tag, a SPI…– Can be problematic, see discussions between 802.1ae and

802.3ah!

Example questions to be discussed (7/7)

• Random numbers vs. Counters/timestamps– Any preference?

• Key management is currently not evoked in the requirements document ! – It MUST be included with the corresponding

requirements…– What are the requirements on a key

management scheme?

Questions?

2004-06-28 IEEE C802.20-04/XX