Jul 12, 2010 07/12/10 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Frame signaling options for Security Extensions Date Submitted: March 2018 Source: Benjamin A. Rolfe, Blind Creek Associates Contact: Voice: +1 408 395 7207, E-Mail: ben.rolfe@ieee.org Re: TG3f Task Group meetings Abstract: Presents some options for over the air signaling to support alternate security mechanisms in 802.15.4 Purpose: Stimulate interesting and useful discussion leading to viable proposals Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Slide 1 Slide 1 Page 1
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Presentation Summary Presents options for signaling alternate cypher suites and/or use of other security extensions for a frame Focused on Frame by Frame over the air signaling To avoid “icky” considered only means that: Preserves over the air compatibility with prior versions of the standard (through 2006) Does not create new frame type or alter existing frame format or structure of existing fields Uses existing Aux Security header, (the 1 reserved field in ASH). ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 2 Slide 2 Page 2
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Background By ruling out the icky, ugly and really awful methods that came to mind, the following remains: Aux-security header (ASH): Currently defined with 1 reserved bit in the Security Control field. The Security Control field is always present when the ASH is present. Normally when using the last reserved bit or value, The best use would be to as an extension escape indication, signaling that there is more information somewhere else in the frame. Because there is but 1 extension signal, the method used to represent the extension information must be flexible and extensible. Proposal is to define a header information element, Security Extension IE (SEIE). This could be a multiplexed structure, or not (to discuss) ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 3 Slide 3 Page 3
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Details (1) Bit 7 of the Security Control fields be used for “extended security”. 0 means Define a header IE for (each) security extension (HIEs follow ASH) E.g. Security extension IE: Field 0: extension ID (1 octet) When extension ID = AES256_ENCRYPTED No further content required When extension ID = Something Else, Content specific to the security extension type When ASH b7==0 no Security Extension IE expected (AES128 assumed, same as 2006-2015) ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 4 Slide 4 Page 4
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Details (2) A frame secured with a new encryption method, e.g. AES-256 encryption, would be sent with the Security Enabled field of the Frame Control Field set to TRUE, the Extended Security field if the Security Control Field in the ASH set to 1, and exactly 1 SEIE following the ASH. Structure of MAC frame ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 5 Slide 5 Page 5
Secure Frame Overview, Frame version == 2 This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Structure of MAC frame Octets: 2 0/1 0/…./20 1/…./14 3/….k 2/4 4/8/16 Frame Control Sec Enable=1 SequenceNumber Address Fields Auxiliary Security Header SEXT=1 Header IEs: Security Extension IE Payload IEs Other Payload FCS MIC MHR MAC Payload MFR Secure Frame Overview, Frame version == 2 ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 6 Slide 6 Page 6
Structure of MAC frame (2) This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Structure of MAC frame (2) 1 0/4 0/1/5/9 Security Control Frame Counter Key ID ASH Bits 0:1 3:4 5 6 7 Security Level Key ID Mode Frame Counter Suppression ASN in Nonce Security Extension ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Security Control field Slide 7 Slide 7 Page 7
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 IE When Security Extension (SEXT) field equals 1 (TRUE), a Security Extension IE is required (shall be included) in the header IE list following the ASH. Suggestion: SEIE should be the first IE in the header IE list when present. Secure ACK: SECN device required to use the security method in the ACK used in the frame being ACK’d ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 8 Slide 8 Page 8
SEXT-IE general format Octets: 2 1 Variable IE Descriptor Extension Type ID Extension type specific content SEXT-IE general format For signaling AES-256 is used to encrypt the frame, SEIE does not require type specific content: Octets: 2 1 IE Descriptor Extension Type ID Future extensions may require additional content.
Compatibility Prior (pre-SECN) implementations This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Compatibility Prior (pre-SECN) implementations Ignore reservied field (b7) in Security Control field Ignore (skip over) SEXT-IE Will pass CRC Will fail MIC check Frame will be dropped There is overhead and an ACK may be generated 802.15.4-2015, ACK is optional when secure frame fails security processing. ACK may be generated when CRC indicates OK Per 802.15.4-2015 ACK would be secured ACK would be secured using AES128 and thus should be ignored by node originating frame. Net: some overhead but not broken. ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 10 Slide 10 Page 10
This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Variation 1 Do not use Bit 7 of the Security Control fields be used for “extended security”. Still always zero. Define Security extension IE so that presence of the IE means alternate security is used Header IE so processed before decryption or message integrity (authentication) Requires that SECN enabled systems must parse Header IE before deciding to accept/reject based on MIC ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 11 Slide 11 Page 11
Variation 2 Roll version number This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Jul 12, 2010 07/12/10 Variation 2 Roll version number Pro: Legacy systems will abandon frame early and never generate ACK. Con: burns last version number. Not great unless some extensible method is added for frame version (which adds overhead). ----- Meeting Notes (17/01/2011 11:38) ----- Replace 1st paragraph with context for TVWS Slide 12 Slide 12 Page 12
Discussion