IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-12-0077-00-MuGM Title: Secure Multicast – One Example Date Submitted: June 14, 2012 Presented at IEEE 802.21d teleconference on June 14, 2012 Authors or Source(s):  Stephen Chasko Abstract: This presentation provides an overview of secure multicast as implemented on a scaled mesh network. This is meant as in illustrative example as the team begins to design a secure multicast protocol. 21-12-0077-00-MuGM

IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>  IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>  21-12-0077-00-MuGM

Secure Multicast in Smart Grid Confidentiality: When message are multicast to a group, many times there is not a need for preventing unauthorized access. A firmware download and configuration changes generally require confidentiality. A time update would not. Integrity: Preventing unauthorized changes to data is generally a requirement for multicast messages. A time update is an example where integrity is required. Availability: In a large smart grid network there can be millions of nodes and high availability is a requirement. Multicast messages must be provided in a way that they do not adversely affect the networks need to meet messaging goals. Non-Repudiation: Being able to have both integrity and proof of origin is a requirement for some messages. For example, a time update and configuration changes. 21-12-0077-00-MuGM

Secure Multicast in Smart Grid Messages are delivered to a group within the smart grid network. This could be a subset of meters. It can also be a group of distribution automation devices. These devices can share the same network or be on an interconnected network. 21-12-0077-00-MuGM

Multicast, Message Confidentiality Messages are encrypted using a common key to the group. This simplifies management of the group key but also means that compromise of an individual node, compromises the confidentiality for the group. 21-12-0077-00-MuGM

Message Encryption Nonce Counter Key Data AES 256 bit Counter Mode Encrypted Data AES 256 counter mode is a stream cipher which allows encryption of data to take place outside of block boundaries. This also means that the security is based on the nonce and counter selection. 21-12-0077-00-MuGM

Multicast, Message Integrity Integrity is provided using a message authentication key common to the group. This simplifies management of the group key but also means that compromise of an individual node, allows that node to compromise the integrity of the messaging. 21-12-0077-00-MuGM

Keyed Message Authentication Code Message Authentication Data HMAC – SHA256 The SHA256 keyed HMAC provides an integrity check. The full 256 bit result can be truncated. The same data input will result in the same HMAC output, so a unqiue message identifier is included in the data. 21-12-0077-00-MuGM

Multicast, Message Non-Repudiation Non repudiation is provided using message signatures. The endpoints have a public key and the sender has a private key. This mitigates man in the middle attacks but requires public key algorithms and key management. 21-12-0077-00-MuGM

Message Signature Private Key Data ECDSA (secp256r1) Signature 256 bit ECSA produces a 64 byte signature ECDSA is less intensive than RSA and produces a smaller signature Still, public key is computationally intensive and introduces messaging overhead. 21-12-0077-00-MuGM

Key Provisioning 21-12-0077-00-MuGM