Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Security Suite Compromise Date Submitted: 14 March, 2002 Source: Gregg Rasor Company: Motorola Address: 1500 Gateway Blvd., Boynton Beach, Florida 33426 Voice: 561-739-2952, FAX: 561-739-3715, E-Mail: gregg.rasor@motorola.com Re: P802.15.3 Security Suite Selection Abstract: A compromise solution is shown that implements flexible, scalable security in the 802.15.3 WPAN. Purpose: Detail a flexible, scalable security solution for the 802.15.3 WPAN. Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

Security Suite Compromise Gregg Rasor, Distinguished Member of the Technical Staff Motorola Labs

Scalable, Open Security Model

Commitments for Completion Letters of commitment by Walt Davis and Scott Vanstone that the completed draft will be delivered to the Technical Editor by April 5, 2002 at 5 PM PST. Define the elliptic curves necessary for implementation according to FIPS 197. Must have a completely specified ECC version of 02/131r0.

Certificate Applicability In order to promote interoperability and scalability, the MAC (MLME message and frame formats) of the 802.15.3 draft standard shall support the use of certificates. Devices shall not be required to use certificates, and the type of certificate used shall be selectable by the security suite. When security option 3 is selected, implicit certificates and an alternative certificate method that is unencumbered by intellectual property will be specified as options in the 802.15.3 draft standard for the required certificates. This implementation allows selection of either a manual, challenge and response authentication mode, or an automatic, certificate based authentication mode.