May 2014 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: TG9 Hop Discussion Date Submitted: May 15, 2014 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) 968-9809, e-mail: rgm@labs.htt-consult.com Re: KMP TG9 Closing Report for January 2014 Session Abstract: Is TG9 providing Single or Multi Hop KMP. Purpose: Discuss interaction of TG9 with 15.4 link Hops Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Robert Moskowitz, Verizon

KMP TG9 Link Hop Discussion May 2014 KMP TG9 Link Hop Discussion Waikoloa, HI May 15, 2014 Robert Moskowitz, Verizon

May 2014 What is a Hop in 802.15.4 A Hop is Transmission of a PPDU by one Device And reception by another Device A Hop is a feature of the PHY not the MAC MPDUs can be sent over multiple PPDUs Provided there is a MAC forwarding function Robert Moskowitz, Verizon

May 2014 What is a Hop in 802.15.4 Prior 802.15.9 discussions have perhaps confused these points Typically the 802.15.4 join operation is to a coordinator within radio range and thus a single PPDU After all, the joining device only learns of MAC addresses within radio range Could a BEACON have the MAC of a distant coordinator and then forward? Robert Moskowitz, Verizon

802.15.9 Functions at the MPDU Level May 2014 802.15.9 Functions at the MPDU Level KMP called to establish a Security Association between this device and another device Identified by its MAC address No knowledge of where in the PAN is this MAC address Some other service provided the MAC address Robert Moskowitz, Verizon

802.15.9 Functions at the MPDU Level May 2014 802.15.9 Functions at the MPDU Level Typically destination MAC addressed 'learned' by listening For example hearing a BEACON And then transmitting to that device KMP over broadcast bad idea, but it COULD work Higher layer could provide a MAC address Address of a Thermostat Robert Moskowitz, Verizon

MPDU Forwarding Many ways for a PAN to forward an MPDU May 2014 MPDU Forwarding Many ways for a PAN to forward an MPDU Radio relays, 802.15.5, Zigbee mesh, 802.15.10 Bad idea to forward an unsecured TG9 MPDU Covert path for untrusted devices to communicate across PAN Robert Moskowitz, Verizon

Implementation Advice May 2014 Implementation Advice Unsecured KMP frames never forwarded Secure/authenticate to PAN with radio neighbor KMP frames secured with PAN group key may be forwarded KMP frames with unicast key forwarding is still a potential PAN misuse, but allow? Robert Moskowitz, Verizon

Next step Prepare text and diagrams May 2014 Next step Prepare text and diagrams Intro text and diagrams about distinction of PHY links and MAC links Annex intro text on usage scenarios to provide support for keying over multiple PHY links via MPDU forwarding Robert Moskowitz, Verizon