Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0022 Date Submitted: Source: Inuk Jung, Kiseon Ryu, JinSam Kwak LG Electronics Re:802.16p amendment texts Venue: IEEE Session #71 Base Contribution: IEEE ppc-10/0004r1 Purpose: To be discussed and adopted by TGp. Notice: This document does not represent the agreed views of the IEEE Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: and. Further information is located at and.
Overview of Group Management in M2M Assumptions A number of devices are grouped by some criteria Devices share a common Group ID (GID) To join a group, a device first must be network authorized Implies retrieval of MSK/PMK and successful authentication of TEK/CMAC Motivation In M2M environments, a deployment of massive devices is controlled most efficiently in group based manner. Such efficient management is achieved by simplified control over a large number of devices, which is based on Multi-cast transmission. In aspect if communication contents, such group controlled communication can consist of trivial and/or confidential data (i.e. Group device control, firmware upgrade, scheduling configuration control data etc). Hence, security appliance cannot be abstracted away for multicast data transmission for Multi-cast transmission, especially for M2M deployments. Objective Like a Group ID, a common group security key can help the BS and devices to encrypt/decrypt multicast data efficiently. This requires 1. a new Key hierarchy and Key derivation method for Group Key related security parameters 2. Group Key update procedure
Enhanced Multi-cast Security compared to 16e Possible factors for enhancement of 16e Multi-cast security Unencrypted PKM message Complicated Key Hierarchy PUSH based key update for key management In general, the security of 16m is an enhancement to 16e Key management is done locally (i.e. using key count for local update generation: local key derivation) However, there is no security mechanism for Multi-cast transmission in 16m Hence, an enhancement to the Multi-cast security mechanism is required, which should be based on 16m security, with consideration of 16e’s Multi-cast security feature (i.e. simplifying key hierarchy, enhanced key management, secured key exchange procedure)
Conceptual Key hierarchy (GMK/GTEK) 2-level key hierarchy
Text Proposal Insert the following texts and figure in 16p amendment document: MAC Support of M2M n Security n.1 Group Security for Multi-cast Traffic Security for Multi-cast traffic provides confidentiality (i.e. encryption) and integrity protection of such data information for secure group informing and management. A common security key is used by devices within a group n.1.1 Key Derivation The key hierarchy defines what keys are present in the system for Multi-cast traffic and how keys are generated. The BS may derive the Group Master Key (GMK) by local generation. The group traffic encryption key (GTEK) is derived directly from the GMK, which is used for encryption/decryption of Multi-cast traffic n GMK Derivation n GTEK Derivation n.1.2 Key Hierarchy n.1.3 Key Agreement n.1.4 Key Usage n GTEK Usage n GTEK Update