Multicast Key Management for IEEE n HR-Network Document Number: IEEE C802.16n-10/0012r1 Date Submitted: Source: Joseph Chee Ming Teo, Jaya Shankar, Yeow Wai Leong, Hoang Anh Tuan, Zheng Shoukang, Mar Choon Hock Institute for Infocomm Research 1 Fusionopolis Way, #21-01, Connexis (South Tower) Singapore * Re: Call for contributions for n AWD Base Contribution: N/A Purpose: To be discussed and adopted by TG802.16n Notice: This document does not represent the agreed views of the IEEE Working Group or any of its subgroups. It represents only the views of the participants listed in the Source(s) field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. Copyright Policy: The contributor is familiar with the IEEE-SA Copyright Policy. Patent Policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: and..html#6sect6.html#6.3 Further information is located at and.
Introduction n SRD specifies requirement for Enhancements to Unicast and Multicast communication (Section 6.2.1) HR-Network shall provide optimized MAC protocols for unicast and multicast transmission to support applications of two-way communications such as Push to Talk (PTT) service among a group of HR-MS. Examples of applications to be used in PTT service include: audio (e.g., speech, music) video still image text (formatted and non-formatted) file transfer Use case scenario Public Protection and Disaster Relief (PPDR) Different Groups of Rescue teams (e.g. firemen and police officers) would have to communicate with each other without/without backbone networks Need for a common multicast key to encrypt/decrypt messages to prevent eavesdroppers or impersonation of legitimate multicast group members.
Introduction Multicast Key Management Existing – Multicast & Broadcast Rekeying Algorithm (MBRA) Research papers highlighted that MBRA does not provide forward secrecy and backward secrecy Forward secrecy – leaving users still able to decrypt secure multicast messages after leaving the group Backward secrecy – joining users can decrypt secure multicast messages sent before joining the group The n SRD specifies Section Multicast key Management HR-Network shall provide the security architecture that provides a group of HR-MSs with authentication, authorization, encryption and integrity protection. HR-Network shall provide multicast key management for the group of HR-MSs. The key shared within the group should be distributed securely and efficiently. HR-Network should support the group signaling procedure using multicast transmission for multicast key management efficiently.
Introduction Hence there is a need for enhanced multicast key management compared to MBRA. Multicast Key Management should address the forward and backward secrecy issue. Solution has to cover the various scenarios for secure multicast communication without/without infrastructure
Use Case Scenarios Initial Group Formation Controller node can be either HR-BS or an appointed HR- MS (Denoted as HR-MSX if HR-BS is not present)
Use Case Scenarios Join Event Currently not addressed by MBRA
Use Case Scenarios Leave Event Currently not addressed by MBRA
We proposed procedures for Initial Group Formation Join Event Leave Event Solution has to cover the various scenarios for secure multicast communication without/without infrastructure, i.e. solution has to be designed for Infrastructureless – PKI based Infrastructure – Pre-shared key based The controller can be either HR-BS (if present) or an appointed HR-MS (denoted HR-MSX) for PKI approach. Details of Contribution
Assumes that there is network infrastructure, i.e. each multicast member (HR-MSi) shares a unicast security key MSKi with the HR-BS. Initial Group Formation Procedure used to establish the Multicast key GTEK. Join and Leave Procedures used to update the GTEK to achieve backward and forward secrecy. Pre-shared key-based approach
Flow Diagram Initial Group Formation Procedure – Pre-shared key-based approach
Flow Chart Initial Group Formation Procedure – Pre-shared key approach
Initial Group Formation Procedure – Pre-shared key-based approach
Flow Diagram Join Procedure – Pre-shared key based approach
Flow Chart Join Procedure – Pre-shared key-based approach
Flow Diagram Leave Procedure – Pre-shared key-based approach
Flow Chart Leave Procedure – Pre-shared key-based approach
Leave Protocol – Pre-shared key-based approach
Uses the X.509 Certificates (defined in Standards ) Initial Group Formation Procedure used to establish the unicast security key MSKi (with each HR-MSi (multicast member) AND Multicast key GTEK. Join and Leave Procedures used to update the GTEK to achieve backward and forward secrecy. Also establish unicast security key MSKj with new joining nodes. PKI-based approach
Flow Diagram Initial Group Formation Procedure – PKI-based approach
Flow Chart Initial Group Formation Procedure – PKI-based approach HR-MSX/BS sends the multicast group information MulticastGrpInfo to all potential members of the multicast group comprising of HR-MSi for 1 <= i <= n Each HR-MSi generates nonce, computes the signature and sends Multicast_MSG_#1 to HR-MSX/BS. HR-MSX/BS verifies the received timestamps, nonce, messages and MACs. If the verifications are correct, HR-MSX/BS generates its nonce, the GTEK and MSKi for 1 <= i <= n and computes the MAC. HR-MSX/BS then encrypts the secret keys using each HR-MSis public key, computes the signatures for each message and sends Multicast_MSG_#2 to each HR-MSi. Each HR-MSi verifies the received timestamp, nonces and signature. If the verification is correct, each HR-MSi decrypts and obtains MSKi, GTEK and their lifetimes. Each HR-MSi then verifies the MAC and commence secure multicast if the verification is correct.
Initial Group Formation Procedure – PKI-based approach
Flow Diagram Join Procedure – PKI-based approach
Flow Chart Join Procedure – PKI-based approach
Flow Diagram Leave Procedure – PKI-based approach
Flow Chart Leave Procedure – PKI-based approach
GTEK Derivation Used to encrypt data packets for multicast service and shared amongst the HR-MSs in the multicast group Randomly generated by HR-MSX/BS or from the authentication server Shall be encrypted using HR-MSs public key, MSKi/MSKj pre-shared key or existing GTEK in the Join protocol. MSKi/MSKj Derivation Key shared between HR-MSi/HR-MSj with Controller HR- MSX/HR-BS. Used as an encryption key and MAC key Can be randomly generated by HR-MSX/BS in PKI- approach Pre-established in the pre-shared key approach Refreshed/rekeyed periodically to maintain key freshness. Key Derivation
Proposed text for IEEE802.16n AWD [ Start of Text Proposal ] Please refer to C80216n-11_0012r1.doc for proposed text. [ End of Text Proposal ]
Proposed new Multicast Key Management protocols for IEEE n networks Initial Group Formation Join Protocol Leave Protocol PKI-based approach Pre-shared key based approach Conclusion and Misc