doc.: IEEE Moving-KMP-Forward Submission January 2013 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Moving KMP Forward Date Submitted: January 17, 2013 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) , Re: Key Management over 4e Multipurpose Frames Abstract:Discussion of KMP transport Purpose:To refine our understanding of the transport mechism Notice:This document has been prepared to assist the IEEE P It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release:The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P

doc.: IEEE Moving-KMP-Forward Submission January 2013 Robert Moskowitz, Verizon Slide 2 Moving KMP Forward Robert Moskowitz Vancouver, BC January 17, 2013

doc.: IEEE Moving-KMP-Forward Submission January 2013 Robert Moskowitz, VerizonSlide 3 Abstract Agreements to date Open items Next steps

doc.: IEEE Moving-KMP-Forward Submission January 2013 Robert Moskowitz, VerizonSlide 4 Agreements to date System View KMP encapsulation data format State Machines general content – Plus PIBs to control processes General statements on Security Associations KMP guidelines general format

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 5 System View PHY Services MAC Services Data MCPS Information Element Shim Other IE processes KMP DATA higher layer Key Request Keys Data Traffic IE frames

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 6 KMP Transport Use a DATA Frame IE for KMP encapsulation – IE with max size of 2047 – IE max size of 255 Multiple IEs per frame an option

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 7 KMP Transport MAC details – Unauthenticated PDUs always use long addresses e.g. KMP rekeying within authenticated PDUs MAY use short addresses – KMP payload MAY be fragmented over multiple IEs/frames Use Forced ACK for fragmentation chaining support

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 8 KMP Information Element Frame format – MAC specific information ID/Length – = 0xa/max2047 – = 0x03/max255 – Content Control Field – 1 byte – Multipurpose field allows for extending to other functions like L2R and EthType support KMP fragment

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 9 KMP IE Content Octets: 1Octets: Bits: 17 Chaining flag 0 = last/only one 1 = yes, chaining First packet: Multipurpose ID Other packets: Chain count Multipurpose ID: = KMP Chaining count: = 2 nd fragment 3 = 3 rd fragment … 96 = 96 th fragment (last possible) KMP Fragment

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 10 KMP IE Content KMP fragment – KMP ID (1st/last frame only) – 1 byte 802.1X = 1 HIP = 2 IKEv2 = 3 PANA = 4 SAE, etc. – KMP payload

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 11 KMP Content Examples Chaining Flag, MultiID/Count, KMP fragment – 0,98,2, - Single frame for HIP – 1,98,2, - 1 st frame for HIP and more to come – 1,2, - 2 nd frame for HIP and more to come – 0,3, - 3 rd (and last) frame for HIP – Note that 96 fragments provides for 8KB Assuming 127 MPDU

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 12 KMP State Machines Two State Machines – KMP Outbound Frame Processing – KMP Inbound Frame Processing

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 13 Outbound Frame Processing Success Per Dest addr >= 0 < 0 Failure Success Failure Success last - 1 Failure Succes s Fragment MPDU-MHR -IE-KMP Send Send frag Send middle frags Send last frag

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 14 KMP Outbound frame processing Fragmentation support – KMP payload divided to fit MPDU – Fragment sent with Forced ACK

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 15 Inbound Frame Processing Per Src addr Dup to prior Src Addr, Seq, IE No Yes 1 Chaining flagMulti-purpose Drop Append KMP Start KMP assembly Error 98 2 to 96 Append to list and complete Multi-purpose Complete KMP 98 2 to 95 Error 0 2 to 96

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 16 KMP Inbound frame processing Determine packet type Time out OK on Incomplete KMP Fragmentation support – Duplicates possible due to lost ACK – Requires KMP buffer & coordinators with N buffers – Deliver payload to KMP on completion

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 17 KMP Transport Mechanism State machine to handle triggers to/from KMP higher layer – Pass through for KMP payloads – Triggers from MAC events to KMP Security Enabled to start KMP Frame Counter watch to trigger rekey

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 18 KMP Transport PIBs Security enabled trigger – MacSecurityEnabled Set to by KMP process after keys in place When initially set to true » MacFrameCounter set to 0 » MacSecurityRekey set to false – MacSecurityRequired Set by 'Higher Layer' to trigger KMP start

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 19 KMP Transport PIBs Security enabled trigger – MacSecurityRekey True is set whenMacFrameCounter = 0xffffffff – n Triggers rekey on next MLME Data Send – Since many secured COMMAND frames could be sent prior to data, n MUST be much greater than 1. e.g. 100

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 20 More on KMP Transport PIBs macFrameCounter = 0xffffffff – n – Counter for sending, thus sending party triggers rekeying – ASSUMPTION: Only coordinators send with group keys and rekey as needed

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 21 Following slides still need updating

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 22 Security and PAN architecture Pairwise keying is used for unicast traffic – 2 sets of Security Associations (SAs) Peer-to-Peer communications will only be unicast traffic due to the hidden node challenge

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 23 Security and PAN architecture Two basic SA tables – Key Table – Device table These are maintained by the KMP and have no impact on the operation of the KMP transport mechanism – It is up to each KMP to properly maintain the security tables for its use cases

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 24 KMP Security Associations Security Association content – What keys? PTK, GTK, etc. – Counters, lifetimes, etc. – This is the realm of the KMP

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide Specifics Pre 15.4e device support – For 6lowpan PANs Develop a submission to the IETF using the Dispatch Type in RFC 4944 PDUs with the KMP Dispatch Type a length field will be equivalent to the 15.4e KMP IE A 6lowpan device that supports 15.4e SHOULD also support this pre-15.4e mode of operation Who wants to author this?

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 26 KMP Guidelines KMP Sections – General KMP description Sub sections as needed, e.g. backend authentication mechanism – Use case(s) – Profile References to defining documents Parameter specifics, e.g. in HIP, K=0 – SA definition E.G. Tie into security PID

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 27 KMP Guidelines Initial list of KMPs – 802.1X Needs to include an actual key exchange like the i 4-way handshake – HIP – R. Moskowitz/J. Haapola – IKEv2 – T. Kivinen – PANA – Yoshihiro Ohba – SAE

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 28 KMP Guidelines KMP Profiling for 15.9 usage – Change in encapsulation e.g. IKEv2 specified to run over UDP – Additions for SA management e.g X does not supply link keys. In usage, this is done via the 4- Way Handshake Special attention to broadcast keying management – Others?

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 29 KMP Guidelines KMP use cases – Why this KMP? Code size, CPU/battery demand Multi-layer code reuse – Practical examples – Deployment advice Identity installation and registration When performed – Life-cycle management Rekeying

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 30 Open Items

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 31 Open Items None at this time

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 32 Next Steps

doc.: IEEE Moving-KMP-Forward Submission November 2012 Robert Moskowitz, VerizonSlide 33 Next Steps Develop state machine drawings Add text to Draft document covering – KMP data format – State machines Start adding KMP content Set goal of review week of Oct 29