Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 BCMCS Framework Jun Wang, Philip Hawkes, Raymond Hsu, Paul Bender Sept. 12, 2002 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2.

Similar presentations


Presentation on theme: "1 BCMCS Framework Jun Wang, Philip Hawkes, Raymond Hsu, Paul Bender Sept. 12, 2002 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2."— Presentation transcript:

1 1 BCMCS Framework Jun Wang, Philip Hawkes, Raymond Hsu, Paul Bender Sept. 12, 2002 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.

2 2 Billing/Accounting Model Billing on BCMCS viewers/subscribers Billing on BCMCS Originators/Content Provider Billing on both BCMCS viewers/subscribers and BCMCS Originators/Content Provider Model 1: –Subscribers pay bills to Service Provider –Service Provider pay bills to Content Provider per business agreement Model 2: –Subscribers pay bills to Content Provider –Content Provider pay bills to Service Provider per business agreement Model 3: –No Charges to Subscribers –Content Provider pay bills to Service Provider per business agreement

3 3 Accounting/Billing on BCMCS Viewers Free-access services – –MS does not need to subscribe to the service. – –No end-to-end encryption is necessary to protect the service. – –No accounting is needed to track the usage (e.g. airtime and volume) per Mobile Station (MS). – –Revenue is generated from advertisement. Controlled-access services – –MS needs to subscribe to the service. – –End-to-end encryption is required to prevent unauthorized access. – –Flat fee (e.g. monthly paid subscription). » »No accounting is needed to track the usage per MS. – –Pay per view. » »Controlled by the key lifetime Note: Usage-based fee can not be done securely.

4 4 Accounting/Billing on BCMCS Viewers (cont.) Hybrid service of free access and controlled access. –The service is encrypted for subscribers, but there can be unencrypted advertisements to entice viewers to subscribe. Hybrid billing of flat fee and pay per view. –User pays for a flat fee and may pay additionally based on per view.

5 5 Accounting/Billing on BCMCS Originator 3GPP2 stage-1 broadcast/multicast document requires accounting/billing on the BCMCS originator. –BCMCS volume (e.g. bytes, packets) –BCMCS areas (e.g. Cell ID) –BCMCS time-of-day The accounting protocols can be enhanced to support the above requirements. –RAN tracks accounting records on BCMCS areas and time-of-day. –PDSN tracks BCMCS volume. –PDSN receives BCMCS accounting record from RAN via A11. –PDSN includes volume information to the accounting record and sends it to the AAA server using RADIUS.

6 6 BCMCS Key Hierarchy Every short-term period (e.g. minutes), a Short-term Key (SK) is generated to encrypt/decrypt the BCMCS contents. –IP Layer Encryption is used: SK is generated by Content Server. »CS generates SK by using BAK and a Security Parameter Index (SPI) value generated randomly. »CS sends IPSec packets with payloads encrypted by SK. The IPSec packet carries the SPI value associated with that SK. Encapsulating Security Payload (ESP) transport mode is recommended. »If the MS doesn’t have the SK to decrypt the IPSec packet, the UIM generates a new SK by using BAK and the SPI value in the IPSec packet. –If Link Layer Encryption is used: SK is generated by the BSC. »BSC sends encrypted SK using BAK to the UIM using the signaling channel. Every long-term period (e.g. program duration), the content provider and a group of users subscribed to the same service establish a common security association called BCMCS Access Key (BAK). Temporary Key (TK), derived from RK, is sent from the Subscription Server to the Serving System so that TK can be used for encrypting BAK. Each subscriber and the Subscription Server (SS) providing the service agree to a root security association called Registration Key (RK).

7 7 Why BCMCS Key Hierarchy Needed SK needs to be sent to the ME to decrypt the content real time. ME is not secure to have BAK since it is a long-term key. BAK is only known to UIM in the MS side. TKs are needed to avoid multiple transactions between the serving system and home system/Subscription Server.

8 8 BCMCS Architecture ( Key Management by Service Provider and Content Subscriber owned by the service provider )

9 9 AAA: – –Provide BCMCS service subscriptions to subscribers – –Establish Registration Key (RK) (subscription) (see slide 12) – –Generate Temporary Key (TK) for encryption of Broadcast Access Key (BAK), which in turn is used to encrypt SK, the Short-term Key, that encrypts the broadcast content – –Accounting to the BCMCS Originator – –Authorization of BCMCS BCMCS Control: – –Generate BAK for BCMCS – –Encrypt BAK using TK – –Download encrypted BAK to UIM via PDSN – –Create the following association for flexible BCMCS_ID local assignment   (Content Provider ID, Content ID) (universal),   BCMCS_ID (non-universal)   (Multicast IP address, Port number) (non-universal) – –Informs BCMCS Content Flow Treatment – –Informs encryption at which layer (Link Layer or IP Layer) – –informs transport and application protocol – –If link layer encryption is used:   Deliver BAK to RAN (BSC) for encrypting SK   Request BSC to generate SK(s) for specific life time Functions of Each Entity

10 10 Functions of Each Entity (cont.) BCMCS Content Server: –Provide BCMCS content –If IP Layer Encryption is used: »Generating SK by using BAK and a Security Parameter Index (SPI) value BSC/PCF: –Registration for BCMCS –Determine whether transmitting BCMCS content on radio link –If Link Layer Encryption is used: »Generating SK »Encrypt SK with BAK and deliver it to UIM PDSN: –Deliver the broadcast content to the MS –Accounting info

11 11 Functions of New Interfaces B1 Interface (BCMCS Control - BSC/PCF ) –Download of association between BCMCS_ID and (Multicast IP address, Port number) to BSC –Download flow treatment to the BSC –If Link Layer Encryption is used: »Deliver BAK to BSC for encrypting SK »Send SK life time to BSC B2 Interface (BCMCS Control – MS): –Download the encrypted BAK to UIM via PDSN –Download the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) to the MS –Download transport and application protocol –Download flow treatment to the MS »Header Compression algorithm –Download layer encryption information Interface between BCMCS Control and BCMCS Content Server –Beyond the scope of the standard –Indicate whether IP Layer Encryption, Link Layer Encryption, or no encryption –If IP Layer Encryption is used, send BAK to BAMCS Content Server

12 12 RK Establishment The A-Key can be used for RK because the keys are controlled and distributed by the service provider The A-Key is also securely downloaded in AAA. Current A-Key Exchange Procedures will be used

13 13 BCMCS Activation (BAK Download)

14 14 BCMCS Activation (BAK Download) Occurs when the MS requests it. For free-access services, the MS will get information of Transport and Application Protocol, Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) For controlled-access services: > >The MS will get information of Transport and Application Protocol and Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) > >BAK Download > >There is BAK life time associated with each BAK > >Each BCMCS program identified by Content ID has its own BAK > >BAK is only known by Local BCMCS Control and UIM > >TK is known by HAAA and Local BCMCS Control

15 15 BCMCS Activation (BAK Download) Procedures Step a: Upon the user subscribes the BCMCS service or upon the BAK lifetime expires, the UIM requests for BCMCS/BAK download and the MS passes the request to the Local BCMCS Control. Step b: If the BCMCS is controlled access, the Local BCMCS Control sends Temporary Key Request to the AAA. If the BCMCS requested is free-access, go to Step e directly. Step c: The AAA will authorize the user. Step d: If the user is authorized, the HAAA generates TK_RAND and then calculate TK with the input of A Key and TK_RAND by using a function [TK= f(TK_RAND, A Key)]. It can generates several pairs for future usage so that the transactions between the HAAA and BCMCS Control is not always needed for the corresponding service.

16 16 BAK Download Procedures (cont.) Step e: For controlled- access service, the Local BCMCS Control generates a BAK and encrypts it with one of TKs. It also generates BAK_RAND and then calculate BAK_AUTH with the input of BAK and BAK_RAND by using a function [BAK_AUTH= f(BAK_RAND, BAK)]. Then the Local BCMCS Control sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM via the MS. For both controlled-access and free-access services, the BCMCS Control sends an association of {BCMCS_ID, (Multicast IP address, Port), and (Content Provider ID, Content ID)}, Transport and Application Protocol and flow treatment to the MS. Step f: The MS passes the encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM. The UIM calculates TK with the input of TK_RAND and its owned stored A Key and then decrypts BAK by using the TK. And then it calculates its own BAK_AUTH with input of BAK and BAK_RAND. It compares its calculated BAK_AUTH with the received BAK_AUTH. If it is not matched, it will start from step a again.

17 17 BCMCS Architecture (Key Management by the Content Provider)

18 18 Home System Functions Home AAA: –Establish Registration Key (RK) –Deliver RK to UIM and BCMCS Subscription Server –Accounting info to BCMCS Originator BCMCS Subscription Server: –Provide BCMCS service subscriptions to subscribers –Billing info for BCMCS –Request AAA for Registration Key (RK) establishment in UIM –Generate Temporary Key (TK) for encryption of Broadcast Access Key (BAK), which in turn is used to encrypt SK, the Short-term Key, that encrypts the broadcast content

19 19 Local Functions Local BCMCS Security Manager: –Generate BAK for BCMCS –Encryption of BAK by using TK –Download encrypted BAK to UIM via Local BCMCS Control and PDSN –Informs encryption at which layer (Link Layer or IP Layer) –If link layer encryption is used:  Deliver BAK to RAN (BSC) for encrypting SK via Local BCMCS Control  Determine SK life time and send it to Local BSMCS Control Local BCMCS Control: –Pass BAK to BSC –Request BSC to generate SK(s) for the life time specified by Local BCMCS Security Manager –Create the following association for flexible BCMCS_ID local assignment  (Content Provider ID, Content ID) (universal),  BCMCS_ID (non-universal),  (Multicast IP address, Port number) (non-universal) –Informs transport and application protocol –Informs Flow Treatment

20 20 Functions (cont.) BCMCS Content Server: –Provide BCMCS content –If IP Layer Encryption is used: »Generating SK by using BAK and a Security Parameter Index (SPI) value BSC/PCF: –Registration for BCMCS –Determine whether transmitting BCMCS content on radio link –If Link Layer Encryption is used: »Generating SK »Encrypt SK with BAK and deliver it to UIM PDSN: –Deliver the broadcast content to the MS –Accounting info

21 21 Functions of New Interfaces B1 Interface (Local BCMCS Control - BSC/PCF ) –Download of association between BCMCS_ID and (Multicast IP address, Port number) to BSC –Download flow treatment to the MS –If Link Layer Encryption is used: »Deliver BAK to BSC for encrypting SK »Send SK life time to BSC B2 Interface (Local BCMCS Control – MS): –Download the encrypted BAK to UIM via PDSN –Download the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) to the MS via PDSN –Download Transport and Application protocol to the MS via PDSN –Download Flow Treatment to the MS via PDSN »Header Compression algorithm –Download layer encryption info

22 22 Functions of New Interfaces (cont.) B3 Interface (AAA – BCMCS Subscription Server): –Used for request of RK establishment in UIM from the BCMCS Subscription Server –Deliver RK to the BCMCS Subscription Server from AAA B4 Interface (Local BCMCS Security Manager – BCMCS Subscription Server) –Deliver sets of TK to Local BCMCS Security Manager B5 Interface (Local BCMCS Security Manager – Local BCMCS Control) –Deliver the encrypted BAK to Local BCMCS Control –If Link Layer Encryption is used: »Send SK life time to Local BCMCS Control »Deliver BAK to Local BCMCS Control Interface between BCMCS Control and BCMCS Content Server –Beyond the scope of the standard –Indicate whether IP Layer Encryption, Link Layer Encryption, or no encryption from Content Server –If IP Layer Encryption is used, send BAK to BAMCS Content Server

23 23 RK Establishment – For Controlled-Access Service

24 24 RK Establishment Occurs when the user subscribes the Controlled-Access service in BCMCS Subscription Server Each BCMCS content provider has one corresponding RK for each subscriber RK is only known by UIM and home service provider/home content service provider RK Establishment Procedures: –Step a: MS establish SO33 and gets an IP address. –Step b: MS accesses the subscription server of a content provider. The MS accesses this server via HTTP over SO33. –Step c: The subscription server notifies the HAAA to establish RK with the MS. The subscription server obtains the MS's IP address via DNS and sends the address to the HAAA. –Step d:RK establishment in UIM. –Step e: The HAAA sends RK to the BCMCS Subscription Server.

25 25 BCMCS Activation (BAK Download)

26 26 BCMCS Activation (BAK Download) Occurs when the MS requests it For free-access services, the MS will get information of Transport and Application Protocol, Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) For controlled-access services: –MS will get information of Transport and Application Protocol, Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID) –BAK download –Each BCMCS program identified by Content ID has its own BAK –There is BAK life time associated with each BAK –If Link Layer Encryption is used: »BAK is known by BSC, Local BCMCS Control, Local BCMCS Security Manager, and UIM –If IP Layer Encryption is used: »BAK is known by Content Server, Local BCMCS Security Manager, and UIM –TK is used for encrypting BAK –TK is known by Local BCMCS Security Manager, BCMCS Subscription Server, and UIM

27 27 BCMCS Activation (BAK Download) Procedures Step a: Upon the user subscribes the BCMCS service or upon the BAK lifetime expires, the UIM requests for BCMCS and the MS passes the request to the Local BCMCS Control. Step b: If the requested BCMCS is controlled-access service, the Local BCMCS Control passes BCMCS request to the Local BCMCS Security Manager. If the requested BCMCS is free-access service, go to Step f. Step c: The Local BCMCS Security Manager sends Temporary Key Request to the BCMCS Subscription Server. Step d: The BCMCS Subscription Server generates TK_RAND and then calculate TK with the input of RK and TK_RAND by using some function [TK= f(TK_RAND, RK)]. It can generates several pairs for future usage so that the transactions between the BCMCS Subscription Server and Local BCMCS Security Manager is not always needed. The BCMCS Subscription Server then returns several TKs to the Local BCMCS Security Manager. Step e: The Local BCMCS Security Manager generates a BAK and encrypts it with one of TKs. It also generates BAK_RAND and then calculate BAK_AUTH with the input of BAK and BAK_RAND by using a function [BAK_AUTH= f(BAK_RAND, BAK)]. Then the Local BCMCS Security Manager sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the Local BCMCS Control. If Link Layer Encryption is used, the Local BCMCS Security Manager also sends BAK and SK Life Time to BSC for encrypting SK.

28 28 BCMCS Activation (BAK Download) Procedures (cont.) Step f: For controlled-access service, the Local BCMCS Control sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM via the MS. For both controlled-access and free-access services, the Local BCMCS Control sends an association of {BCMCS_ID, (Multicast IP address, Port), and (Content Provider ID, Content ID)}, Flow Treatment, and the Transport and Application Protocol to the MS. Step g: The MS passes the encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM. The UIM then calculates TK with the input of TK_RAND and its owned stored RK and then decrypts BAK by using the TK. And then it calculates its own BAK_AUTH with input of BAK and BAK_RAND. It compares its calculated BAK_AUTH with the received BAK_AUTH. If it is not matched, it will start from step a again.

29 29 SK Updates – Encryption at IP Layer (Regardless whether Key management by Service Provider or Content Provider) SK is derived from SPI SPI (4 Bytes) is in IPSec Header SK Generator in Content Server selects SPI: –Most significant 4 bits = BAK_ID –Least significant 28 bits = SPI_RAND SK Generator computes SK: –SK= E[SPI_RAND, BAK] SK Generator uses SK to encrypt packets UIM re-generates SK from SPI using BAK and passes SK to MS for decrypting the broadcast content

30 30 SK Updates - Encryption at Link Layer (Regardless whether Key management by Service Provider or Content Provider) BSR_ID 000 can be used for SK update for link layer encryption Encryption at link layer doesn’t prevent IP level encryption Encryption at link layer should be disabled if IP level encryption is on SK Download Procedures: Step a: The BCMCS Control sends BAK and BAK life time to BSC/PCF. It also sends SK life time to request BSC/PCF generates SK with indicated SK Life Time. Step b: The BSC/PCF sends SK encrypted with BAK to UIM via MS. Step c: UIM decrypts SK with BAK and sends back to MS. Step d: BCMCS Content Server sends plain broadcast content to BSC/PCF via PDSN. Step e: The BSC/PCF encrypts the broadcast content with SK and then sends it over the air.

31 31 Summary: BCMCS Steps BCMCS is discovered out of band User subscribes BCMCS service out of band (SUB ID) For controlled-access service, if the Key is controlled and distributed by the Content Provider, RK is established at UIM; otherwise, A-Key will be used for RK BCMCS Activation –Download information of an association of {BCMCS_ID, (Multicast IP address, Port), and (Content Provider ID, Content ID)}, Flow Treatment, and the Transport and Application Protocol –For controlled-access service: »TK is sent to If Key managed by the Service Provider: Local BCMCS Control If Key managed by the Content Provider: Local BCMCS Security Manager »BAK encrypted by TK is download to UIM via visited network (PDSN) using a special UDP port number MS finds if broadcast service is available for particular sector via overhead message MS performs a registration (BCMCS_ID) BCMCS bearer path is setup (if not there) MS starts monitoring BCMCS channel

32 32 Protocol Stack

33 33 Transport & Encryption Overhead (IP Layer Encryption is Used) The cipher block size for AES is 16 bytes, so that IV is 16 bytes, and padding ranges from 0 to 15 bytes. The italic portion of the packet is encrypted. The transport/encryption overhead ranges from 66 to 81 bytes with the average of 74 bytes. If Header Compression is used (ROHC): – –The IP header and the SPI field of the ESP header can be compressed from 24 bytes to 2 bytes. – –The transport/encryption overhead ranges from 44 to 59 bytes with the average of 52 bytes

34 34 Transport & Encryption Overhead (Link Layer Encryption is Used) The whole packet is encrypted at link layer. The transport/encryption overhead is 40 bytes. If Header Compression is used (ROHC): – –The RTP/UDP/IP header can be compressed from 40 bytes to 2 bytes. – –The transport/encryption overhead become 2 bytes. Since SK is sent to the MS via signaling channel: – –Assuming BCMCS_ID (16bits) + E(SK) (28bits) + BAK_ID(4bits) + Action Time (8bits) = 56 bits. – –Assuming SK changes every 1 minute – –Overhead is about 1bits/s.

35 35 Data Link Layer Framing Data link layer framing is required between the PDSN and MS to delineate packets received from the broadcast channel. HDLC-like framing (RFC 1662) is recommended because it is a standard protocol and is widely available. It is however processor intensive due to octet stuffing for 0x7E and 0x7D in the frame payload. Flag (0x7E) is required to indicate the frame beginning. Address/Control fields have static values and can be compressed. PPP Protocol field is used to identify frame payload type (e.g. IP packet with compressed header). Frame Check Sum (FCS) is recommended to be 2 bytes. The HDLC/PPP framing overhead is 5 bytes per frame plus octet stuffing. – –Octet stuffing, on the average, is 1 byte per 128 bytes of frame payload. – –If the frame payload is 256 bytes, the average data link layer overhead is 7 bytes.

36 36 Bearer Path Set-Up via Provisioning (Multicast between CS and PDSN)

37 37 Bearer Path Set-Up via Provisioning (Unicast between CS and PDSN)

38 38 Bearer Path Set-Up/Tear Down via MS Registration/ Deregistration (Multicast between CS and PDSN)

39 39 Some Details There is multiple-to-one mapping between BCMCS_ID and Multicast IP address –Provide Layered Service There is multiple-to-one and one-to-multiple mapping between BCMCS_ID and BSR_ID –If link layer encryption is used, multiple-to-one mapping between BCMCS_ID and BSR_ID is not allowed A8 and A10 connection Set Up –Pre-configured (Static Broadcast) –Trigger by first subscriber in BSC to join the broadcast session (Dynamic Broadcast) PDSN Selection Algorithm –(X) modulo N; X is the integer representation of the IP multicast address or BCMCS_ID, and N is the number of PDSNs reachable by the PCF Multicast Tree Setup between PDSN and CS –If security is not concerned, PDSN can send IGMP to join the session –If security is concerned, the unicast tunnel will be setup


Download ppt "1 BCMCS Framework Jun Wang, Philip Hawkes, Raymond Hsu, Paul Bender Sept. 12, 2002 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2."

Similar presentations


Ads by Google