1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-10-00xx-00-sec
Title: B0 block in AES-CCM Mode
Date Submitted: Jan. 7, 2011
Present at IEEE January meeting
Authors: Lily Chen (NIST)
Abstract: This document proposes a specification for the B0 block used in AES-CCM mode for MIH message protections. This is also a proposed resolution comment 104 in letter ballot.
xx-00-sec 1

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development
xx-00-sec 2

3. The B0 Block for CCM mode
At the Dallas meeting, we mentioned to use a 12 bytes nonce, among which, 2 bytes come from the transaction ID and 10 byte come from a counter. Shall we include ``FN" in the nonce? According to 38C. We can have 13 bytes nonce, and 2 bytes for the length of payload.
In , there is an A2 field in the nonce (6 octets), which I think is a MAC address. Shall we include an address there?
Remember that, in CCM mode, it allows certain data, called association data, which is authenticated but not encrypted. In , this data field is called AAD and mainly consists of addresses. Shall we do the same for the source and destination MIHF address? If so, then we need to reflect it in the flags.
Flags
(1 octet)
Nonce
(13 octets)
Q – payload length
(2 octets)
Tans ID + 2 bits
Counter
(10 octets)
FN + 1 bit