1. 1x Device Binding Framework Overview to TSG-AC 3GPP2 TSG-AC AC00-20130603-027 Source: TSG-SX WG4 Contact(s): Anand Palanigounder, apg@qti.qualcomm.comapg@qti.qualcomm.com Simon Mizikovsky, simon.mizikovsky@alcatel-lucent.comsimon.mizikovsky@alcatel-lucent.com Recommendation: For Discussion Notice Submitters grant a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. Submitters are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by submitters to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on submitters. Submitters specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of submitters other than provided in the copyright statement above.

2. Overview Terms Background Device Binding Functionality Solution Framework Message Flow Q&A 2

3. New Terms DBF – Device Binding Functionality DBC – Device Binding Credentials FFS – For Future Study MEID_ME – Mobile Equipment Identifier associated with the mobile equipment* ME_SIG – signature calculated using the ME’s device binding credentials 3 *Already defined in C.S0005-E but is important for this presentation because “MEID” can also refer to an IE whose value depends on whether the ME has an UIM that is removable.

4. Background This presentation provides an overview of the high level security framework agreed by TSG-SX for cdma200 1x networks to the Device Binding requirement in document S.R0146-0: – SEC-04: cdma2000 networks shall support a mechanism to restrict the use of a cdma2000 M2M access subscription to a specific cdma2000 M2M Device or a M2M group of devices The solution supports cdma2000 1x networks – A solution for (e)HRPD is FFS 4

5. Device Binding Functionality The Device Binding Functionality (DBF) is a new cdma2000 network feature that provides a secure solution to requirement SEC-04 in S.R0146-0 – The security algorithms for the DBF is based on ECDSA (asymmetric keys option) and HMAC-SHA256 (symmetric keys option) The credentials used for DBF are called Device Binding Credentials (DBC) – The DBC consists of an asymmetric key pair and a secret key – Provisioning of the DBC is outside the scope The DBF consists of a network-based component and a device based component 5

6. Network-based DBF The network DBF consists of the following: – Determines whether a particular subscription (MSID) is restricted to an MS or a group of MS’s (MEID) – Maintains the mapping between MSIDs (subscription) and MEID bindings – Performs validation of the MEID_SIG and sends a response to MSC/VLR indicating whether to allow/deny service to the MS – If the subscription requires DBF, but the ME does not respond with MEID_SIG signature, the network may deny service to the MS The network DBF could be a part of an existing network element or a stand-alone element – It could be part of an HLR – A stand-alone DBF accessed by the HLR is not a subject to standardization 6

7. Device-based DBF The Device DBF consists of the following: – Retains in a secure environment the DBC associated with the ME – On request from the network, generates a device-unique cryptographic signature MEID_SIG – Provides the MEID_SIG signature to the ME for responding to the network 7

8. Solution Framework (1) Support for the DBF is optional at the MS and the network The network can support either symmetric or asymmetric algorithms If MS supports DBF, it shall support both symmetric and asymmetric algorithms for MEID_SIG If symmetric key is provisioned and is associated with MSID, then MEID_SIG is generated using the symmetric key; otherwise the MEID_SIG is generated using the asymmetric key The device-unique cryptographic signature MEID_SIG is requested by the MSC from the ME and transported to the Core network for validation – MSC supporting MEID_ME should also support parameters required for validating MEID_ME (MEID_SIG) 8

9. Solution Principles (2) The cdma2000 Status Request/Response mechanism is utilized to request and transport the signature – Based on its policies, MSC will request the MEID_ME and MEID_SIG from MSs that register – Status Request/Response Messages will handle new RECORD_TYPE requesting and containing MEID_SIG – MSs supporting DBF will respond with an MEID_SIG when requested by the MSC The MSC forwards returned MEID_ME and MEID_SIG to the HLR The network DBF verifies that MEID_SIG is valid Can deny service if MEID_SIG is invalid 9

10. Message Flow for cdma2000 1x 10 Items in red are new added information elements

11. Message Flow (2) a)The MS sends 1x Registration request to MSC b)Based on its policies, the MSC sends a Status Request with a new RECORD_TYPE requesting a MEID_SIG in addition to MEID_ME c)The MS generates a MEID_SIG using its Device Binding Credentials (DBC) d)The MS sends an (Extended) Status Response message with its MEID_ME and the MEID_SIG from step c) to the MSC e)The MSC sends a Registration Notification (REGNOT) message to the VLR with the MSID, MEID_ME, MEID_SIG, RAND and AUTHR f)The VLR forwards the REGNOT to the HLR g)The HLR (with DBF) validates the MEID_SIG h)The HLR send a regnot to the VLR with status of MEIDValidated i)The VLR forwards the regnot to the HLR j)The HLR informs the MS that it is registered 11

12. Discussion / Q&A Any issues from TSG-AC perspective with the proposed framework? In summary – 1x Status Request procedures for MEID_ME is enhanced to request MEID_SIG by including RECORD_TYPE of MEID_SIG – MS supporting MEID_SIG will include MEID_SIG Information Element containing the authentication response based on either asymmetric or symmetric key provisioned in the MS To aid interoperability, WG4 assumes both asymmetric and symmetric mechanisms need to be supported by MS’s that support DBF 12