draft-urien-16ng-security-api-00.txt

1. draft-urien-16ng-security-api-00.txt Security API for the IEEE 802.16 Security Sublayer Pascal.Urien@enst.fr www.enst.fr

2. Draft summary • IEEE 802.16e specifies cryptographic algorithms and security procedures, but it doesn’t describe how critical functions are delegated to tamper resistant devices in order to avoid theft of service. • This draft describes a security Application Programming Interface (API), which aims at supporting tamper resistant devices that perform collaborative tasks with the IEEE 802.16 security sublayer. • The security sublayer should provide operators with strong protection from theft of service. • Security APIs enable to transfer critical calculations or protocol processing to trusted computers, such as smart cards or trusted platform modules (TPMs).

3. The IEEE 802.16e-2005 security sublayer +----------------------+ | EAP Method | +-----------+----------+ | +-----------+----------+ | EAP Layer | +-----------+----------+ | +--------------------+--------------------+-----------+-----------+ | RSA based Authen- | Authorization / SA | EAP encapsulation | | –tication (RSA-OP) | Control (SA-CNTL) | decapsulation (EAP-OP)| +--------------------+--------------------+-----------------------+ | PKM Control Management (PKM-CM) | +---------------------------------+-------------------------------+ | Traffic Data | Control Message Processing | | Encryption/Authentication | (PKM-CMP) | | Processing | +------------------------+ | | + Message Authentication | | (TDEAP) +------+------+ Processing (PKM-MAP)| +--------------------------+ PHY SAP +------------------------+ +------+------+ |

4. This draft +-------------------------------------------------------+ | | | +------------+ | | TAMPER RESISTANT DEVICE | EAP Method | | | +------+-----+ | | +----------------+ | | | | RSA Operations | +-------------------------+-------+ | +----------------+ | | | | +------+-----+ | Secure Data Storage | | EAP Layer | | | +------+-----+ +-|---------|---------+ | <.|.........|..............SECURITY API.........|.................> | | | | +------ V----------+------------------+-----V-----------------+ | |RSA based Authen- |Authorization / SA| EAP encapsulation | | |–tication (RSA-OP)|Control (SA-CNTL) | decapsulation (EAP-OP)| +-V-+------------------+------------------+-----------------------+ | PKM Control Management (PKM-CM) | +---------------------------------+-------------------------------+ | Traffic Data | Control Message Processing | | Encryption/Authentication | (PKM-CMP) | | Processing | +------------------------+ | | + Message Authentication | | (TDEAP) +------+------+ Processing (PKM-MAP)| +--------------------------+ PHY SAP +------------------------+ +------+------+

5. Two classes of trusted services • Basic services • Only deal with RSA calculations and/or EAP packets processing. • Extended services • Cache the Authorization Key (AK) in a trusted computing platform. • In that case the AK value is never exposed to the security sublayer. • All calculations dealing with AK are performed by a tamper resistant device, which computes and exports keys needed by security associations.

6. PKMv1 Services • Basic services • Get-SS-Certificate() collects the Subscriber Station (SS) certificate • Compute-SS-RSA-Priv(Message) decrypts a message with the SS RSA private key. • Extended services • Get-Certificate() collects the SS certificate • Set-AK(AK-SN, Message) pushes a message that contains an encrypted value of AK, identified by its index AK-SN, towards the tamper resistant device. • Get-KEK(AK-SN) collects a KEK key whose index is AK-SN. • Get-HMAC-U(AK-SN) collects an HMAC-U key, whose index is AK-SN • Get-HMAC-D(AK-SN) collects an HMAC-D key, whose index is AK-SN

7. PKMv2 Basic Services • Basic services • Get-SS-Certificate () collects the SS certificate. • Compute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key. • Process-EAP(packet) processes an EAP request and returns an EAP response. • Get-MSK() returns the MSK 512 bits value, available after the completion of a successful EAP session.

8. PKMv2 Extended Services 1/2 • Data Management • Set-Mode(mode) resets the tamper resistant device and gives the current mode of operation • a choice among four alternatives, single PKMv2-RSA, single PKMv2-EAP, single PKMv2-RSA and single PKMv2-EAP, double PKMv2-EAP session. • Set-SS-MAC-Address() gives the SS MAC address • Set-Current-BSID() gives the current BS identifier. • Set-Current-AK-SN() gives the current AK key sequence number. • PKMv2-RSA • Get-SS-Certificate () collects the SS certificate • Compute-SS-RSA-Priv (Message) decrypts a message with the SS RSA private key. • Compute-Pre-PAK(value) decrypts the Pre-PAK value with the SS private key, the PAK value is calculated and securely stored in the tamper resistant device. • Set-Pre-PAK(value) the security sublayer exclusively manages the PKMv2-RSA protocol and provides this value to the tamper resistant device. • PKMv2-EAP • Process-EAP-first-session (packet)processes an EAP request belonging to a first EAP session and returns an EAP response. • Process-EAP-second-session (packet)processes an EAP request belonging to a second EAP session and returns an EAP response.

9. PKMv2 Extended Services 2/2 • SA-TEK 3-way Handshake • Get-AKID(AK-SN, list of parameters) computes an AK value (associated to the AK-SN index) from a list of parameters (that may be empty) and returns the AKID value. • Broadband facilities • Compute-MTK(MGTEK) computes the MTK value from the MGTEK parameter. • Keys • Get-KEK(AK-SN) returns value of the KEK key. • Get-HMAC-U(AK-SN) returns the value of the HMAC-U key. • Get-HMAC-D(AK-SN) returns the value of the HMAC-D key. • Get-CMAC-U(AK-SN) returns the value of the CMAC-U key. • Get-CMAC-D(AK-SN) returns the value of the CMAC-D key. • Get-EIK-RSA(AK-SN) returns the value of the EIK key deduced from a previous PKMv2-RSA operation. • Get-EIK-EAP(AK-SN) returns the value of the EIK key deduced from a previous EAP session.

10. Questions ?