1 / 13

Slide 1

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Frame signaling options for Security Extensions Date Submitted: March 2018 Source: Benjamin A. Rolfe, Blind Creek Associates Contact: Voice: +1 408 395 7207, E-Mail: ben.rolfe@ieee.org

kepler
Download Presentation

Slide 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Frame signaling options for Security Extensions Date Submitted: March 2018 Source: Benjamin A. Rolfe, Blind Creek Associates Contact: Voice: +1 408 395 7207, E-Mail: ben.rolfe@ieee.org Re: TG3f Task Group meetings Abstract: Presents some options for over the air signaling to support alternate security mechanisms in 802.15.4 Purpose: Stimulate interesting and useful discussion leading to viable proposals Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Slide 1 Slide 1

  2. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Presentation Summary • Presents options for signaling alternate cypher suites and/or use of other security extensions for a frame • Focused on Frame by Frame over the air signaling • To avoid “icky” considered only means that: • Preserves over the air compatibility with prior versions of the standard (through 2006) • Does not create new frame type or alter existing frame format or structure of existing fields • Uses existing Aux Security header, (the 1 reserved field in ASH). Slide 2 Slide 2

  3. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Background • By ruling out the icky, ugly and really awful methods that came to mind, the following remains: • Aux-security header (ASH): Currently defined with 1 reserved bit in the Security Control field. The Security Control field is always present when the ASH is present. • Normally when using the last reserved bit or value, The best use would be to as an extension escape indication, signaling that there is more information somewhere else in the frame. • Because there is but 1 extension signal, the method used to represent the extension information must be flexible and extensible. • Proposal is to define a header information element, Security Extension IE (SEIE). This could be a multiplexed structure, or not (to discuss) Slide 3 Slide 3

  4. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Details (1) • Bit 7 of the Security Control fields be used for “extended security”. 0 means • Define a header IE for (each) security extension (HIEs follow ASH) E.g. Security extension IE: • Field 0: extension ID (1 octet) • When extension ID = AES256_ENCRYPTED No further content required • When extension ID = Something Else, Content specific to the security extension type • When ASH b7==0 no Security Extension IE expected (AES128 assumed, same as 2006-2015) Slide 4 Slide 4

  5. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Details (2) • A frame secured with a new encryption method, e.g. AES-256 encryption, would be sent with • the Security Enabled field of the Frame Control Field set to TRUE, • the Extended Security field if the Security Control Field in the ASH set to 1, and • exactly 1 SEIE following the ASH. Structure of MAC frame Slide 5 Slide 5

  6. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Structure of MAC frame Secure Frame Overview, Frame version == 2 Slide 6 Slide 6

  7. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Structure of MAC frame (2) ASH Security Control field Slide 7 Slide 7

  8. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. IE When Security Extension (SEXT) field equals 1 (TRUE), a Security Extension IE is required (shall be included) in the header IE list following the ASH. Suggestion: SEIE should be the first IE in the header IE list when present. Secure ACK: SECN device required to use the security method in the ACK used in the frame being ACK’d Slide 8 Slide 8

  9. SEXT-IE general format For signaling AES-256 is used to encrypt the frame, SEIE does not require type specific content: Future extensions may require additional content.

  10. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Compatibility • Prior (pre-SECN) implementations • Ignore reservied field (b7) in Security Control field • Ignore (skip over) SEXT-IE • Will pass CRC • Will fail MIC check • Frame will be dropped • There is overhead and an ACK may be generated • 802.15.4-2015, ACK is optional when secure frame fails security processing. ACK may be generated when CRC indicates OK • Per 802.15.4-2015 ACK would be secured • ACK would be secured using AES128 and thus should be ignored by node originating frame. • Net: some overhead but not broken. Slide 10 Slide 10

  11. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Variation 1 • Do not use Bit 7 of the Security Control fields be used for “extended security”. Still always zero. • Define Security extension IE so that presence of the IE means alternate security is used • Header IE so processed before decryption or message integrity (authentication) • Requires that SECN enabled systems must parse Header IE before deciding to accept/reject based on MIC Slide 11 Slide 11

  12. This amendment defines a PHY layer enabling the use of the 865-867 MHz band in India. The supported data rate should be at least 40 kbits per second and the typical Line of Sight (LOS) range should be on the order of 5 km using omni directional antennae. Included are any channel access and/or timing changes in the MAC necessary to support this PHY layer. Variation 2 • Roll version number • Pro: Legacy systems will abandon frame early and never generate ACK. • Con: burns last version number. • Not great unless some extensible method is added for frame version (which adds overhead). Slide 12 Slide 12

  13. Discussion

More Related