1 / 27

Security Clarifications for IEEE 802.15.4 MAC

This document proposes enhancements to the security of the IEEE 802.15.4 MAC, discussing data structures and security parameters for outgoing frames.

traub
Download Presentation

Security Clarifications for IEEE 802.15.4 MAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security clarifications] Date Submitted: [20 January, 2005] Source: [Robert Cragie] Company [Jennic Ltd.] Address [Furnival Street, Sheffield, S1 4QT, UK] Voice:[+44 114 281 4512], FAX: [+44 114 281 2951], EMail:[rcc@jennic.com] Re: [Response to the call for proposal of IEEE 802.15.4b, Security enhancements] Abstract: [Discussion for several potential enhancements for current IEEE 802.15.4 MAC] Purpose: [For the discussion at IEEE 802.15.4b Study Group] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Robert Cragie, Jennic Ltd.

  2. Security Clarifications Robert Cragie Jennic Limited Robert Cragie, Jennic Ltd.

  3. Introduction • Proposes data structures for enhancements to security • Companion document in 15-04-0539 Robert Cragie, Jennic Ltd.

  4. Outgoing frame security parameters • Key • Nonce • Frame Counter • Source Extended Address • Security Control • Where the authentication data ends and where the encrypted data starts • Dependent on frame type and security level Robert Cragie, Jennic Ltd.

  5. Security Material classes • Two classes of Security Material • Link Key • Network Key • The names may not be entirely appropriate but are familiar to the security subgroup Robert Cragie, Jennic Ltd.

  6. Link key • Key shared between two devices only • Point-to-point frame (source to destination) • Implicit lookup information at destination • Source address could also be transported (see also Device Lookup table optimisations) • Source: • Key Lookup: Destination address and Source Address (but Source address is always self, therefore not encoded) • Device Lookup: Source address (i.e. self) • Destination • Key Lookup: Destination address and Source Address (but Destination address is always self, therefore not encoded) • Device Lookup: Source address Robert Cragie, Jennic Ltd.

  7. Network key (1) • Key sequence shared across multiple devices • Owner is Key Source, which has an Identifier (e.g. a Trust Centre combined with a Key Sequence Number) • The Key Source Identifier is unique over the lifetime of the system • There is a notion of ‘current Key Source Identifier’, which is always used by the source device to lookup key • Current Key Source Identifier is always transported in frame to provide explicit lookup information at destination Robert Cragie, Jennic Ltd.

  8. Network key (2) • Source address could also be transported (see also Device Lookup table optimisations) • Point-to-point, broadcast or group address frame (source to destination(s)) • Source: • Key Lookup: Key Source Identifier • Device Lookup: Source address (i.e. self) • Destination • Key Lookup: Key Source Identifier • Device Lookup: Source address Robert Cragie, Jennic Ltd.

  9. Key sequence • Network Key is infact a sequence of keys • The current key being used is indicated by the Key Sequence Number • When a particular key in a sequence cannot be used any more, e.g. due to frame counter wrapping, it is ‘retired’ and never used again • The Key Sequence Number is then incremented, indicating that the next key in the sequence is then used Robert Cragie, Jennic Ltd.

  10. MAC PIB tables for security Key Table lookup Key Table Key Table entry Destination Filter Table Destination Filter Table Device Table lookup Device Table Device Table entry Destination Filter Table Destination Filter Table Source Filter Table lookup Source Filter Table Source Filter Table entry Destination Filter Table Destination Filter Table Destination Filter Table lookup Destination Filter Table Destination Filter Table entry Destination Filter Table Destination Filter Table MAC PIB Robert Cragie, Jennic Ltd.

  11. Key Table • A table of keys which can be matched to to retrieve the key information for the unsecuring process Robert Cragie, Jennic Ltd.

  12. Device Table • A table of devices which can be matched to to retrieve • Nonce extended address • Frame counter for freshness checking • Security level for checking Robert Cragie, Jennic Ltd.

  13. Source Filter Table • A table of source addresses which can be matched to to allow limiting of devices you wish to receive from • ‘backwards group addressing’ • Perhaps should not be considered as part of security but frame filtering process Robert Cragie, Jennic Ltd.

  14. Destination Filter Table • A table of destination addresses which can be matched to to allow group addressing • Perhaps should not be considered as part of security but frame filtering process • Already done in a fashion; broadcast address and self-address matching already specified in 802.15.4-2003 Robert Cragie, Jennic Ltd.

  15. Lookup method • As tables are used, there must be some sort of lookup method; Idea is to capture only what data and class of data can be used for the lookup • Data used to lookup can conceptually be anything up to 8 octets (i.e. extended address) • It may be possible to have more than one matching method per table entry (e.g. short address and extended address matching) • How the lookup list and matching method is implemented is deliberately not specified and left to the implementer (e.g. could be hash table, relational database etc.) Robert Cragie, Jennic Ltd.

  16. Key Table entry • Key • Device List • A list of devices using this key, including whether they are blacklisted Robert Cragie, Jennic Ltd.

  17. Key Table lookup • Lookup List • A list of Lookup Descriptors which are used to match to • PAN ID and short address pair • Extended address • Trust centre number and key sequence number pair • In the most generic case, a variable length number which needs to be bitwise matched with another number of the same length Robert Cragie, Jennic Ltd.

  18. Device Table entry • Extended Address • Used for nonce • Frame Counter • Used for freshness checking • Minimum Security Level • Used to discard frames which do not meet minimum security level • Depends on frame type as well • There is one entry for yourself and one entry for each device you are in communication with Robert Cragie, Jennic Ltd.

  19. Device Table lookup • Lookup Entry • A Lookup Descriptor which is used to match to • Can only be PAN ID and short address pair • Device Table entry’s Extended Address can always be used to match to • In the most generic case, a variable length number which needs to be bitwise matched with another number of the same length Robert Cragie, Jennic Ltd.

  20. Device Table lookup optimisations • If the extended address can always be implied from the frame, there is no need to store an extended address in a Device Table entry • This means: • Either explicitly transporting the extended address • Or always using source address mode equal to 3 • Tradeoff: • Longer frames or less room for payload • Less storage requirement Robert Cragie, Jennic Ltd.

  21. Source Filter Table entry • No data – purely used for membership testing Robert Cragie, Jennic Ltd.

  22. Source Filter Table lookup • Lookup Entry • A Lookup Descriptor which is used to match to • PAN ID and Short Address • Extended Address • In the most generic case, a variable length number which needs to be bitwise matched with another number of the same length Robert Cragie, Jennic Ltd.

  23. ACL mode • Simply implemented using Source Filter Table • This could be combined with Device Table for optimisation in certain implementations • If matched in Source Filter Table, can be considered to be pass filtering Robert Cragie, Jennic Ltd.

  24. Restricting mandates • Propose not use any text which implies: • Sharing of MAC PIB with higher layers • Single-threaded operation • These are entirely implementation-specific issues and have no place in a specification • This categorically does not preclude an implementation from implementing it in this fashion should it so choose. Robert Cragie, Jennic Ltd.

  25. Frame counters • Propose to not use compressed form, as wraparound can occur quite quickly • Propose to have a Frame Counter per protocol stack level, e.g. the one used at the MAC level is independent from the one used at a network layer level • This is because essentially the frame counter is changes on every frame secured at that particular stack level. Robert Cragie, Jennic Ltd.

  26. Group addressing • Simply a form of packet filtering using the Destination Filter Table • Network Key essentially becomes a ‘Group Key’, i.e. is distributed only to nodes in the group • Propose to base it on bitmap and mask • No further implication as destination address of frame is never used for Network Key lookup. Robert Cragie, Jennic Ltd.

  27. Automatic Device Table entry addition • A method to prevent having to preconfigure the Device Table • If you receive a frame and it successfully looks up the key, then allocate a temporary Device Table entry for it • If the unsecuring process passes, install the Device Table entry into the Device Table • Need a PIB attribute to allow this or not Robert Cragie, Jennic Ltd.

More Related