7 by RP5EU6

VIEWS: 1 PAGES: 3

									June 2008                                                                    doc.: IEEE 802.22-07/0370r100

                                                       IEEE P802.22
                                                       Wireless RANs

                         Table of Content for the Security Section in 802.22
                                                    Date: 2008-06-12

  Author(s):
  Name               Company                      Address                                Phone                   email
                                                                                                                 apurva.mody@baesys
      Apurva                                       P.O. Box 868, MER 15-2350,              603-885-2621               tems.com,
                          BAE Systems                                                                            apurva_mody@yahoo
      Mody                                           Nashua, NH 03061-0868                 404-819-0314
                                                                                                                         .com
                                                                                                                 Ranga.reddy@us.arm
   Ranga Reddy        US Army (CERDEC)                    Ft Monmouth, NJ                          -                     y.mil
                                                                                                                 Thomas.kiernan@us.
   Tom Kiernan        US Army (CERDEC)                    Ft Monmouth, NJ                          -                   army.mil



                                                           Abstract
This document provides the table of contents for the Security Section in 802.22




Notice: This document has been prepared to assist IEEE 802.22. It is offered as a basis for discussion and is not binding on the
contributing individual(s) or organization(s). The material in this document is subject to change in form and content after
further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE
Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit
others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and
accepts that this contribution may be made public by IEEE 802.22.

Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures
<http://standards.ieee.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known
use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with
respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the
Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in
the development process and increase the likelihood that the draft publication will be approved for publication. Please notify
the Chair <Carl R. Stevenson> as early as possible, in written or electronic form, if patented technology (or technology under
patent application) might be incorporated into a draft standard being developed within the IEEE 802.22 Working Group. If you
have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>.




Submission                                                 page 1                         Apurva Mody, BAE Systems
June 2008                                               doc.: IEEE 802.22-07/0370r100


Table of Contents for the Security Section in 802.22

7. Security sublayers
  7.1 Security Sublayer Architecture for the Data / Control and Management Planes
    7.1.1 Secure Encapsulation of MPDUs
    7.1.2 Secure Encapsulation of MAC Headers and Management Messages
    7.1.3 Key management protocol
    7.1.4 Authentication protocol
    7.1.5 Mapping Connections to SAs
    7.1.6 Cryptographic Suite
  7.2 Security Sublayer Architecture for the Cognitive Plane
  7.3 PKM protocol
    7.3.1 PKM Version 1
        7.3.1.1 Security Associations (SAs)
        7.3.1.2 SS authorization and AK exchange overview
        7.3.1.3.1 Authorization via RSA authentication protocol
        7.3.1.4 TEK exchange overview
        7.3.1.5 Security capabilities selection
        7.3.1.6 Authorization state machine
        7.3.1.7 TEK state machine
          7.3.1.7.5 Actions
      7.3.2 PKM Version 2
        7.3.2.1 TEK exchange overview for PMP topology
        7.3.2.2 Key derivation
          7.3.2.2.x Reserved
          7.3.2.2.3 Authorization Key (AK) derivation
          7.3.2.2.4 Key Encryption Key (KEK) derivation
          7.3.2.2.5 Group Key Encryption Key (GKEK) derivation
          7.3.2.2.6 Traffic Encryption Key (TEK)
          7.3.2.2.7 Group Traffic Encryption Key (GTEK)
          7.3.2.2.8 Reserved (Earlier MBS Traffic Key (MTK))
          7.3.2.2.9 Message authentication keys (HMAC/CMAC) and KEK derivation
          7.3.2.2.10 Key hierarchy
          7.3.2.2.11 Maintenance of PMK and AK
          7.3.2.2.12 PKMv2 PMK and AK switching methods
        7.3.2.3 Associations
          7.3.2.3.1 Security associations
          7.3.2.3.2 Group Security Association
          7.3.2.3.3 Reserved (Earlier Multicast Broadcase Service (MBS) Group Security Association)
        7.3.2.4 Security context
        7.3.2.4.1 AK context
        7.3.2.4.2 GKEK context
        7.3.2.4.3 PMK context
        7.3.2.4.4 PAK context
        7.3.2.5 Authentication state machine
        7.3.2.6 TEK state machine
  7.4 Dynamic SA Creation and Mapping
  7.5 Key Usage

Submission                                 page 2                Apurva Mody, BAE Systems
June 2008                                           doc.: IEEE 802.22-07/0370r100

 7.6 Cryptographic methods
   7.6.1 Data Encryption methods
     7.6.1.1 Reserved (Earlier Data encryption with DES in CBC mode)
     7.6.1.2 Data encryption with AES in CCM mode
   7.6.2 Encryption of the TEK
   7.6.3 Calculation of HMAC-Digests
   7.6.4 Derivation of TEKs, KEKs, and message authentication keys
     7.6.4.1 Reserved (DES Keys)
     7.6.4.2 Key Encryption Keys (KEKs)
     7.6.4.3 HMAC Authentication Keys
     7.6.4.4 Cipher-based Message Authentication Code (CMAC)
     7.6.4.5 Derivation of TEKs, KEKs, message authentication keys and GKEKs in PKMv2
     7.6.4.6 Key derivation functions for PKMv2
   7.6.5 Public-key Encryption of AK
   7.6.6 Digital Signatures
 7.7 Certificate Profile
   7.7.1 Certificate format
     7.7.1.1 tbsCertificate.validity.notBefore and tbsCertificate.validity.notAfter
     7.7.1.2 tbsCertificate.serialNumber
     7.7.1.3 tbsCertificate.signature and signatureAlgorithm
     7.7.1.4 tbsCertificate.issuer and tbsCertificate.subject
     7.7.1.4.1 Manufacturer certificate
       7.7.1.4.2 SS certificate
       7.7.1.4.3 BS certificate
     7.7.1.5 tbsCertificate.subjectPublicKeyInfo
     7.7.1.6 tbsCertificate.issuerUniqueID and tbsCertificate.subjectUniqueID
     7.7.1.7 tbsCertificate.extensions
       7.7.1.7.1 SS certificates
       7.7.1.7.2 Manufacturer certificates
       7.7.1.8 SignatureValue
   7.7.2 SS certificate storage and management in the SS
   7.7.3 Certificate processing and management in the BS
 7.8 Pre-Authentication
 7.9 PKMv2
   7.9.1 PKMv2 SA-TEK 3-way handshake
   7.9.2 BS and SS RSA mutual authentication and AK exchange overview
   7.9.3 Reserved (Multicast Broadcast Service (MBS) support)
 7.10 Reserved (Earlier Optional multicast and broadcast rekeying algorithm (MBRA))
 7.11 Security Mechanisms for the Cognitive Plane




Submission                              page 3               Apurva Mody, BAE Systems

								
To top