7 by RP5EU6


									June 2008                                                                    doc.: IEEE 802.22-07/0370r100

                                                       IEEE P802.22
                                                       Wireless RANs

                         Table of Content for the Security Section in 802.22
                                                    Date: 2008-06-12

  Name               Company                      Address                                Phone                   email
      Apurva                                       P.O. Box 868, MER 15-2350,              603-885-2621               tems.com,
                          BAE Systems                                                                            apurva_mody@yahoo
      Mody                                           Nashua, NH 03061-0868                 404-819-0314
   Ranga Reddy        US Army (CERDEC)                    Ft Monmouth, NJ                          -                     y.mil
   Tom Kiernan        US Army (CERDEC)                    Ft Monmouth, NJ                          -                   army.mil

This document provides the table of contents for the Security Section in 802.22

Notice: This document has been prepared to assist IEEE 802.22. It is offered as a basis for discussion and is not binding on the
contributing individual(s) or organization(s). The material in this document is subject to change in form and content after
further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE
Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit
others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and
accepts that this contribution may be made public by IEEE 802.22.

Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures
<http://standards.ieee.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known
use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with
respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the
Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in
the development process and increase the likelihood that the draft publication will be approved for publication. Please notify
the Chair <Carl R. Stevenson> as early as possible, in written or electronic form, if patented technology (or technology under
patent application) might be incorporated into a draft standard being developed within the IEEE 802.22 Working Group. If you
have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>.

Submission                                                 page 1                         Apurva Mody, BAE Systems
June 2008                                               doc.: IEEE 802.22-07/0370r100

Table of Contents for the Security Section in 802.22

7. Security sublayers
  7.1 Security Sublayer Architecture for the Data / Control and Management Planes
    7.1.1 Secure Encapsulation of MPDUs
    7.1.2 Secure Encapsulation of MAC Headers and Management Messages
    7.1.3 Key management protocol
    7.1.4 Authentication protocol
    7.1.5 Mapping Connections to SAs
    7.1.6 Cryptographic Suite
  7.2 Security Sublayer Architecture for the Cognitive Plane
  7.3 PKM protocol
    7.3.1 PKM Version 1 Security Associations (SAs) SS authorization and AK exchange overview Authorization via RSA authentication protocol TEK exchange overview Security capabilities selection Authorization state machine TEK state machine
      7.3.2 PKM Version 2 TEK exchange overview for PMP topology Key derivation
 Authorization Key (AK) derivation
 Key Encryption Key (KEK) derivation
 Group Key Encryption Key (GKEK) derivation
 Traffic Encryption Key (TEK)
 Group Traffic Encryption Key (GTEK)
 Reserved (Earlier MBS Traffic Key (MTK))
 Message authentication keys (HMAC/CMAC) and KEK derivation
 Key hierarchy
 Maintenance of PMK and AK
 PKMv2 PMK and AK switching methods Associations
 Security associations
 Group Security Association
 Reserved (Earlier Multicast Broadcase Service (MBS) Group Security Association) Security context AK context GKEK context PMK context PAK context Authentication state machine TEK state machine
  7.4 Dynamic SA Creation and Mapping
  7.5 Key Usage

Submission                                 page 2                Apurva Mody, BAE Systems
June 2008                                           doc.: IEEE 802.22-07/0370r100

 7.6 Cryptographic methods
   7.6.1 Data Encryption methods Reserved (Earlier Data encryption with DES in CBC mode) Data encryption with AES in CCM mode
   7.6.2 Encryption of the TEK
   7.6.3 Calculation of HMAC-Digests
   7.6.4 Derivation of TEKs, KEKs, and message authentication keys Reserved (DES Keys) Key Encryption Keys (KEKs) HMAC Authentication Keys Cipher-based Message Authentication Code (CMAC) Derivation of TEKs, KEKs, message authentication keys and GKEKs in PKMv2 Key derivation functions for PKMv2
   7.6.5 Public-key Encryption of AK
   7.6.6 Digital Signatures
 7.7 Certificate Profile
   7.7.1 Certificate format tbsCertificate.validity.notBefore and tbsCertificate.validity.notAfter tbsCertificate.serialNumber tbsCertificate.signature and signatureAlgorithm tbsCertificate.issuer and tbsCertificate.subject Manufacturer certificate SS certificate BS certificate tbsCertificate.subjectPublicKeyInfo tbsCertificate.issuerUniqueID and tbsCertificate.subjectUniqueID tbsCertificate.extensions SS certificates Manufacturer certificates SignatureValue
   7.7.2 SS certificate storage and management in the SS
   7.7.3 Certificate processing and management in the BS
 7.8 Pre-Authentication
 7.9 PKMv2
   7.9.1 PKMv2 SA-TEK 3-way handshake
   7.9.2 BS and SS RSA mutual authentication and AK exchange overview
   7.9.3 Reserved (Multicast Broadcast Service (MBS) support)
 7.10 Reserved (Earlier Optional multicast and broadcast rekeying algorithm (MBRA))
 7.11 Security Mechanisms for the Cognitive Plane

Submission                              page 3               Apurva Mody, BAE Systems

To top