security comparison IEEE802.3ah Ethernet in the First Mile1 Encryption layer comparison.ppt/ 10.07.2002 / OPH Encryption layer comparison Yannick Le Goff, France Telecom Yukihiro Fujimoto, NTT Ken Murakami, Mitsubishi Electric Onn Haran, Passave Olli-Pekka Hiironen, Nokia IEEE802.3ah Ethernet in the First Mile2 Encryption layer comparison.ppt/ 10.07.2002 / OPH Encryption options • RS • Encryption functions on Emulation sub-layer • 3 indications is preamble • Full frame (DA - FCS) encrypted • MAC control with MIC field • Encryption functions on lower part of MAC control • ENC tag [2 bytes] inserted to frame, includes 2 indications • Payload encrypted • Message Integrity Code (MIC) [4 bytes] inserted before FCS field • MAC control without MIC field • Encryption functions on lower part of MAC control • ENC tag [2 bytes] inserted to frame, includes 2 indications • Payload encrypted • IPsec • IPsec tunnel between OLT and ONU • Encryption and message authentication IEEE802.3ah Ethernet in the First Mile3 Encryption layer comparison.ppt/ 10.07.2002 / OPH Security objectives • Authentication • the network wants to be sure about ONU’s identity • the network wants to have means to verify that the message received and presumably created by ONU A did indeed originate from ONU A • Access control • the network wants to restrict access to resources to privileged ONUs • requires authentication • Confidentiality • keeping information secret from all but those who are authorized to see it • Privacy • it is not possible to infer confidential data by passive attacks, e.g. analysis of traffic volume or destination • Data Integrity • the receiver wants to be sure that the received message has not been modified IEEE802.3ah Ethernet in the First Mile4 Encryption layer comparison.ppt/ 10.07.2002 / OPH Encryption layer comparison Requirement and importance in EPON RS MAC ctr w/ MIC MAC ctr w/o MIC IPsec Authentication High Yes Yes No Yes Access control High Yes Yes No Yes Payload confidentiality High Yes Yes Yes Yes OAM confidentiality Moderate Yes Yes Yes No Decryption error checking High Yes Yes No Yes Privacy Moderate Yes No No No Data Integrity Low No Yes No Yes Protocols High Ethernet Ethernet Ethernet IP OLT and ONU High Switch Switch Switch Router Complexity High Low Moderate Low High IEEE802.3ah Ethernet in the First Mile5 Encryption layer comparison.ppt/ 10.07.2002 / OPH Security baseline proposal (RS) • Definition of Encryption functions to Emulation sub-layer • Functions are optional • Functions are per LLID • Functions have unchanging delay • Functions maintain frame length • Actions to frame: Encrypt/decrypt full frame, add/remove 3 indications [4 bits] to/from preamble • Static parameters from/to registers: 2 indications, encryption keys • Out of scope of security baseline • Authentication • Key exchange • Re-keying • Cipher IEEE802.3ah Ethernet in the First Mile6 Encryption layer comparison.ppt/ 10.07.2002 / OPH Security baseline proposal (MAC control) • Definition of Encryption functions to MAC control sub-layer • Functions are optional • Functions are per port • Functions have unchanging delay • Functions change 6 bytes frame length • Actions to frame: Encrypt/decrypt payload, add/remove ENC tag [2 bytes] before payload, add/remove MIC [4 bytes] after payload • Static parameters from/to registers: 3 indications, encryption keys • Out of scope of security baseline • Authentication • Key exchange • Re-keying • Cipher

> > > > Best Regards, > > Yoshihiro Ohba > > > > > -- > Clint (JOATMON) Chaplin > Principal Engineer > Corporate Standardization (US) > SISA Follow-Ups : Re: [802.21] Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba References : Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba Re: [802.21] Security SG: Scope issues (MIH-level Security) From: Clint Chaplin Prev by Date: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by Date: 802.21 SB Recirculation Previous by thread: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by thread: Re: [802.21] Security SG: Scope issues (MIH-level Security) Index(es): Date Thread

> > Best Regards, > Yoshihiro Ohba > -- Clint (JOATMON) Chaplin Principal Engineer Corporate Standardization (US) SISA Follow-Ups : RE: [802.21] Security SG: Scope issues (MIH-level Security) From: Ron Pon References : Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba Prev by Date: Security SG: Harmonization effort Next by Date: Security SG: Scope issues (MIH-level Security) Previous by thread: Security SG: Scope issues (MIH-level Security) Next by thread: RE: [802.21] Security SG: Scope issues (MIH-level Security) Index(es): Date Thread

Including this would address system level security and interoperability. > I agree that we need more work to regard transport-level security equivalent to MIH-level security.

> > > >Best Regards, > >Yoshihiro Ohba References : Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba Re: [802.21] Security SG: Scope issues (MIH-level Security) From: Lily Chen Prev by Date: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by Date: Re: [802.21] Security SG: Scope issues (MIH-level Security) Previous by thread: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by thread: Security SG: Harmonization effort Index(es): Date Thread

Best Regards, Yoshihiro Ohba Follow-Ups : Re: [802.21] Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba References : Security SG: Scope issues (MIH-level Security) From: Yoshihiro Ohba Prev by Date: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by Date: RE: [802.21] Security SG: Scope issues (MIH-level Security) Previous by thread: Re: [802.21] Security SG: Scope issues (MIH-level Security) Next by thread: Re: [802.21] Security SG: Scope issues (MIH-level Security) Index(es): Date Thread

I believe the security contributions have done much to balance continuity of 16d security concepts and mechanics with 16e harsh security requirements.  

I agree with people who believe that security requires security experts.

[STDS-802-16] [802.16m] [Security] Security RG Comment Resolution Agenda Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index [STDS-802-16] [802.16m] [Security] Security RG Comment Resolution Agenda To : STDS-802-16@LISTSERV.IEEE.ORG Subject : [STDS-802-16] [802.16m] [Security] Security RG Comment Resolution Agenda From : "Reddy, Ranga Mr CIV USA USAMC" < ranga.reddy@US.ARMY.MIL > Date : Mon, 10 Nov 2008 21:22:41 -0600 Delivered-to : mhonarc@GROUPER.IEEE.ORG In-reply-to : < f73eb51d51b1.490bc195@us.army.mil > List-help : < http://listserv.ieee.org/cgi-bin/wa?

– Haran_P2MP_2_0702.pdf and “EPON properties for Security” discuss techniques that have the necessary small number of bits < 1-Byte). – More analysis is necessary to see if such techniques can provide the necessary level of security.

Security SG: MIH-level security goals, use cases and considerations Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Security SG: MIH-level security goals, use cases and considerations To : stds-802-21@LISTSERV.IEEE.ORG Subject : Security SG: MIH-level security goals, use cases and considerations From : Yoshihiro Ohba < yohba@tari.toshiba.com > Date : Sun, 10 Feb 2008 20:27:05 -0500 List-Help : < http://listserv.ieee.org/cgi-bin/wa?

Secured tunnelling is > achieved by it.

Two categories of "security" Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Two categories of "security" To : STDS-802-21@LISTSERV.IEEE.ORG Subject : Two categories of "security" From : "Clint Chaplin" < clint.chaplin@gmail.com > Date : Thu, 11 Oct 2007 17:57:49 -0700 List-Help : < http://listserv.ieee.org/cgi-bin/wa?

The Security Task Group will handle the 802.21a project and any other Security related issues in 802.21.  

This hierarchy does not imply administrative containment, nor does it imply a strict tree topology. " Best Regards, Yoshihiro Ohba Follow-Ups : Re: [802.21] Security SG: Scope issues From: komarova RE: [802.21] Security SG: Scope issues From: Ron Pon RE: [802.21] Security SG: Scope issues From: Meylemans, Marc RE: [802.21] Security SG: Scope issues From: Ron Pon RE: [802.21] Security SG: Scope issues From: Han James-CJH048 Prev by Date: RE: [802.21] Security SG: Scope issues Next by Date: Re: [802.21] Security SG: Definition of Administrative Domain Previous by thread: MRPM SG Call this week Next by thread: RE: [802.21] Security SG: Scope issues Index(es): Date Thread

Security TG teleconference schedule Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Security TG teleconference schedule To : STDS-802-21@xxxxxxxxxxxxxxxxx Subject : Security TG teleconference schedule From : Yoshihiro Ohba < yohba@xxxxxxxxxxxxxxxx > Date : Tue, 19 May 2009 09:21:58 -0400 Delivered-to : mhonarc@xxxxxxxxxxxxxxxx List-help : < http://listserv.ieee.org/cgi-bin/wa?

Regards, Yoshihiro Ohba Prev by Date: 802.21 SB Recirculation Next by Date: Re: [802.21] Security SG: Scope issues (MIH-level Security) Previous by thread: Security SG: Scope issues (MIH-level Security) Next by thread: MIH transport solution as MIPSHOP WG draft Index(es): Date Thread

Security SG Meeting Report Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Security SG Meeting Report To : stds-802-21@LISTSERV.IEEE.ORG Subject : Security SG Meeting Report From : Yoshihiro Ohba < yohba@tari.toshiba.com > Date : Fri, 16 May 2008 01:28:23 -0400 List-Help : < http://listserv.ieee.org/cgi-bin/wa?

Security SG Meeting Agenda Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Security SG Meeting Agenda To : stds-802-21@LISTSERV.IEEE.ORG Subject : Security SG Meeting Agenda From : Yoshihiro Ohba < yohba@tari.toshiba.com > Date : Fri, 11 Jul 2008 18:33:57 -0400 Delivered-to : mhonarc@GROUPER.IEEE.ORG List-help : < http://listserv.ieee.org/cgi-bin/wa?

Reminder: Security SG teleconference Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index Reminder: Security SG teleconference To : stds-802-21@listserv.ieee.org Subject : Reminder: Security SG teleconference From : Yoshihiro Ohba < yohba@tari.toshiba.com > Date : Tue, 1 Apr 2008 19:17:08 -0400 List-Help : < http://listserv.ieee.org/cgi-bin/wa?

MIH Services Security Thread Links Date Links Thread Prev Thread Next Thread Index Date Prev Date Next Date Index MIH Services Security To : < STDS-802-21@LISTSERV.IEEE.ORG > Subject : MIH Services Security From : < Michael.G.Williams@nokia.com > Date : Mon, 7 Jan 2008 19:48:15 -0600 In-Reply-To : A< 20080107182836.GO22289@steelhead.localdomain > List-Help : < http://listserv.ieee.org/cgi-bin/wa?

Using the same nonce for two different messages encrypted with the same key destroys the security properties of this mode. — The message m, consisting of a string of l(m) octets where 0 ≤ l(m) < 28L.

Using the same nonce for two different messages encrypted with the same key destroys the security properties of this mode. — The message m, consisting of a string of l(m) octets where 0 ≤ l(m) < 28L.

802.16 Security TG Proposal 802.16 Security TG Proposal IEEE 802.16 Presentation Submission Document Number: IEEE S802.16mgt-04/02 Date Submitted: 2004-05-11 Source: David Johnston Voice: 503 264 3855 Intel Fax: 503 202 5047 2111 NE 25th E-mail: dj.johnston@intel.com, david.johnston@ieee.org Hillsboro, OR 97124 Venue: May 2004 802.16 Interim, Schenzen, China Base Document: Purpose: Proposal to form a security task group within the 802.16 WG.

Consideration will be made to ensure that compatibility is maintained with IEEE 802 security mechanisms and that existing security mechanisms are not compromised.