1. Session #57 Security Contribution Summary IEEE 802.16 Presentation Submission Template (Rev. 9) Document Number: C802.16m-08/1223r2 Date Submitted: 2007-09-17 Source: David Johnston, Intel Corporation Voice: Ranga Reddy, US Army E-mail:david.johnston@ieee.org Wei-peng Chen, Fujitsu Venue: Kobe, September 08 Base Contribution: Purpose: Informational Summary of Security contributions submitted to 802.16 session #57. Notice: This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16. Patent Policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: and.http://standards.ieee.org/guides/bylaws/sect6-7oman/se. Further information is located at <htFurther information is located at and.ateriml> and <

2. Security Comments #T/EDoc#SubjectNotes/Harmonization Suggestions 41T Role of security management block 542T9075r12Management Frame Protection Erroneous doc number. Should be 905r2. Harmonize with 987 ? 543E Location of security section - in mac or on its own 544T907r1Dynamic CMAC lengthHarmonize with 545/Doc 1141 ? 545T1141 Authenticated HCS for signalling headersHarmonize with 544/ Doc 907r1 ? 546T966New encrypted PDU formatHarmonize with #604/doc 923 ? 547T879r1 Polynomial TEK Derivation / Distributed trust 548T880r1MS ID Privacy, through CertsHarmonize with 542 doc905r2 ? 549T881r1 ECC Crypto instead of RSA in authorization 550T1099r2MAP Protection 551T1087 MSID Privacy & MFP, using Temporay ID. 552T1167 Authentication before capability exchange 553T11681 byte PNHarmonize with 604 & 546 ? 554T1169Encryption at SDU level 604T923 PDU Sequence number replacing PNHarmonize with #546 / Doc 966 ?

3. Security Contributions Without Comments (1/2) T/EDoc#Subject Notes T892r1 Secure Multicast. GTEK updates etc. T987Management Frame Protection Harmonize with 905r2 ? T988Derived TEKs T989 MAC Address Privacy through temp IDs Harmonize with 880r1, 1087, 1119r2, 1088 ? T1119r2 MAC Address Privacy through DH or RSA tunnel setup

4. Proposal Concepts Management Frame Protection/MAP Protection –905r2, 1099r2, 1087, 987 PN Size Reduction / Authentication Tuple overhead reduction –966, 1168, 923 MS ID Privacy –880r1, 1087, 989, 1119r2, 1088 Uplink header authentication –907r1, 1141, Link Cipher at MAC CS –1169 Derived TEKs, Multicast GTEK Update –879r1, 892r1, 988 Dynamic SA creation –879r1 ECC Certificates –881r1 Authentication before Capability Exchange –1167, 760r3 Others/Misc – Comment #41, #543

5. Non Security Classified Contributions with Security Overlap 760r3 –Proposes Authentication before capability exchange 906r1 –Compressed MAC header. Proposes 3-state EKS to merge EKS and EC bits. 1059 –Short MAC header formats Proposes no encryption mode & 1 bit EKS. 1067 –Manipulation of EC, EKS and PN 1081 –1 bit EKS & removed EC 1088 –MS ID Hiding. Should be MAC: Security

6. RG Presentation Suggestions Management Frame Protection/MAP Protection –987, 1099r4 PN Size Reduction / Authentication Tuple overhead reduction –923 MS ID Privacy –1119r2, 1088, 880r2 Uplink Header Authentication –907r1, 1141 Link Cipher @ MAC CS –1169 Derived TEK, Multicast GTEK Update –879r1, 988 Dynamic SA creation –879 ECC certificates –881r4 For the discussion here at the session some priority is being given to contributions that were classified as “Security”. Contributions that are not discussed here will still be given an opportunity during RG discussions on email reflector and text development.