Proposed High Level Solution for Device Binding 3GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated and Alcatel-Lucent Contact(s): Anand Palanigounder, Aram Perez, Simon Mizikovsky, Recommendation: For Discussion Notice Submitters grant a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. Submitters are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by submitters to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on submitters. Submitters specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of submitters other than provided in the copyright statement above.
Overview Terms Background Solution Principles Device Binding Functionality Message Flow Still Under Discussion 2
New Terms DBF – Device Binding Functionality DBC – Device Binding Credentials FFS – For Future Study MEID_ME – Mobile Equipment Identifier associated with the mobile equipment* ME_SIG – signature calculated using the ME’s private key 3 *Already defined in C.S0005-E but is important for this presentation because “MEID” can also refer to an IE in a message that whose value depends on whether the ME has an UIM that is removable.
Background (1) This presentation proposes a high level solution for cdma200 1x networks to the Device Binding requirement in document S.R0146-0: – SEC-04: cdma2000 networks shall support a mechanism to restrict the use of a cdma2000 M2M access subscription to a specific cdma2000 M2M Device or a M2M group of devices. The solution is proposed for cdma2000 1x networks – A solution for (e)HRPD is FFS. The proposed solution presented here is based on a compromise of the two original proposals from Qualcomm Inc. and Alcatel-Lucent. 4
Solution Principles (1) The device-unique cryptographic signature MEID_SIG is requested by the RAN from the ME and transported to the Core for validation. – MSC supporting MEID_ME should also support parameters required for validating MEID_ME (MEID_SIG) The cdma2000 Status Request / Response mechanism is utilized to request and transport the signature within the RAN. – MSC will request the MEID_ME and MEID_SIG from all UEs, whether or not supporting this functionality. – Extended StatusRequest/Response Messages will handle new Records requesting and containing the MEID_ME and MEID_SIG 5
Solution Principles (2) MEs supporting the Device Binding Functionality (DBF) will respond with an authentication signature. MSC forwards returned MEID_ME and MEID_SIG to the HLR. The network-based Device Binding Functionality (DBF) verifies that MEID_SIG is received as expected, and is valid. 6
Network-based DBF The Device Binding Functionality (DBF) is a new feature in the network that – Determines whether a particular subscription (MSID) is restricted to an ME or a group of ME’s (MEID). – Maintains the mapping between MSIDs (subscription) and MEID bindings – Performs validation of the MEID_SIG and sends a response to MSC/VLR indicating whether to allow/deny service to the MS – If the subscription requires DBF, but the ME does not respond with MEID_SIG signature, the network may deny service to the ME. The DBF could be a part of an existing network element or a stand alone non-standard function. – It is assumed that the network based DBF is a part of an HLR. – A stand-alone DBF accessed by the HLR is not a subject to standardization. 7
Device-based DBF The Device Binding Functionality (DBF) is a new feature on the device that: – Retains in the secure environment the cryptographic credential (Device Binding Credential – DBC) associated with the device platform. – On request from the network generates device-unique cryptographic signature MEID_SIG, specific for the device. – Provides the MEID_SIG signature to the ME for responding to the network. The DBF can be based on symmetric and asymmetric cryptography. – The scheme supports MEID_SIG generation using symmetric secret key and asymmetric Private key. – Provisioning of either symmetric or asymmetric secrets are FFS. 8
Message Flow for cdma2000 1x 9 Items in red are new added information elements
Message Flow (2) a)The MS sends 1x Registration request to MSC b)Based on its policies, the MSC sends a Status Request with a new RECORD_TYPE requesting a MEID_SIG in addition to MEID_ME c)The ME generates a MEID_SIG using its Device Binding Credentials (DBC) d)The ME sends an Extended Response Message with its MEID_ME and the MEID_SIG from step c) to the MSC e)The MSC sends a Registration Notification (REGNOT) message to the VLR with the MSID, MEID_ME, MEID_SIG, RAND and AUTHR f)The VLR forwards the REGNOT to the HLR g)The HLR (with DBF) validates the MEID_SIG h)The HLR send a regnot to the VLR with status of MEIDValidated i)The VLR forwards the regnot to the HLR j)The HLR informs the MS that it is registered 10
Still Under Discussion When symmetric cryptography is used for MEID_SIG, how is key provisioning handled? – Outside the scope of 3GPP2? When asymmetric cryptography is used for MEID_SIG, – What algorithm should be used? – How does HLR get ME’s public key/certificate? Can a combination of both be used? All the small details 11