July 21, 2008 Alcatel Lucent ABSTRACT: Proposed is key derivation for eHRPD RAN Handoff. RECOMMENDATION: Review and approve. Notice Contributors grant.

Slides:

Advertisements

Similar presentations

Title:System Selection Record/MMSS Interaction with EUTRA-Record for eHRPD to LTE Idle Reselection Source: George Cherian, Ravi Patwardhan, Young Yoon.

Advertisements

XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.

3GPP2 A r0 3GPP2 C xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.

Proposed High Level Solution for Device Binding 3GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated and Alcatel-Lucent Contact(s): Anand Palanigounder,

1 UATI-IP address mapping Peerapol Tinnakornsrisuphap David Ott Qualcomm.

China Telecomm Peirong Xie ZTE Corporation Rajesh Bhalla Huawei Jixing Liu

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

ABSTRACT: This contribution proposes the HRPD-WiMAX handoff solution. TITLE: HRPD-WiMAX Handoff TSG-A WG4 RECOMMENDATION: Review and Adopt Samsung Electronics.

1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -

© Alcatel-Lucent | M2M Numbering | April 12, GPP2 M2M TITLE Numbering in 3GPP2 for M2MSOURCE Mike Dolan, Alcatel-Lucent, Mike.

1x Device Binding Framework Overview to TSG-AC 3GPP2 TSG-AC AC Source: TSG-SX WG4 Contact(s): Anand Palanigounder,

Revised Solution for Device Binding Revised from S GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

ABSTRACT: This contribution contains our analysis of S-RNC placement in the Evolved Network Architecture. TITLE: S-RNC Location in the Evolved Network.

Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.

Security Framework for (e)HRPD 1 S GPP2 TSG-S WG4 Source: QUALCOMM Incorporated Contact(s): Anand Palanigounder

1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

Enhanced xHRPD Overview Masa Shirota and Jun Wang Qualcomm Inc. March 18, GPP2 Kyoto Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants.

IP Packet Tunneling and Routing in UMB March 26 th, 2007 Qualcomm/Alcatel-Lucent/Hitachi Notice Contributors grant a free, irrevocable license to 3GPP2.

Authentication Profile for UICC- less eHRPD Terminals QUALCOMM Incorporated Contact(s): Anand Palanigounder Jun Wang.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

Broadcast/Multicast Priority List JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

QUALCOMM PROPRIETARY 3GPP2 Network Evolution Architecture Dec. 04, 2006 Lucent Technologies Nortel Networks Qualcomm Inc. Hitachi, Ltd Huawei Technologies.

X xxx China Telecom Requirements on Accounting at HA/LMA Title: Accounting at HA/LMA for cdma2000 (Work Item # 3GPP ) Sources: China Telecom.

Page 1 January 16, 2008 Source: 3GPP2 TSG-S WG4 (Security) Contacts: Anand Palanigounder, Chair, TSG-S WG4 ( Zhibi Wang,

Proposed 1x Device Binding Solution Based on SX & SX GPP2 TSG-SX WG4 SX Source(s): Qualcomm Incorporated.

Proposed Solution for Device Binding 3GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

May 12, 2008 Alcatel Lucent, Cisco, Motorola, Nortel, Verizon ABSTRACT: Proposed is additional key hierarchy and derivation for EPS access over eHRPD.

1 1xBCMCS – Registration for Paging Ragulan Sinnarajah QUALCOMM Incorporated September 15 Notice.

1 Authentication and User Profile April 24, 2007 Jun Wang QUALCOMM Inc. Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

Source companies grant a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained.

HRPD Connection Layer Protocols for Inter-technology Handoff March 31 st, 2008 Peerapol Tinnakornsrisuphap

Title: Placement of ROHC, Authenticator and Requirements for a robust Mobility Management Scheme Abstract: This contribution proposes a new architectural.

X xxx ZTE Discussion on cdma2000 Charging with PCC Title: Discussion on handover indicator transfer in S2a Sources: China Telecom, Huawei, Alcatel-Lucent.

Dec GPP2 TSG-X PDS 1 BCMCS Higher-Layer Encryption Raymond Hsu, Jun Wang Qualcomm Inc. Dec Notice QUALCOMM Incorporated grants a free, irrevocable.

3GPP2 SX r0 TSG-SX WG3 - PDS Title: Overview of the 3GPP TFT change and Possible Solutions Source: TSG-SX WG3 Chair and Vice Chair Abstract:

ABSTRACT: This contribution introduces the inter-RAT fast handover solution. TITLE: Inter-Radio Access Technology Fast Handover TSG-A WG4 RECOMMENDATION:

1 | L2-Tunnel based – Inter-tech. HO | October 29, 2007 Title: An L2-Tunnel based method for UMB-HRPD Inter-Technology handoff Source: Alcatel-Lucent,

HRPD Network Load Balance ZTE grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material.

TSG-A WG3 Title: Possible solution for HRPD-LTE SON Source: Yuanfang Yu, Xiaowu Zhao, Ting Lu, Yonggang Fang Abstract: This contribution provides a possible.

ABSTRACT: This contribution proposes the HRPD-WiMAX handoff solution. TITLE: HRPD-WiMAX Handoff TSG-A WG4 RECOMMENDATION: Review and Adopt Samsung Electronics.

Supporting Local Breakout in HRPD Femto Peerapol Tinnakornsrisuphap Qualcomm Doug Knisely

August 25, 2008 Alcatel Lucent ABSTRACT: 1x System Reliability is important in the face of major events, such as an earthquake. There are several ways.

3GPP2 Network Evolution: UMB->HRPD Handoff October 16, 2007 Qualcomm Inc. Contact: Jun Wang Notice Contributors grant a free, irrevocable license to 3GPP2.

Qualcomm 0 Proposal for Unique Base Station (Sector) Identification Source: Peter GaalSuzanne Arcens QUALCOMM, Inc.QUALCOMM, Inc.

X xxx ZTE Discussion on cdma2000 Charging with PCC Title: Inter-RAT RAN information management protocol Stack Sources: NSN Contact: Scott Marin,

3GPP2 X xxx Title: Subscriber QoS Profile Support in eHRPD System Sources: China Telecom, ZTE Contact: CT: Peirong Li Wenyi.

Page 1 Notice © All rights reserved. Qualcomm Incorporated grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate.

Comment to Limited Idle Mode Nortel Networksgrants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable.

1 | Tunneling Method – Inter-tech. HO | August 2007 Title: A Tunneling Method for Inter-Technology Handoff Source: Mike Dolan, Alcatel-Lucent,

Mobile Sensing Measurement Report for supporting 1x Active Hand-in Peerapol Tinnakornsrisuphap Chirag Patel

August 2012 C2 – Company Confidential SOURCE: Jialin Zou, Satish Kanugovi, Orlett Pearson (Alcatel-Lucent)… satish.k

Jun Wang Anand Palanigounder Peerapol Tinnakornsrisuphap

EHRPD-LTE Inter Technology Spectrum Optimization Source: Qualcomm Incorporated Contact: Jun Wang/George Cherian September 9, 2013 Notice ©2013. All rights.

Tunneling Protocol Structures for UMB to HRPD Interworking Linhai He Peerapol Tinnakornsrisuphap

1 MAPSUP in eHRPD: Data forwarding Tunnel Sources: ZTE Contact: Bi YiFeng Rajesh Bhalla

X xx CT+ZTE PCC for cdma2000 MS Init Call Flows 1 1 Title: PCC for cdma2000 – MS-Init Call Flow Example Sources: CTC, ZTE Contact: CHINA TELECOM.

1 Title: Performance of Default Parameters for 1xEV-DO RTCMAC Source: Christopher Lott, QUALCOMM Incorporated , Date: Februrary.

80-VXXX-X A July 2008 Page 1 QUALCOMM Confidential and Proprietary PCC Support for cdma2000 QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota

1 PPP Free Operation Mobility Management January 16, 2006 Jun Wang, Pete Barany, Raymond Hsu Qualcomm Inc Notice: Contributors grant free, irrevocable.

Adding LTE-1x CSFB IOS specification in 3GPP2 Sources: China Telecom, Contact: Li Wenyi ABSTRACT: This contribution is to analyze the.

1 OMP for Dual Rx AT in LTE tunneled mode Contributors grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text.

Signaling Packet Routing for Layer 3 approach in UMB-HRPD/1x interworking KDDI Corporation, Tsunehiko Chiba, Osamu.

C August 19, 2003 Page 1 SMS Push Teleservice Nobuyuki Uchida QUALCOMM Incorporated Notice ©2003 QUALCOMM Incorporated. All rights reserved.QUALCOMM.

1 MSI (Multiple Service Instances) Ravindra Patwardhan QUALCOMM Incorporated Review and approve for D Notice QUALCOMM.

WLAN IW Enhancement for Multiple Authentications Support QUALCOMM Inc.: Raymond Hsu, QUALCOMM Inc.: Masa Shirota,

3GPP2 A r0 3GPP2 C xxxr0 TSG-A WG3 and TSG-C WG2 Title: M2M Congestion Control in the RAN Source: Mike Dolan Dave Rossetti Satish.

Clarifications on Work Split among TSG-X/A for 3GPP2 Network Evolution March 26, 2007 Airvana/Alcatel-Lucent/CTC/Fujitsu/ Hitachi/KDDI/NEC/Qualcomm/ZTE.

Inter-RAT Measurement Control Jungsoo Jung Samsung Electronics Samsung Electronics grants a free, irrevocable license to 3GPP2 and.

Source: Qualcomm Incorporated Contact: Jun Wang, George Cherian March 1, 2010 Page 1 3GPP2 Femtocell Phase II Femto Access Control Enhancement Notice ©

E-UTRAN - HRPD rev B Interworking

Presentation transcript:

July 21, 2008 Alcatel Lucent ABSTRACT: Proposed is key derivation for eHRPD RAN Handoff. RECOMMENDATION: Review and approve. Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above. Key Derivation for eHRPD Handoff 3GPP2 TSG-S WG4 3GPP2 TSG-X WG5 3GPP2 S r1 3GPP2 X xxx

All Rights Reserved © Alcatel-Lucent 2008, ##### 2 | eHRPD Keying | June 2008 Overview We propose to use the GKE protocol (C.S0067) as an Access Network Keying Mechanism to generate Air Interface Security Associations. We propose to pre-compute multiple Security Associations, and indicate from the RNC to the UE which specific Association to use with the Target BS. We also propose a minor enhancement to the GKE protocol for improved efficiency while generating multiple Access Network Security Associations.

All Rights Reserved © Alcatel-Lucent 2008, ##### 3 | eHRPD Keying | June 2008 GKE as it is today GKE requires the PMK key between the RNC and AT.  The PMK can be computed as the result of Access Authentication. RNC identifies each instance of GKE by a 3-bit SessionKeyIndex [i]  There could be up-to 8 valid instances pre-computed in advance. Each instance generates one Security Association SKey[i] - a set of (j=3) keys  SKey[i] = prf(PMK|PMK-length, ANNonce|ATNonce|Nonce-length, j, …)  One of generated keys is used for internal GKE purposes (MICKey[i]);  Other two keys are used for HRPD Ciphering and Message Integrity. Each instance requires bidirectional exchange of ANNonce & ATNonce.  E.q., to generate 8 sets of session keys, the GKE needs to be run 8 times. The RNC can indicate to the AT which Security Association to use with the target BS by sending the SessionKeyIndex [i] value.

All Rights Reserved © Alcatel-Lucent 2008, ##### 4 | eHRPD Keying | June 2008 Access Network Key Generation

All Rights Reserved © Alcatel-Lucent 2008, ##### 5 | eHRPD Keying | June 2008 Key Distribution with GKE to support BS HO.

All Rights Reserved © Alcatel-Lucent 2008, ##### 6 | eHRPD Keying | June 2008 Enhanced GKE Define the 4-bit SessionKeySubIndex [k] parameter, default = 1  The 4 MSBits of the Reserved field in the KeyRequest Message (C.S0067 Sec ) represent the [k-1] value.  Define NGKEPSessionKeyLen = NGKEPSessionKeyLen x (k), where k is simply a multiplier of the total length of computed key material  Resulting (k) x 384-bit keys will be generated in one GKE run (Sec ) Treat each 384-bit portion as SKey[i] associated with SessionKeySubIndex [k].  i.e. SKey[2,4] represents the 384-bit portion #4 of the SKey(2)  Note: Only the MICKey[i,1] is used for internal GKE signing. To enforce the use of specific SKey[i,k], the access network creates and includes the InUseSessionKeyIndex attribute in an AttributeUpdateRequest message sent on the Control Channel.  The Most Significant Nibble of the InUseSessionKeyIndex (Sec. 1.7) is set = [k-1], thus identifying which particular portion of the SKey[i] is to be used.

All Rights Reserved © Alcatel-Lucent 2008, ##### 7 | eHRPD Keying | June 2008 Key Distribution with Enhanced GKE to support BS HO.

All Rights Reserved © Alcatel-Lucent 2008, ##### 8 | eHRPD Keying | June 2008 Summary of the GKE Enhancement RNC-specific PMK is generated by the HSGW and is sent to the RNC. RNC and UE execute the GKE, and generate key material of required length. Each 384-bit portion of the generated key material is uniquely indexed. RNC informs the UE which Key Index to use with the Base Station. To change the Security Association either with current Serving Base Station or with next Target Base Station, the RNC tells the UE which index to use.  Up-to 16 Security Associations can be generated with 1 run of GKE, or up-to 128 Security Associations can be pre-computed and simultaneously co-exist.  Any of these Security Associations can be invoked for refresh of handoff.  Once the Security Association is revoked, it is purged. When RNC and UE run out of pre-computed keys, another GKE is executed.

All Rights Reserved © Alcatel-Lucent 2008, ##### 9 | eHRPD Keying | June 2008 Intra-HSGW Inter-RNC Active Handoff

All Rights Reserved © Alcatel-Lucent 2008, ##### 10 | eHRPD Keying | June 2008 Intra-HSGW Inter-RNC Active Handoff Summary AT requests the HO to a T-BS in another AN (T-RNC) served by the same HSGW S-RNC Transfers remaining unused Key Sets to the T-RNC using A16 signaling. T-RNC selects an available Key Set and sends it to the T-BS. T-RNC sends the Index of the selected Key Set to the S-RNC, which is forwarded through the S-BS to the AT. AT accesses the T-BS in a secure mode using prescribed Key Set. The T-RNC receives the AN-specific PMK from the HSGW in the A11 RRP. When buffer of available Key Sets in the T-RNC is depleted, T-RNC executes a new GKE with AT to replenish the buffer.

All Rights Reserved © Alcatel-Lucent 2008, ##### 11 | eHRPD Keying | June 2008 Intra-HSGW Inter-RNC Idle Handoff

All Rights Reserved © Alcatel-Lucent 2008, ##### 12 | eHRPD Keying | June 2008 Intra-HSGW Inter-RNC Idle Handoff Summary AT exits the Idle mode accessing T-BS in another AN (T-RNC) served by the same HSGW  AT uses and identifies the Key Set used with S-BS before entering Idle. T-RNC requests the Session Transfer from S-RNC using A13 Signaling. S-RNC Transfers the Current KeyInUse and remaining unused Key Sets to the T-RNC using A13 signaling. T-RNC validates the AT access using the reported KeyInUse. T-RNC selects an available Key Set and sends it to the T-BS and to the AT. AT accesses the T-BS in a secure mode using prescribed Key Set. The T-RNC receives the AN-specific PMK from the HSGW in the A11 RRP. When buffer of available Key Sets in the T-RNC is depleted, T-RNC executes a new GKE with AT to replenish the buffer.

All Rights Reserved © Alcatel-Lucent 2008, ##### 13 | eHRPD Keying | June 2008 Inter-HSGW Handoff (Active Handoff example)

All Rights Reserved © Alcatel-Lucent 2008, ##### 14 | eHRPD Keying | June 2008 Inter-HSGW Active Handoff The AT informs S-AN of a decision to HO to T-AN, associated with T-HSGW. S-RNC transfers the Session to T-RNC using A16 Signaling, including remaining unused Key Sets. T-RNC selects an available Key Set and sends it to the T-BS and to the AT.  AT will use the prescribed Key Set to secure data for the T-BS. The T-RNC informs the T-HSGW of the new session. T-HSGW receives the Session information context from S-HSGW Once A10 is established, the T-HSGW executes new EAP-AKA with AT, derives the new PMK for the T-RNC, and sends it to T-RNC in the A11 RRP. When buffer of available Key Sets in the T-RNC is depleted, T-RNC executes a new GKE with AT, using the new PMK, to replenish the buffer.

All Rights Reserved © Alcatel-Lucent 2008, ##### 15 | eHRPD Keying | June 2008 Inter-HSGW Idle Handoff The AT exits the Idle mode accessing T-AN (T-RNC) served by the T-HSGW.  AT uses and identifies the Key Set used with S-BS before entering Idle. T-RNC requests the Session Transfer from S-RNC using A13 Signaling.  S-RNC returns the Current KeyInUse and remaining unused Key Sets. T-RNC validates the AT access using the reported KeyInUse. T-RNC selects an available Key Set and sends it to the T-BS and to the AT.  AT will use the prescribed Key Set to secure data for the T-BS. The T-RNC informs the T-HSGW of the new session. T-HSGW receives the Session information context from S-HSGW Once A10 is established, the T-HSGW executes new EAP-AKA with AT, derives the new PMK for the T-RNC, and sends it to T-RNC in the A11 RRP. When buffer of available Key Sets in the T-RNC is depleted, T-RNC executes a new GKE with AT, using the new PMK, to replenish the buffer.

All Rights Reserved © Alcatel-Lucent 2008, ##### 16 | eHRPD Keying | June 2008 Summary We propose to use the Enhanced GKE protocol to generate multiple sets of Security Keys between the AT and Serving AN, using currently valid PMK.  The Serving AN informs the AT which pre-computed Key Set to use. When session is transferred to another AN, remaining unused Key Sets are transferred with session context, and can be selected by T-AN to secure data. As Key Sets are depleted, they are replenished by executing the GKE again. After the session is transferred to another HSGW, the new EAP-AKA is executed, and new PMK is created. This new PMK will be used when next GKE is executed.