1. Jan 2014 Tero Kivinen, INSIDE Secure
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Submission Title: Security PIB Differences
Date Submitted: 17 May, 2012
Source: Tero Kivinen, Company: INSIDE Secure
Address: Eerikinkatu 28, FI Helsinki, Finland
Voice: , FAX: ,
Re: Security PIB Differences
Abstract: Pictures describing the changes between 2006 and 2011 security PIB
Purpose: How to fix the security in the 2006 and 2011
Notice: This document has been prepared to assist the IEEE P It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P
Tero Kivinen, INSIDE Secure

2. Tero Kivinen Los Angeles, CA January 22, 2014
Security PIB Differences between 2006 and 2011, and problem in macFrameCounter
Tero Kivinen
Los Angeles, CA
January 22, 2014
Tero Kivinen, INSIDE Secure

3. Security PIB differences between 2006 and 2011
Jan 2014
Security PIB differences between 2006 and 2011
Number of Items
In 2006 there is List of items and counter for the items (macKeyTableEntries, macDeviceTable Entries etc)
In 2011 there is just Sets or Lists no counts
Added fields in 2011
SecurityLevelDescriptor has AllowedSecurityLevels field
Tero Kivinen, INSIDE Secure

4. KeyDescriptors KeyIdLookupDescriptor is very different
Jan 2014
KeyDescriptors
KeyIdLookupDescriptor is very different
2006 has only LookupData and Size
2011 has expanded fields:
KeyIdMode, KeySource, KeyIndex, DeviceAddrMode, DevicePANId, DeviceAddress
KeyDeviceList removed in 2011
In 2006 it had UniqueDevice, BlackListed
DeviceDescriptorHandle was moved to KeyDescriptors level
Tero Kivinen, INSIDE Secure

5. Jan 2014
2006 MAC PIB
Tero Kivinen, INSIDE Secure

6. Jan 2014
2011 MAC PIB
Tero Kivinen, INSIDE Secure

7. Both have problems macFrameCounter is global to device
Jan 2014
Both have problems
macFrameCounter is global to device
FrameCounter is per remote peer
Tero Kivinen, INSIDE Secure

8. macFrameCounter This is global to device
Jan 2014
macFrameCounter
This is global to device
This is used when sending packets out
I.e regardless who the device sends packet to or what key is used the counter is incremented.
When this reaches 0xffffffff the device needs to rekey all keys
Makes using more than one key per device almost useless
You cannot for example create multiple keys at once and start using next one when first one needs to be rekeyed.
You cannot create separate key for device where you are sending lots of data.
Cannot create low volume broadcast key for broadcasts and high volume unicast key for the peer sending lots of data
Tero Kivinen, INSIDE Secure

9. FrameCounter This is per remote peer
Jan 2014
FrameCounter
This is per remote peer
Identified by PANId, ShortAddress, ExtAddress
This is used to check the replay attacks, i.e. if incoming FrameCounter from the device is smaller than this it is dropped.
This makes it useless to have multiple keys between same peers
Tero Kivinen, INSIDE Secure

10. What should be done macFrameCounter needs to be per key:
Jan 2014
What should be done
macFrameCounter needs to be per key:
should be moved to the KeyDescriptors table.
It should be incremented every time key is used.
FrameCounter needs to be per key and per remote peer.
DeviceDescriptors table should also have keyIndex if KeyIdMode is not 0x00.
Tero Kivinen, INSIDE Secure

11. Why this was not problem earlier
Jan 2014
Why this was not problem earlier
Only problem if you are using multiple keys between peers, i.e. have KeyIdMode that is not 0x00, and you have multiple KeyIndex values between peers.
Might be bigger problem when bigger networks want to use multiple keys and do not want to rekey all of them at the same time
Tero Kivinen, INSIDE Secure