1/19 BCMCS Support In IS-820-C (Stage 2) Lijun Zhao QUALCOMM [email protected] 1-858-651-9420 July...
-
Upload
allan-logan -
Category
Documents
-
view
212 -
download
0
Transcript of 1/19 BCMCS Support In IS-820-C (Stage 2) Lijun Zhao QUALCOMM [email protected] 1-858-651-9420 July...
2/19
Copyright
Notice©2004 QUALCOMM Incorporated. All rights reserved.QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Qualcomm Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by Qualcomm Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on Qualcomm Incorporated. Qualcomm Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of Qualcomm Incorporated other than provided in the copyright statement above.Qualcomm Incorporated may hold one or more patents or copyrights that cover information contained in this contribution. A license will be made available to applicants under reasonable terms and conditions that are demonstrably free of any unfair discrimination. Qualcomm Incorporated reserves the right to use all material submitted in this contribution for its own purposes, including republication and distribution to others.
3/19
BCMCS Status Overview
Current status:
X.P0022 V0.1.0 (TSG-X BCMCS) and S.P0083 V1.2 (TSG-S BCMCS security framework) are currently in very stable shape, V&V now, will be published soon.
C.S0054 (HRPD BCMCS) and IS-2000-D (BCMCS feature included) have been published.
TSG-A IOS A.S0019 is in V&V, will be published in July-August
In order to support end-to-end BCMCS, RUIM is lagging behind.
Objective:
• To support BCMCS service in RUIM standard for cdma2000 and cdma2000 HRPD network
4/19
Overview of KEYS
• Registration/Root Key: RK
• Broadcast Access Key: BAK
– Should be delivered to R-UIM, not divulged to ME
• Short term Key: SK
– Should be derived in R-UIM from BAK and delivered to ME
• TK: Derived from RK, used to encrypt/decrypt BAK
• Authentication-Key: Auth-Key
– Derived from RK, used to generate digest response
5/19
Key Management
• RUIM is provisioned with RK
• RUIM derives TK from RK and TK_RAND using SHA-1 (f0)
• RUIM uses TK to decrypt BAK, BAK is stored in RUIM but ME can not access to it
• RUIM derives SK from BAK and SK_RAND using SHA-1 (f3) and then passes SK to ME
• RUIM generates Auth_Key for authentication of BCMCS Information Acquisition
• RUIM generates authorization signature from BAK and timestamp by using EHMAC algorithm (BAK Hash)
• RUIM generates SRTP session Encryption Key using AES
6/19
Encryption
• SK provides Link Layer Encryption:
RUIM generates SK from BAK and SK_RAND
• SRTP provides Higher Layer Encryption:
RUIM generates SRTP Session Encryption Key from BAK, SK_RAND and Packet Index
7/19
RUIM Vs. ME in terms of BCMCS
8/19
Responsibility of RUIM • Generate TK from RK and decrypt BAK by using TK• Compute SK and pass it to ME • Store Registration Key, BAK, BCMCS_Flow_ID, BAK_ID and BAK_ Expire, • Generate Auth-Key from RK and calculate digest response• Generate SRTP session Encryption Key using AES• Generate authorization signature from BAK and timestamp
by using EHMAC algorithm (BAK Hash)
9/19
Responsibility of ME
• Use SK to decrypt BCMCS content
• Determine whether to issue RetrieveSK command by checking BAK_ID and SK_RAND
• Initiate BAK Request and then issue update BAK command
• Can store BCMCS_FLOW_ID, BAK_ID, BAK_EXPIRE, SK and SK_RAND
• Determine the expiry of BAK and send delete BAK command
10/19
New UIM EFs/Hidden Files
EFs:
• BAK_Para: Linear Fixed
{BCMCS_Flow_ID,BAK_ID,BAK_Expire}
• UpdatedBAK_Para: Cyclic EF
{BCMCS_Flow_ID,BAK_ID, BAK_Expire}
HFs (Hidden File):
• BAK: currently used
• UpdatedBAK
11/19
ACCESS CONDITIONS
BAK_Para
UpdatedBAK_Para
READ CHV1
UPDATE ADM
INVALIDATE ADM
REHABILITATE ADM
12/19
RUIM Computation
• Generate SK
• Generate TK
• Decrypt BAK using TK
• Generate Auth_Key
• Calculate digest response
• Generate SRTP session encryption key
• Generate authorization signature
13/19
New Commands/Responses
• Retrieve SK
Command Parameters: Number of parameters: BCMCS_Flow_ID, BAK_ID, SK_RAND
Response Parameters: Number of parameters: BCMCS_Flow_ID, SK
• ManagementOperation
Command Parameters: OP_ID, OP_Body
Response Parameters: OK, etc
• Retrieve SRTP SK
Command Parameters: BAK_ID, SK_RAND, Packet Index
Response Parameters: SRTP SK
14/19
New Commands/Responses(Cont’)
• Generate Authorization Signature
Command Parameters: BCMCS_Flow_ID, BAK_ID, Time Stamp
Response Parameters: Auth Signature
• BCMCS Authentication
Command Parameters: RAND, Challenge
Response Parameters: response
15/19
Retrieve SK
Upon receipt of Encrypted Content IP packet flow from CE:
If
BCMCS_Flow_ID and BAK_ID are found in EF(BAK_Para), use the corresponding BAK from HF(BAK) to generate SK.
Otherwise
If the ID pair matches any record in EF(UpdatedBAK_Para), copy the 3 parameters into the EF(BAK_Para), copy the corresponding BAK from HF(UpdatedBAK) to HF(BAK) and use this BAK to generate SK.
Otherwise,
Return an error status word
16/19
BAK Management
• Update BAK:
– To create a new entry in EF(UpdatedBAK_Para) and put the decrypted BAK into a record in HF(UpdatedBAK) appropriately (one-to-one mapping)
– OP_Body: BCMCS_Flow_ID, BAK_ID, BAK_Expire, [BAK], TK_RAND
• Delete BAK:
- To delete record in HF(UpdatedBAK) and EF(UpdatedBAK_Para)
- OP_Body: BCMCS_Flow_ID, BAK_ID
17/19
Service Table
• Add BCMCS service entry in CDMA Service Table.
18/19
BCMCS Exchange Flow
RUIM ME Network
ManageOperation(Update BAK)
BAK Update
OK
Auth Signature
BAK RequestBCMCS
Auth(Challenge,TimeStamp)
Response
BAK Request w/digestresponse
BCMCS HTTP 401
Retrieve (SRTP)SK
(SRTP)SK
Generate AuthorizationSignature
[Content Flow]
Registration Message
19/19
Further Stage 3 Work
• Define details of EFs/HFs, and Command/Responses
• Write the requirements/procedures