22080163220000meetingminutesofthesecurityadhocgroupin80222Word文件下载.docx

22080163220000meetingminutesofthesecurityadhocgroupin80222Word文件下载.docx

《22080163220000meetingminutesofthesecurityadhocgroupin80222Word文件下载.docx》由会员分享，可在线阅读，更多相关《22080163220000meetingminutesofthesecurityadhocgroupin80222Word文件下载.docx（46页珍藏版）》请在冰豆网上搜索。

Address

Phone

email

ApurvaMody

BAESystems

P.O.Box868,MER15-2350,Nashua,NH03061-0868

603-885-2621

404-819-0314

apurva.mody@,

apurva_mody@

RangaReddy

USArmy（CERDEC）

FtMonmouth,NJ

-

Ranga.reddy@us.army.mil

TomKiernan

Thomas.kiernan@us.army.mil

Abstract

ThisdocumentprovidestheminutesoftheSecurityAd-Hocconferencecallsheldon,

Year2008-June6th,June13th,June20th,June27th,July11th,August11th,August18th,August25th,September29th,October6th,October20th,October30th,November3rd,December1st,December8th,December15th

Year2009-February16th,Feb.23rd,April6th,April13thandApril20th,June8th,June15th,June22nd,June29th,July6th.

Notice:

ThisdocumenthasbeenpreparedtoassistIEEE802.22.Itisofferedasabasisfordiscussionandisnotbindingonthecontributingindividual（s）ororganization（s）.Thematerialinthisdocumentissubjecttochangeinformandcontentafterfurtherstudy.Thecontributor（s）reserve（s）therighttoadd,amendorwithdrawmaterialcontainedherein.

Release:

Thecontributorgrantsafree,irrevocablelicensetotheIEEEtoincorporatematerialcontainedinthiscontribution,andanymodificationsthereof,inthecreationofanIEEEStandardspublication;

tocopyrightintheIEEE’snameanyIEEEStandardspublicationeventhoughitmayincludeportionsofthiscontribution;

andattheIEEE’ssolediscretiontopermitotherstoreproduceinwholeorinparttheresultingIEEEStandardspublication.ThecontributoralsoacknowledgesandacceptsthatthiscontributionmaybemadepublicbyIEEE802.22.

PatentPolicyandProcedures:

ThecontributorisfamiliarwiththeIEEE802PatentPolicyandProcedures

<

http:

//standards.ieee.org/guides/bylaws/sb-bylaws.pdf>

includingthestatement"

IEEEstandardsmayincludetheknownuseofpatent（s）,includingpatentapplications,providedtheIEEEreceivesassurancefromthepatentholderorapplicantwithrespecttopatentsessentialforcompliancewithbothmandatoryandoptionalportionsofthestandard."

EarlydisclosuretotheWorkingGroupofpatentinformationthatmightberelevanttothestandardisessentialtoreducethepossibilityfordelaysinthedevelopmentprocessandincreasethelikelihoodthatthedraftpublicationwillbeapprovedforpublication.PleasenotifytheChair<

CarlR.Stevenson>

asearlyaspossible,inwrittenorelectronicform,ifpatentedtechnology（ortechnologyunderpatentapplication）mightbeincorporatedintoadraftstandardbeingdevelopedwithintheIEEE802.22WorkingGroup.Ifyouhavequestions,contacttheIEEEPatentCommitteeAdministratorat<

patcom@ieee.org>

.

1.June6th2008–SecurityAd-HocConferenceCallMeetingMinutes

1.Attendance

ApurvaMody–BAESystems

GeraldChouinard-CRC

RangaReddy–USArmy

Prof.TimBrown-UnivofColorado,Boulder

BobWalzer–BAESystems

AmitaSethi-UnivofColorado,Boulder

2.1Agenda

∙Attendance

∙ChairaskedifeveryoneattendingwasfamiliarwiththeIEEEpatentpolicy–NooneseemedtobeunfamiliarwiththeIEEEPatentPolicy

ohttp:

//standards.ieee.org/board/pat/pat-slideset.pdf

∙ScopeandtheWorkplanfortheSecurityAd-HocGroup–https:

//mentor.ieee.org/802.22/file/08/22-08-0159-00-0000-scope-agenda-workplan-and-timeline-for-the-security-ad-hoc-in-802-22.doc

∙PresentationonthePRMandSecurityEnhancementsin802.22–802.22ThreatAnalysis

https:

//mentor.ieee.org/802.22/file/08/22-08-0083-03-0000-security-and-prm-enhancements-in-80222-v3.ppt

∙Newbusiness

MinutesandDiscussions

∙TheScopeoftheSecurityAd-Hocin802.22andtheWorkplanascontainedinDocument159-https:

//mentor.ieee.org/802.22/file/08/22-08-0159-00-0000-scope-agenda-workplan-and-timeline-for-the-security-ad-hoc-in-802-22.docwasdiscussed.TheScopeandtheWorkplanwasagreeduponbytheteleconferenceparticipants

Presentationonthe802.22ThreatAnalysiswasmadewhichincludedsuggestedenhancementstotheProtocolReferenceModelaswellastheSecurityin802.22–Thepresentationislocatedat-https:

∙Thereweremanydiscussionsonthepresentation.Mostpeopleagreedthatduetothespecializedanduniquenatureof802.22systems（Cognitive+LongRange）,enhancedsecurityfeaturesareneeded.

∙ThesesecurityfeaturesfortheData/ControlandtheManagementPlanesincludeDataintegrity,Identification,Authentication,Authorization,Confidentiality/Privacy,Non-repudiation,

∙ThesecurityfeaturesfortheCognitivePlaneincludeAuthenticationandAvailability,Authorization,ConfidentialityandPrivacy.

∙ForRegularaswellasCognitiveFunctionality,thethreatmodelwaspresented.

∙Prof.TimBrownsaidthat802.16e-2005standard,whichislikelytobethebaselinestandardfordata/controlandmanagementplaneSecurityfeaturesin802.22isnotenough.Healongwithhisstudentshavecarriedoutextensiveworkonpotentialvulnerabilitiesin802.16e-2005,especiallyduringthestart-upandinitializationprocess.Hesuggestedthatalongwiththeftofinformation,selectivetargetedjammingisamajorconcern.TheChairspointedtothelastsectionofthepresentation（Doc83,Rev3）whichraisedthisissueaswell.GeraldChouinardandWinstonCaldwellsuggestedthatduetotheuniquenatureof802.22weshouldtrytoaddressboththeftofinformationandselectivejammingineithernormativeorinformativetext.ChrisClantonagreed.

∙Thethreatsforcognitivefunctionalitywerepresented.TheyincludedIncumbentre-playattacks,Incumbentghosting,Geolocationfalsification,Co-existence（CBPPacket）falsification,IncumbentDenialofService（DoS）,WRANDoS,Spuriousquietperiodtransmission,Spurioustransmissionasaresultofhardwaredefectsandaging,Spectrummanagermisconfigurationortampering.

∙Thegroupagreedthatthesewereindeedveryvalidthreatsandneededtobeaddressed.GeraldChouinardpointedoutthatlikelihoodofIncumbentghostingwashigherthatwhatwasshowninthepresentation

∙Prof.TimBrownpointedtotheMastersThesisworkcarriedoutbyhisstudentonDoSThreatstoCognitiveRadios.Hesaidthatthereweremorethreatspossiblethanwhatwasshowninthepresentation.

∙Prof.TimBrownsaidthatinnewerversionsoftheCDMAsystems,ifadeviceisoutofspec.thenitisaskedtoshutdownbytheBaseStation.Similarapproachcanbefollowedin802.22.TheChairspointedoutthatthisneedstobecarriedoutforspurioustransmissionsinquietperiodsaswellasspurioustransmissionsduetohardwaredefectsoraging.Thismayalsoneedanoptionaluseofaterrestrialgeolocationsystemtotriangulatethemaliciousdevice.

∙TheChairssuggestedthattheywillbeformulatingtheTableofContentsfortheupcomingconferencecallsandseekforcontributions.

2.June13th2008–SecurityAd-HocConferenceCallMeetingMinutes

ShukriWakid–BAESystems

ChrisClanton–Shure

RangaReddy–USArmy

TimBrown–Univ.ofColorado

GeraldChouinard–CRC

AmitaSethi-

∙DiscusssiononTableofContentsforSection7.Thereferencedocumentfortheproposedtextcanbefoundat

//mentor.ieee.org/802.22/file/08/22-08-0165-00-0000-table-of-content-for-the-security-section-in-802-22.doc

∙RefereenceDocument-ScopeandtheWorkplanfortheSecurityAd-HocGroup–https:

∙ReferenceDocument-PresentationonthePRMandSecurityEnhancementsin802.22–802.22ThreatAnalysis

//mentor.ieee.org/802.22/file/08/22-08-0083-04-0000-security-and-prm-enhancements-in-80222-v3.ppt

∙RangaReddyandApurvaModypresentedtheproposedtextfortheTableofContentsinSection7ascontainedintheDocumenthttps:

∙GeraldChouinardhadsomequestionsonthearrangementsoftheTableofContent.Thequestionswereclarified.

∙AfterthatthereweresomefurtherdiscussionsontheThreatModelfor802.22aspresentedinDocument

∙ChrisClantonaskedifthethreatfromincumbentspoofingandreplayattackswasthesameforDTVaswellasMicrophone–ThegeneralfeelingwasthatifTG1beaconwasusedthentheriskfromthisspecificthreatwouldbeloweredduetothesecurityfeaturescontainedinthebeaconingmechanism.

∙GeraldChouinardaskediftheSecuritySublayer3intheproposedPRMascontainedinDocument83,Rev4hadanyotherfunctionbesidesauthenticatingtheTG1beacon.ApurvaModyansweredthatitsfunctionalityandsecuritymechanismsneedtobedefinedbasedondiscussionswithintheSecurityAd-Hocgroup

∙GeraldChouinardhadsomequestionsonhowCPESpursandDTVreplayattackscouldbehandledusingtheSecuritySublayeraswasshowninthePresentationDocument83.HesuggestedthattheintelligenceondecisionmakingshouldresideintheBaseStationonly.ApurvaModysaidthatifCPEsaresemi-autonomousasweares