Embed Size (px)
DESCRIPTION
3 Accounting/Billing on BCMCS Viewers Free-access services – –MS does not need to subscribe to the service. – –No end-to-end encryption is necessary to protect the service. – –No accounting is needed to track the usage (e.g. airtime and volume) per Mobile Station (MS). – –Revenue is generated from advertisement. Controlled-access services – –MS needs to subscribe to the service. – –End-to-end encryption is required to prevent unauthorized access. – –Flat fee (e.g. monthly paid subscription). » »No accounting is needed to track the usage per MS. – –Pay per view. » »Controlled by the key lifetime Note: Usage-based fee can not be done securely.
Citation preview
1
BCMCS Framework
Jun Wang, Philip Hawkes, Raymond Hsu, Paul Bender
Sept. 12, 2002
NoticeQUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.
2
Billing/Accounting Model
• Billing on BCMCS viewers/subscribers• Billing on BCMCS Originators/Content Provider• Billing on both BCMCS viewers/subscribers and BCMCS
Originators/Content Provider• Model 1:
– Subscribers pay bills to Service Provider – Service Provider pay bills to Content Provider per business agreement
• Model 2:– Subscribers pay bills to Content Provider– Content Provider pay bills to Service Provider per business agreement
• Model 3:– No Charges to Subscribers – Content Provider pay bills to Service Provider per business agreement
3
Accounting/Billing on BCMCS Viewers
• Free-access services– MS does not need to subscribe to the service.– No end-to-end encryption is necessary to protect the service.– No accounting is needed to track the usage (e.g. airtime and volume) per Mobile
Station (MS).– Revenue is generated from advertisement.
• Controlled-access services– MS needs to subscribe to the service.– End-to-end encryption is required to prevent unauthorized access.– Flat fee (e.g. monthly paid subscription).
» No accounting is needed to track the usage per MS.– Pay per view.
» Controlled by the key lifetime
Note: Usage-based fee can not be done securely.
4
Accounting/Billing on BCMCS Viewers (cont.)
• Hybrid service of free access and controlled access.– The service is encrypted for subscribers, but there can be unencrypted
advertisements to entice viewers to subscribe.
• Hybrid billing of flat fee and pay per view.– User pays for a flat fee and may pay additionally based on per view.
5
Accounting/Billing on BCMCS Originator
• 3GPP2 stage-1 broadcast/multicast document requires accounting/billing on the BCMCS originator.
– BCMCS volume (e.g. bytes, packets)– BCMCS areas (e.g. Cell ID)– BCMCS time-of-day
• The accounting protocols can be enhanced to support the above requirements.– RAN tracks accounting records on BCMCS areas and time-of-day.– PDSN tracks BCMCS volume.– PDSN receives BCMCS accounting record from RAN via A11.– PDSN includes volume information to the accounting record and sends it to the AAA
server using RADIUS.
6
BCMCS Key Hierarchy• Every short-term period (e.g. minutes), a Short-term Key (SK) is generated to
encrypt/decrypt the BCMCS contents. – IP Layer Encryption is used: SK is generated by Content Server.
» CS generates SK by using BAK and a Security Parameter Index (SPI) value generated randomly.
» CS sends IPSec packets with payloads encrypted by SK. The IPSec packet carries the SPI value associated with that SK. Encapsulating Security Payload (ESP) transport mode is recommended.
» If the MS doesn’t have the SK to decrypt the IPSec packet, the UIM generates a new SK by using BAK and the SPI value in the IPSec packet.
– If Link Layer Encryption is used: SK is generated by the BSC.» BSC sends encrypted SK using BAK to the UIM using the signaling channel.
• Every long-term period (e.g. program duration), the content provider and a group of users subscribed to the same service establish a common security association called BCMCS Access Key (BAK).
• Temporary Key (TK), derived from RK, is sent from the Subscription Server to the Serving System so that TK can be used for encrypting BAK.
• Each subscriber and the Subscription Server (SS) providing the service agree to a root security association called Registration Key (RK).
7
Why BCMCS Key Hierarchy Needed
• SK needs to be sent to the ME to decrypt the content real time.• ME is not secure to have BAK since it is a long-term key.• BAK is only known to UIM in the MS side.• TKs are needed to avoid multiple transactions between the
serving system and home system/Subscription Server.
8
BCMCS Architecture(Key Management by Service Provider and Content Subscriber
owned by the service provider)
PDSNBSC/PCF
Broadcast Channel
MS
BCMCSContentServer
UIM
Local Service provider Home Service Provider
Control
Bearer Path
B2
B1
Content Provider
BCMCS Control
AAA
9
• AAA:– Provide BCMCS service subscriptions to subscribers– Establish Registration Key (RK) (subscription) (see slide 12)– Generate Temporary Key (TK) for encryption of Broadcast Access Key (BAK),
which in turn is used to encrypt SK, the Short-term Key, that encrypts the broadcast content
– Accounting to the BCMCS Originator– Authorization of BCMCS
• BCMCS Control:– Generate BAK for BCMCS– Encrypt BAK using TK– Download encrypted BAK to UIM via PDSN– Create the following association for flexible BCMCS_ID local assignment
(Content Provider ID, Content ID) (universal), BCMCS_ID (non-universal) (Multicast IP address, Port number) (non-universal)
– Informs BCMCS Content Flow Treatment– Informs encryption at which layer (Link Layer or IP Layer)– informs transport and application protocol– If link layer encryption is used:
Deliver BAK to RAN (BSC) for encrypting SK Request BSC to generate SK(s) for specific life time
Functions of Each Entity
10
Functions of Each Entity (cont.)
• BCMCS Content Server:– Provide BCMCS content– If IP Layer Encryption is used:
» Generating SK by using BAK and a Security Parameter Index (SPI) value
• BSC/PCF:– Registration for BCMCS– Determine whether transmitting BCMCS content on radio link– If Link Layer Encryption is used:
» Generating SK» Encrypt SK with BAK and deliver it to UIM
• PDSN:– Deliver the broadcast content to the MS– Accounting info
11
Functions of New Interfaces
• B1 Interface (BCMCS Control - BSC/PCF )– Download of association between BCMCS_ID and (Multicast IP address, Port number) to
BSC– Download flow treatment to the BSC– If Link Layer Encryption is used:
» Deliver BAK to BSC for encrypting SK» Send SK life time to BSC
• B2 Interface (BCMCS Control – MS):– Download the encrypted BAK to UIM via PDSN– Download the association of BCMCS_ID, (Multicast IP address, Port number), and
(Content Provider ID, Content ID) to the MS– Download transport and application protocol– Download flow treatment to the MS
» Header Compression algorithm– Download layer encryption information
• Interface between BCMCS Control and BCMCS Content Server– Beyond the scope of the standard– Indicate whether IP Layer Encryption, Link Layer Encryption, or no encryption– If IP Layer Encryption is used, send BAK to BAMCS Content Server
12
RK Establishment
• The A-Key can be used for RK because the keys are controlled and distributed by the service provider
• The A-Key is also securely downloaded in AAA. • Current A-Key Exchange Procedures will be used
13
BCMCS Activation (BAK Download)
HAAAPDSN
Request for BCMCS (SUB ID, ContentProvider ID, Content ID)
BCMCS_ID, BAK_ID, BAK Life Time, TK_RAND, E(BAK), BAK_RAND, BAK_AUTH, Association of {BCMCS_ID, (ContentProvider ID, Content ID) and (Multicast IP Address, port number)}, Flow Treatment, Transport/Application Protocol
Request TK for encryption of BAK(SUB ID, Content Provider ID, Content ID)
SUB ID, Subscriptions Info, Pairs of [TK_RAND, TK], Content Provider ID, Content ID
a
b
e
BCMCS_ID, BAK_ID, BAK Life Time, TK_RAND, E(BAK), BAK_RAND,BAK_AUTH
d
f
BSC/PCF BCMCS ControlMSUIM
Authorization c
14
BCMCS Activation (BAK Download)
• Occurs when the MS requests it.• For free-access services, the MS will get information of
Transport and Application Protocol, Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID)
• For controlled-access services: > The MS will get information of Transport and Application
Protocol and Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID)
> BAK Download> There is BAK life time associated with each BAK> Each BCMCS program identified by Content ID has its own BAK> BAK is only known by Local BCMCS Control and UIM> TK is known by HAAA and Local BCMCS Control
15
BCMCS Activation (BAK Download) Procedures
• Step a: Upon the user subscribes the BCMCS service or upon the BAK lifetime expires, the UIM requests for BCMCS/BAK download and the MS passes the request to the Local BCMCS Control.
• Step b: If the BCMCS is controlled access, the Local BCMCS Control sends Temporary Key Request to the AAA. If the BCMCS requested is free-access, go to Step e directly.
• Step c: The AAA will authorize the user.• Step d: If the user is authorized, the HAAA generates TK_RAND
and then calculate TK with the input of A Key and TK_RAND by using a function [TK= f(TK_RAND, A Key)]. It can generates several pairs for future usage so that the transactions between the HAAA and BCMCS Control is not always needed for the corresponding service.
16
BAK Download Procedures (cont.)
• Step e: For controlled- access service, the Local BCMCS Control generates a BAK and encrypts it with one of TKs. It also generates BAK_RAND and then calculate BAK_AUTH with the input of BAK and BAK_RAND by using a function [BAK_AUTH= f(BAK_RAND, BAK)]. Then the Local BCMCS Control sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM via the MS. For both controlled-access and free-access services, the BCMCS Control sends an association of {BCMCS_ID, (Multicast IP address, Port), and (Content Provider ID, Content ID)}, Transport and Application Protocol and flow treatment to the MS.
• Step f: The MS passes the encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM. The UIM calculates TK with the input of TK_RAND and its owned stored A Key and then decrypts BAK by using the TK. And then it calculates its own BAK_AUTH with input of BAK and BAK_RAND. It compares its calculated BAK_AUTH with the received BAK_AUTH. If it is not matched, it will start from step a again.
17
BCMCS Architecture (Key Management by the Content Provider)
PDSNBSC/PCF
Broadcast Channel
MS
BCMCSContentProvider
UIM
Local Service Provider Home Service Provider Content ProviderControl
Bearer Path
Local Service Provider
Local BCMCS Content Provider
B3
B5
B1
B4BCMCS Security Manager
B2
Local BCMCS Control
BCMCSSubscription
Server
AAA
18
Home System Functions• Home AAA:
– Establish Registration Key (RK)– Deliver RK to UIM and BCMCS Subscription Server– Accounting info to BCMCS Originator
• BCMCS Subscription Server:– Provide BCMCS service subscriptions to subscribers– Billing info for BCMCS– Request AAA for Registration Key (RK) establishment in UIM– Generate Temporary Key (TK) for encryption of Broadcast Access
Key (BAK), which in turn is used to encrypt SK, the Short-term Key, that encrypts the broadcast content
19
Local Functions• Local BCMCS Security Manager:
– Generate BAK for BCMCS– Encryption of BAK by using TK– Download encrypted BAK to UIM via Local BCMCS Control and PDSN– Informs encryption at which layer (Link Layer or IP Layer)– If link layer encryption is used:
Deliver BAK to RAN (BSC) for encrypting SK via Local BCMCS Control Determine SK life time and send it to Local BSMCS Control
• Local BCMCS Control:– Pass BAK to BSC– Request BSC to generate SK(s) for the life time specified by Local BCMCS
Security Manager– Create the following association for flexible BCMCS_ID local assignment
(Content Provider ID, Content ID) (universal), BCMCS_ID (non-universal), (Multicast IP address, Port number) (non-universal)
– Informs transport and application protocol– Informs Flow Treatment
20
Functions (cont.)
• BCMCS Content Server:– Provide BCMCS content– If IP Layer Encryption is used:
» Generating SK by using BAK and a Security Parameter Index (SPI) value
• BSC/PCF:– Registration for BCMCS– Determine whether transmitting BCMCS content on radio link– If Link Layer Encryption is used:
» Generating SK» Encrypt SK with BAK and deliver it to UIM
• PDSN:– Deliver the broadcast content to the MS– Accounting info
21
Functions of New Interfaces
• B1 Interface (Local BCMCS Control - BSC/PCF )– Download of association between BCMCS_ID and (Multicast IP
address, Port number) to BSC– Download flow treatment to the MS– If Link Layer Encryption is used:
» Deliver BAK to BSC for encrypting SK» Send SK life time to BSC
• B2 Interface (Local BCMCS Control – MS):– Download the encrypted BAK to UIM via PDSN– Download the association of BCMCS_ID, (Multicast IP address, Port
number), and (Content Provider ID, Content ID) to the MS via PDSN– Download Transport and Application protocol to the MS via PDSN– Download Flow Treatment to the MS via PDSN
» Header Compression algorithm– Download layer encryption info
22
Functions of New Interfaces (cont.)• B3 Interface (AAA – BCMCS Subscription Server):
– Used for request of RK establishment in UIM from the BCMCS Subscription Server
– Deliver RK to the BCMCS Subscription Server from AAA • B4 Interface (Local BCMCS Security Manager – BCMCS
Subscription Server)– Deliver sets of TK to Local BCMCS Security Manager
• B5 Interface (Local BCMCS Security Manager – Local BCMCS Control)
– Deliver the encrypted BAK to Local BCMCS Control– If Link Layer Encryption is used:
» Send SK life time to Local BCMCS Control» Deliver BAK to Local BCMCS Control
• Interface between BCMCS Control and BCMCS Content Server– Beyond the scope of the standard– Indicate whether IP Layer Encryption, Link Layer Encryption, or no encryption
from Content Server– If IP Layer Encryption is used, send BAK to BAMCS Content Server
23
RK Establishment – For Controlled-Access Service
AAAMSUIM
Request RK (SUB ID, HomeContent Provider, MS IP address)
RK, SUB ID
PDSN
a
b
c
BCMCS SubscriptionServer
SO33 Setup
http
d
e
RK Establishment
24
RK Establishment• Occurs when the user subscribes the Controlled-Access service in
BCMCS Subscription Server• Each BCMCS content provider has one corresponding RK for each
subscriber• RK is only known by UIM and home service provider/home content
service provider• RK Establishment Procedures:
– Step a: MS establish SO33 and gets an IP address.– Step b: MS accesses the subscription server of a content provider. The MS
accesses this server via HTTP over SO33.– Step c: The subscription server notifies the HAAA to establish RK with the
MS. The subscription server obtains the MS's IP address via DNS and sends the address to the HAAA.
– Step d:RK establishment in UIM. – Step e: The HAAA sends RK to the BCMCS Subscription Server.
25
BCMCS Activation (BAK Download)
UIM MS Local BCMCSControl
BCMCS SubscriptionServer
Request for BCMCS (SUB ID, Content Provider ID, ContentID)
Request Temporary Keys for encryption of BAK(SUB ID, Content ID)
SUB_ID, Subscriptions Info, Pairs of[TK_RAND, TK], Content ID
BCMCS_ID, BAK_ID, BAK Life Time, TK_RAND, E(BAK), BAK_RAND,BAK_AUTH, Association of {BCMCS_ID, Multicast IP address, Content ID},
Flow Treatment, Transport and Application Protocol
a
b
c
d
BSC
BCMCS_ID, BAK_ID, BAK Life Time, TK_RAND, E(BAK),BAK_RAND, BAK_AUTH
e
Local BCMCSSecurityManager
Request for BAK (SUB ID, Content ID)
SUB_ID, BAK_ID, E(BAK), BAK Life Time, TK_RAND,BAK_RAND, BAK_AUTH, Content ID, BAK, SK Life Time
f
g
Authorization
26
BCMCS Activation (BAK Download)• Occurs when the MS requests it• For free-access services, the MS will get information of
Transport and Application Protocol, Flow Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID)
• For controlled-access services: – MS will get information of Transport and Application Protocol, Flow
Treatment, and the association of BCMCS_ID, (Multicast IP address, Port number), and (Content Provider ID, Content ID)
– BAK download– Each BCMCS program identified by Content ID has its own BAK– There is BAK life time associated with each BAK– If Link Layer Encryption is used:
» BAK is known by BSC, Local BCMCS Control, Local BCMCS Security Manager, and UIM
– If IP Layer Encryption is used:» BAK is known by Content Server, Local BCMCS Security Manager, and UIM
– TK is used for encrypting BAK– TK is known by Local BCMCS Security Manager, BCMCS Subscription
Server, and UIM
27
BCMCS Activation (BAK Download) Procedures
• Step a: Upon the user subscribes the BCMCS service or upon the BAK lifetime expires, the UIM requests for BCMCS and the MS passes the request to the Local BCMCS Control.
• Step b: If the requested BCMCS is controlled-access service, the Local BCMCS Control passes BCMCS request to the Local BCMCS Security Manager. If the requested BCMCS is free-access service, go to Step f.
• Step c: The Local BCMCS Security Manager sends Temporary Key Request to the BCMCS Subscription Server.
• Step d: The BCMCS Subscription Server generates TK_RAND and then calculate TK with the input of RK and TK_RAND by using some function [TK= f(TK_RAND, RK)]. It can generates several pairs for future usage so that the transactions between the BCMCS Subscription Server and Local BCMCS Security Manager is not always needed. The BCMCS Subscription Server then returns several TKs to the Local BCMCS Security Manager.
• Step e: The Local BCMCS Security Manager generates a BAK and encrypts it with one of TKs. It also generates BAK_RAND and then calculate BAK_AUTH with the input of BAK and BAK_RAND by using a function [BAK_AUTH= f(BAK_RAND, BAK)]. Then the Local BCMCS Security Manager sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the Local BCMCS Control. If Link Layer Encryption is used, the Local BCMCS Security Manager also sends BAK and SK Life Time to BSC for encrypting SK.
28
BCMCS Activation (BAK Download) Procedures (cont.)
• Step f: For controlled-access service, the Local BCMCS Control sends encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM via the MS. For both controlled-access and free-access services, the Local BCMCS Control sends an association of {BCMCS_ID, (Multicast IP address, Port), and (Content Provider ID, Content ID)}, Flow Treatment, and the Transport and Application Protocol to the MS.
• Step g: The MS passes the encrypted BAK with corresponding BAK_ID and BAK lifetime, BCMCS_ID, TK_RAND, BAK_AUTH, and BAK_RAND to the UIM. The UIM then calculates TK with the input of TK_RAND and its owned stored RK and then decrypts BAK by using the TK. And then it calculates its own BAK_AUTH with input of BAK and BAK_RAND. It compares its calculated BAK_AUTH with the received BAK_AUTH. If it is not matched, it will start from step a again.
29
SK Updates – Encryption at IP Layer (Regardless whether Key management by Service Provider or Content Provider)
• SK is derived from SPI• SPI (4 Bytes) is in IPSec Header• SK Generator in Content Server selects SPI:
– Most significant 4 bits = BAK_ID– Least significant 28 bits = SPI_RAND
• SK Generator computes SK:– SK= E[SPI_RAND, BAK]
• SK Generator uses SK to encrypt packets• UIM re-generates SK from SPI using BAK and passes SK to MS
for decrypting the broadcast content
30
SK Updates - Encryption at Link Layer(Regardless whether Key management by Service Provider or Content Provider)
• BSR_ID 000 can be used for SK update for link layer encryption• Encryption at link layer doesn’t prevent IP level encryption• Encryption at link layer should be disabled if IP level encryption is on• SK Download Procedures:
• Step a: The BCMCS Control sends BAK and BAK life time to BSC/PCF. It also sends SK life time to request BSC/PCF generates SK with indicated SK Life Time.
• Step b: The BSC/PCF sends SK encrypted with BAK to UIM via MS.• Step c: UIM decrypts SK with BAK and sends back to MS.• Step d: BCMCS Content Server sends plain broadcast content to BSC/PCF via PDSN.• Step e: The BSC/PCF encrypts the broadcast content with SK and then sends it over the air.
BSC/PCF BCMCSControl
MSUIM
BCMCS_ID, BAK_ID, BAK, BAK Life Time, SK Lifetime)BCMCS_ID, BAK_ID, E(SK), Action Time
BCMCS_ID,BAK_ID, SK
Broadcast Content encrypted with SK
BCMCSContentServer
Broadcast Content
PDSN
a
b
c
d
e
31
Summary: BCMCS Steps• BCMCS is discovered out of band• User subscribes BCMCS service out of band (SUB ID)• For controlled-access service, if the Key is controlled and distributed by
the Content Provider, RK is established at UIM; otherwise, A-Key will be used for RK
• BCMCS Activation– Download information of an association of {BCMCS_ID, (Multicast IP address,
Port), and (Content Provider ID, Content ID)}, Flow Treatment, and the Transport and Application Protocol
– For controlled-access service: » TK is sent to
• If Key managed by the Service Provider: Local BCMCS Control• If Key managed by the Content Provider: Local BCMCS Security Manager
» BAK encrypted by TK is download to UIM via visited network (PDSN) using a special UDP port number
• MS finds if broadcast service is available for particular sector via overhead message
• MS performs a registration (BCMCS_ID)• BCMCS bearer path is setup (if not there)• MS starts monitoring BCMCS channel
32
Protocol StackMS BS/PCF PDSN Router(s) BCMCS
Content Server
IP
L2
L1
IP
L2
L1
IP
L2
L1
L2(R-P)
L1
HDLC
L2(R-P)
L1
Mux
F-BSCH
Null (RLP)
Application(Ex. MPEG-4)
Transport(Ex. RTP/UDP)
Security(Ex. IPSec)
IP
HDLC
F-BSCH
Null (RLP)
Mux
Application(Ex. MPEG-4)
Transport(Ex. RTP/UDP)
Security(Ex. IPSec)
EncryptionDecryption
Note: Encryption at IP Layer and Link Layer should not be enabled at the same time.
33
Transport & Encryption Overhead (IP Layer Encryption is Used)
Packet Format Length in octets IP Header 20 Security Parameter Index (SPI) in ESP Header
4
Sequence Number in ESP Header 4 Initialization Vector 16 UDP Header 8 Real-time Transport Protocol (RTP) Header
12
Broadcast Content Variable Padding in ESP Trailer 0 ~ 15 (with 8 as the average) Next header in ESP Trailer 1 Pad Length in ESP Trailer 1
• The cipher block size for AES is 16 bytes, so that IV is 16 bytes, and padding ranges from 0 to 15 bytes.
• The italic portion of the packet is encrypted.• The transport/encryption overhead ranges from 66 to 81 bytes with the average of 74 bytes.• If Header Compression is used (ROHC):
– The IP header and the SPI field of the ESP header can be compressed from 24 bytes to 2 bytes.– The transport/encryption overhead ranges from 44 to 59 bytes with the average of 52 bytes
34
Transport & Encryption Overhead (Link Layer Encryption is Used)
Packet Format Length in octets IP Header 20 UDP Header 8 Real-time Transport Protocol (RTP) Header
12
Broadcast Content Variable
• The whole packet is encrypted at link layer.• The transport/encryption overhead is 40 bytes.• If Header Compression is used (ROHC):
– The RTP/UDP/IP header can be compressed from 40 bytes to 2 bytes.– The transport/encryption overhead become 2 bytes.
• Since SK is sent to the MS via signaling channel:– Assuming BCMCS_ID (16bits) + E(SK) (28bits) + BAK_ID(4bits) + Action Time (8bits) = 56 bits.– Assuming SK changes every 1 minute– Overhead is about 1bits/s.
35
Data Link Layer Framing
• Data link layer framing is required between the PDSN and MS to delineate packets received from the broadcast channel.
• HDLC-like framing (RFC 1662) is recommended because it is a standard protocol and is widely available. It is however processor intensive due to octet stuffing for 0x7E and 0x7D in the frame payload.
• Flag (0x7E) is required to indicate the frame beginning.• Address/Control fields have static values and can be compressed.• PPP Protocol field is used to identify frame payload type (e.g. IP packet with compressed header).• Frame Check Sum (FCS) is recommended to be 2 bytes.• The HDLC/PPP framing overhead is 5 bytes per frame plus octet stuffing.
– Octet stuffing, on the average, is 1 byte per 128 bytes of frame payload.– If the frame payload is 256 bytes, the average data link layer overhead is 7 bytes.
Framing Format Length in octetsFlag 1Address 1Control 1PPP Protocol 2Payload VariableFCS 0, 2, or 4
36
Bearer Path Set-Up via Provisioning (Multicast between CS and PDSN)
BSC PCF PDSN CS
A11-Registration Request
(Multicast IP address, PortNumber), flow tratment
(a)(b)(c)(d)
BCMCS Channelconfiguration
A9-Setup-A8(Multicast IP address,
Port Number), flowtreatment
A9-Connect-A8
MR
(e)
IGMP/MulticastRoutingProtocol
Content
BCMCSconfiguration
BSC now is setup to receive IP multicast from CS for the BCMCS channel
A11-Registration Reply
37
Bearer Path Set-Up via Provisioning (Unicast between CS and PDSN)
BSC PCF PDSN CS
A11-Registration Request
(Multicast IP address, Port Number), fowtreatment
(a)(b)
(c)(d)
BCMCS Channelconfiguration
A9-Setup-A8
(Multicast IP address,Port Number), flow
treatmt
A9-Connect-A8
(e)Content
BCMCSconfiguration
BSC now is setup to receive IP multicast from CS for the BCMCS channel
A11-Registration Reply
Unicast IP Tunnel Setup
38
Bearer Path Set-Up/Tear
Down via MS Registration/
Deregistration (Multicast
between CS and PDSN)
BSC PCF PDSN CS
A11-RegistrationRequest(Multicast IP address),
flow treatment
a
b
d
A9-Setup-A8(Multicast IP address, port),
flow treatment
A9-Connect-A8
MR
e
IGMP/MRP
Content
A11-RegistrationReply
MS
Registration(BCMCS_ID)
fghi
BSPM now includesBCMCS_ID for the
broadcast
BCMCS Channelconfiguration
j
A10A8Content
BSPM (Service Availablity)
c
MS monitorsBroadcastChannel
1st User
Sub. Users BSPM (Service Availablity)
Registration(BCMCS_ID)
MS monitorsBroadcastChannel
Last User leaves
BSC detects last userregistration timeout,
stops transmittingBCMCS
A11-Registration Request(lifeime=0)
A9-Release-A8
A9-Release-A8Complete
A11-RegistrationReply (lifetime=0, accpted)
Lack of IGMP Response,prunes MC tree
kl
m
n
o
p
q
r
s
t
u
BCMCSControl
Multicast IP Address Request (BCMCS_ID)
Associations of BCMCS_ID and (Multicat IPAddress, Port), flow treatment
vw
AAA/SS
Authorization
Ack
xz
39
Some Details• There is multiple-to-one mapping between BCMCS_ID and
Multicast IP address– Provide Layered Service
• There is multiple-to-one and one-to-multiple mapping between BCMCS_ID and BSR_ID
– If link layer encryption is used, multiple-to-one mapping between BCMCS_ID and BSR_ID is not allowed
• A8 and A10 connection Set Up– Pre-configured (Static Broadcast)– Trigger by first subscriber in BSC to join the broadcast session
(Dynamic Broadcast)• PDSN Selection Algorithm
– (X) modulo N; X is the integer representation of the IP multicast address or BCMCS_ID, and N is the number of PDSNs reachable by the PCF
• Multicast Tree Setup between PDSN and CS– If security is not concerned, PDSN can send IGMP to join the session– If security is concerned, the unicast tunnel will be setup
