doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Secure Enablement and CVS without Persistent Association

Slide 1 S.Abraham Qualcomm Incorporated

Authors:November 7, 2011

Name Affiliations Address Phone email

Santosh Abraham Qualcomm, Inc 5775 Morehouse Dr., San Diego, CA +1-858 651 6107 sabraham@qualcomm.com

Steve Shellhammer Qualcomm, Inc 5775 Morehouse Dr., San Diego, CA +1-858-658-1874 sshellha@qualcomm.com

Philip Hawkes Qualcomm, Inc77 King StreetSydney, New South Wales 2000 (Australia)

61-2-9384-0203 phawkes @qualcomm.com

Cameron McDonald Qualcomm, Inc77 King StreetSydney, New South Wales 2000 (Australia)

61-2-9384-0204 cameronm@qualcomm.com

Jouni Malinen Qualcomm, Inc Hermiankatu 6-8 DTampere, Finland

jouni@qca.qualcomm.com

Menzo Wentink Qualcomm, Inc Straatweg 66-S, Breukelen, (Netherlands) +31-346-259-656 mwentink@qualcomm.com

Dean Brenner Qualcomm, Inc. 1730 Pennsylvania Ave N.W.Washington DC

dbrenner@qualcomm.com

John Kuzin Qualcomm, Inc. 1730 Pennsylvania Ave N.W.Washington DC

jkuzin@qualcomm.com

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

AbstractThe submission provides techniques that allow a GDC dependent STA to remain enabled even if it disassociates from its GDC enabling STA. The amendment resolves an issue raised by CID 951 which highlights the need for Mode 1 APs. Due to the necessity of a secure association between a GDC dependent STA and its GDC enabling STA to obtain enablement and the requirement that an STA can have only one association, a GDC dependent STA cannot associate with a Mode 1 AP. This amendment proposes a method for a GDC Dependent STA to maintain a secure link with a GDC enabling STA while associated with another AP such as a Mode 1 AP.

Slide 2 S. Abraham, Qualcomm Inc.

         951 4 The FCC requirement for

embedded geo-location limits the placement of Mode II APs

indoors, restricting placement to be near a window or another

location where GPS lock can be obtained. This severely limits the placement of APs indoors.

The standard needs support for a low-rate enabler which can be placed near a window where it

can obtain GPS lock and can provide enablement to all the

Mode I AP and STAs throughout the building. In addition, this makes it possible for Mode I

APs to be used, which reduces the complexity of these APs since they no longer require

embedded GPS.

Add text from document

IEEE 802.11-11/257.

951

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Update

• This revision provides additional support (in the appendix) for the permissibility of Mode I APs.

Slide 3 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Motivation• FCC rules require secure transmission of

– White space map (WSM)– Contact Verification Signal (CVS)– Encrypted transmission of WSM and CVS

• To comply with the above, for the current 802.11af draft a GDC dependent STA requires a continuous “secure association” to an GDC enabling AP.

• 802.11 Revmb does not permit more than one association, the enabling AP will have to also provide data services

• Therefore:– All APs will need to be enablers to associate dependent STAs

– APs would have to be Mode II and accurate geo location capability

• We present an augmentation to the current GDC enablement protocol that keeps the (GDC) Enabling AP(E-AP) function separate from the data serving AP (S-AP)

Slide 4 S.Abraham Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Network Operation with Separate Enabler

Slide 5 S. Abraham, Qualcomm Inc.

Mode 1Dependent

STA

Fixed or Mode II

Enabling AP

Mode IAP

CVS,CAQRequest

CVS,WSM

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Proposed “Augmented” Enablement Flowchart

Slide 6 S. Abraham, Qualcomm Inc.

Generate EK with PTK during secure

association

START

Request Enablement

Enabled ?

Disassociate from E-AP

Send Request for CVS using self

protected action frames encrypted

with EK

CVS ReceivedMove to de-

enabled

Enablement Failed

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Operation of Enablement Procedure

• D-STA associates with E-AP using a secure association procedure as required by the E-AP

• During the secure association the E-AP and D-STA generate an Enablement Key (EK) along with the PTK

• D-STA requests enablement from the E-AP using the enablement procedure.

• D-STA then disassociates from E-AP• D-STA may then associate with any other AP, even

other dependent APs (this AP is called the serving AP)• All other communication from D-STA to E-AP use a

“pull method” as described later

Slide 7 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Obtaining a CVS from E-AP

• All messages between the E-AP and D-STA (after disassociation) use self protected action frames that are encrypted using the EK generated during the association

• D-STA obtains a CVS by requesting one from E-AP– CVS Request approach frees the E-AP from tracking the sleep state of the D-STA

when sending the CVS

• When E-AP receives a CVS request, it responds with a CVS containing the CVSIE if it is able to de-crypt the self protected action frame using the EK.

• Operation when CVS indicates new WSM-ID – D-STA sends self protected Channel Availability Query( CAQ) with reason result

set to WSM– D-STA uses self protected CAQ response frame to send the WSM

Slide 8 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Frame Formats• CVS Request:

– Only contains Category and Action field

Slide 9 S. Abraham, Qualcomm Inc.

• Self protected CVS: • Similar to the CVS public action frame, with category field

indicating self protected

• Self protected CAQ: For WSM• Similar to CAQ public action frame with category field indicating

self protected.

Category Action

Octets: 1 1

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Appendix

FCC Rules, Decisions, and Relevant TVBD Definitions and Terminology

Slide 10 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

A Mode I AP Is Permissible Under FCC TVWS Rules• The FCC’s main goal in the TVWS proceeding is to provide as much flexibility as possible for

unlicensed uses while fully protecting the reception of broadcast TV signals. See 2008 TVWS Order at para. 54 (“we are providing for operation of personal/portable devices under two different modes: 1) controlled by a fixed device or a Mode II personal/portable device and 2) independent. In each of these cases, our goal is to make the technical requirements as simple and as reliable as possible [and] to permit a wide range of unlicensed broadband uses and applications and while ensuring that the most appropriate and effective mechanisms are in place to protect TV and other licensed services. “)

• So long as a network has a single device acting in master mode – and thus protecting licensed users – it can enable any number of other devices acting as masters and clients.

– See 2008 TVWS Order at para. 111 (“A network always has at least one device operating in master mode and also some devices that may be capable of operating only in client mode and some devices that may be capable of operating in either mode. All fixed TVBDs will be allowed to operate in master mode. Those personal/portable devices communicating on a master/client basis with a fixed device will be required to use channels/frequencies as directed by the fixed device. Thus, a personal/portable device operating under this arrangement will pose no more risk of interference to a licensed service than the fixed device, and because it will use less power will generally pose less risk of causing such interference.”)

– See 2008 TVWS Order at para. 133 (“We envision that both the Mode I and Mode II approaches will often be incorporated into the same personal/portable device. That is, a personal/portable device could function as a master device when it is able to use geo-location/sensing and database access to identify unused TV channels in its area. If it cannot rely on these techniques but is near a fixed device or another personal/portable device that can act as a master, it could operate in client mode if it makes contact with a master station.”)

• A Mode I AP is fully consistent with the FCC’s definition of a Mode I personal/portable device as well as the other definitions on the following page.

Slide 11 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

TVBD Definitions Support This Interpretation Term Definition

Fixed device A fixed TVBD may … initiate and operate a network by sending enabling signals to one or more fixed TVBDs and/or personal/portable TVBDs. Fixed devices may provide to a Mode I personal/portable device a list of available channels on which the Mode I device may operate under the rules.

Mode I personal/portable device

A personal/portable TVBD that does not use an internal geolocation capability and access to a TV bands database to obtain a list of available channels. A Mode I device must obtain a list of available channels on which it may operate from either a fixed TVBD or Mode II personal/portable TVBD. A Mode I device may not initiate a network of fixed and/or personal/portable TVBDs nor may it provide a list of available channels to another Mode I device for operation by such device.

Mode II personal/portable device

A personal/portable TVBD that uses an internal geo-location capability and access to a TV bands database, either through a direct connection to the Internet or through an indirect connection to the Internet by way of fixed TVBD or another Mode II TVBD, to obtain a list of available channels. A Mode II device may select a channel itself and initiate and operate as part of a network of TVBDs, transmitting to and receiving from one or more fixed TVBDs or personal/portable TVBDs. A Mode II personal/portable device may provide its list of available channels to a Mode I personal/portable device for operation on by the Mode I device

Network initiation

The process by which a fixed or Mode II TVBD sends control signals to one or more fixed TVBDs or personal/portable TVBDs and allows them to begin communications.

Slide 12 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

IEEE

Term Definition

AP An entity that contains one station (STA) and provides access to the distribution services, via the wireless medium (WM) for associated STAs.

From 802.11 Draft Revmb

Serving AP(S-AP)

AP that is associated with the STA providing connectivity to external networks. Serving AP may contain a GDC Enabling STA or a GDC Dependent STA

New

GDC Enabling STA

A STA that has the authority to control the operation of GDC dependent STAs after obtaining available spectrum for use at its own location.

From 11af Draft 1.02

Enabling AP(E-AP)

GDC enabling STA that is an AP New

GDC Dependent STA(D-STA)

A STA that is under the control of Geo-location Database Controlled enabling STA

From 11af Draft 1.02

Slide 13 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Part 15.202 - Certified operating frequency range• On one of the conference calls it was brought up that we need to review

FCC Part 15.202, which is copied below:

Slide 14 S. Abraham, Qualcomm Inc.

Client devices that operate in a master/client network may be certified if they have the capability of operating outside permissible Part 15 frequency bands, provided they operate on only permissible Part 15 frequencies under the control of the master device with which they communicate. Master devices marketed within the United States must be limited to operation on permissible Part 15 frequencies. Client devices that can also act as master devices must meet the requirements of a master device. For the purposes of this section, a master device is defined as a device operating in a mode in which it has the capability to transmit without receiving an enabling signal. In this mode it is able to select a channel and initiate a network by sending enabling signals to other devices. A network always has at least one device operating in master mode. A client device is defined as a device operating in a mode in which the transmissions of the device are under control of the master. A device in client mode is not able to initiate a network

Observations• Master devices send enabling signals.• Client devices are under the control of a master and cannot initiate a network.• A single device can operate as a master or a client depending on its mode of operation.• A TV band device is an unlicensed (i.e., Part 15) RF device that operates on open broadcast

TV channels. See § 15.703(m).

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

KDB 594280 Restrictions on Software Configuration for devices not approved as Software Defined Radios

Slide 15 S. Abraham, Qualcomm Inc.

On one of the conference calls we were asked to review KDB 594280. A relevant excerpt from that KDB is provided below:

Many devices referred to by the Wi-Fi industry as "client devices" may not meet the definition of a Section 15.202 client, and must be approved as master devices on U.S. authorized frequencies, and must operate in accordance with the grant conditions. To qualify as a Section 15.202 client, a device cannot initiate, or be configured to initiate, any transmission including probes, beacons, or ad-hoc mode transmissions. If a device supports such network initiating functions, it shall be approved as a master device for that particular band. This includes devices that support Wi-Fi Direct modes in the bands where the device is capable of becoming a Group Owner must be approved as master devices under Section 15.202.

Observations• While it is clear that a Mode 1 AP cannot initiate the transmission of a probe or a beacon, in

802.11, no AP “initiates” the transmission of probes. The transmission of a probe is an autonomous decision at a client device (e.g., a laptop). 802.11af has very clear rules stating that any transmission (including a probe) can only be done after seeing a beacon from a Fixed or Mode 2 device. Hence we comply with the KDB.

• Mode 1 APs do not initiate the transmission of a beacon autonomously. They transmit a frame (including the 802.11 beacon) only after being given permission by a Fixed or Mode 2 AP.

• Also, the beacons from a Mode 1 AP do not by themselves provide permission for any other STAs to transmit.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

Mode 1 APs are Permitted

• An IEEE 802.11 AP provides access to the distribution system for associated STAs.

• This device may be an FCC Mode I device.• This FCC Mode I device may not enable other STAs by

sending control signals to them to allow them to begin transmitting in the TVWS. That must be done by a device acting as a Mode II Enabling AP.

Slide 16 S. Abraham, Qualcomm Inc.

doc.:IEEE 802.11-11/0908r3

Submission

November 2011

References

• Link to KDB 594280– http://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm?id=39498&switch=P

Slide 17 S. Abraham, Qualcomm Inc.