Self Assesment – IH r2 (June 2008) – Security Only

Yellow references and text apply to FFT mode;

Green references and text apply to RSNA, FFT, and Wavelet modes.

Reference / Requirement / xref to HPP r2 / Notes
IH-103. / The MAC and PHY shall provide functionality that supports local admission control. / 8.7.3 Methods for Authorization (NMK Provisioning) / Admission to a BSS is supported by three modes. High Security Mode uses RSNA.
FFT PHY Mode depends on possession of the Network Membership Key (NMK). Three native methods for admission control are supported, with hooks for higher layer protcols.
Wavelet PHY Mode depends on possession of the Pairwise Key (PWK).
IH-104. / The MAC and PHY shall provide functionality that protects data transactions among nodes. / 8.2. RSNA data confidentiality protocols;
8.7.7 AES Encryption Algorithm and Mode;
8.8.5 Payload Encryption / Regardless of mode, all communications within a BSS are encrypted using a 128 bit AES key, with ICV.
IH-105. / The MAC and PHY shall provide functionality that provides confidentiality to all transactions in the network. / 8.2. RSNA data confidentiality protocols;
8.7.7 AES Encryption Algorithm and Mode;
8.8.5 Payload Encryption / All communications (except a few start-up messages) within a BSS are encrypted using an AES 128 bit NEK
IH-106. / The MAC and PHY shall provide functionality that provides data integrity to all transactions in the network. / 7.3.1.2.1.3 PHY Body Check Sequence (PBCS);
8.2.2.6 Integrity Check Value / In FFT Mode, 32 bits CRCs are provided at both PHY and MAC level to guarantee data integrity.
IH-107. / The MAC and PHY shall provide functionality that enables the authorization of communications between nodes. /
8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, all nodes within a BSS are authorized to communicate to each other once they have received the NMK (reference SOUPS 2006 paper – Newman et al.,
``Protecting Domestic Powerline Communications,''
in proceedings of Symposium on Usable Privacy and Security
(SOUPS 2006), Pittsburgh, PA, July 12-14, 2006, pp. 122-132). Authorization may be done in three ways supported, and there are hooks for higher layer protocols. Using the NMK, they obtain the NEK, which allows the actual communication to occur.
IH-108. / The MAC and PHY shall provide functionality that can be used to prevent a class of transactions between nodes until they have been authorized to communicate in a network. / 9.4.1.2 Communication between Associated but Unauthenticated STAs;
9.4.1.3 Communication between STAs Not Associated with the Same BSS; / In FFT mode, nodes not authenticated are restricted in the control messages they can send or receive, and are not allowed to transmit or receive data.
IH-109. / The MAC and PHY shall provide functionality that identifies each authorization of each node. /
8.7.3 Methods for Authorization (NMK Provisioning);
11.3 Forming or Joining a BSS / In FFT mode, each node is specifically authorized by virtue of execution of protocol involving human interaction - button press, network password entry, or device password entry (see SOUPS 2006 paper above).
IH-110. / The MAC shall provide functionality that can be used to prevent brute force decryption attacks. / 7.2.2 MAC frame format extension for FFT;
8.7.2 Encryption Keys, Pass Phrases, Nonces, and Their Uses;
8.7.8 Generation of AES Encryption Keys / In FFT mode, Confounder or TimeStamp together with random 128-bit encryption key changing at least once every hour prevent brute force attack
IH-111. / The MAC shall provide functionality that enables robust protection from eavesdropping. / 8.2. RSNA data confidentiality protocols;
8.7.7 AES Encryption Algorithm and Mode;
8.8.5 Payload Encryption / All communications within a BSS are encrypted using an AES 128 bits key, with exceptions only for restricted initiation messages
IH-112. / The MAC shall provide functionality that enables robust protection from MAC spoofing attacks. / 8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, direct entry and DAK-based NMK distribution prevent authorization of rogue nodes based on MAC address
IH-113. / The MAC and PHY shall be robust against replay attacks. / 8.7.2.6 Nonces; / In FFT mode, use of nonces provides robustness against replay attacks
IH-114. / The MAC and PHY shall provide functionality to lessen the possibility of dictionary attacks. / 8.9 Key Generation from Passwords / Recommendations are provided regarding password length. Best Practices document encourages random password generation and user-selected password screening
IH-115. / The MAC and PHY shall be robust against man-in-the-middle attacks. / 8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, direct entry and DAK-based NMK distribution completely prevent MITM attacks (HS Security Level)
IH-116. / The MAC and PHY shall be robust against identity usurpation. /
8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, direct entry and DAK-based NMK distribution prevent admission of rogue nodes
IH-117. / The MAC shall provide functionality supporting the use of multiple Network Encryption Keys on a single LAN and/or VLAN. / 8.7.3 Methods for Authorization (NMK Provisioning);
8.7.2.5 Point-to-Point Encryption Key (PPEK); / In FFT mode, definition of Sub-BSS provides such a functionality
IH-119. / The MAC and PHY shall allow content distribution using digital rights management with DTCP/IP and/or 5C. / 8.7.3.6 Distribution of NMK Using Other Key Management Protocols / Higher-level security protocols are supported; Higher level content management is outside the scope of the MAC
IH-120. / The MAC and PHY shall NOT require pre-RSNA security methods, nor support pre-RSNA security authorizations. / 8.2. RSNA data confidentiality protocols;
8.7.4 NEK Provisioning;
8.7.7 AES Encryption Algorithm and Mode;
8.8.5 Payload Encryption
/ The PHY level encryption is not at all like WEP and does not have WEP's vulnerabilities; NEK is randomly generately by BM and rotated
IH-123. / The MAC and PHY shall provide functionality by which two BPL LANs that are defined by their distinct security requirements can exchange security information to allow specific classes of transaction service between nodes on different networks. / 8.7.3.6 Distribution of NMK Using Other Key Management Protocols;
12 Multiple Networks / FFT mode has hooks for higher layer protocols to communicate in a limited fashion. It also supports communication between neighbor networks. For full data communication, a bridging function must be invoked. For the bridge to communicate in both BSSs, it would need to authenticate in both BSSs. It may do this by means of a higher layer protocol that sets the NMK for each BSS in the bridge node. The bridge node would then be responsible for limiting the "transaction services" allowed.
IH-125. / The PHY and MAC shall provide functionality enabling all data frames transmitted on the medium to be protected (both confidentiality and integrity) using AES-128 equivalent or better. / 8.2. RSNA data confidentiality protocols;
8.7.7 AES Encryption Algorithm and Mode;
8.8.5 Payload Encryption / AES 128 is the cryptographic algorithm used by HPP.
IH-126. / The MAC shall provide functionality to prevent hijack of MAC addresses. /
8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, direct entry and DAK-based NMK distribution prevent authorization of rogue nodes based on MAC address
IH-127. / The MAC shall provide functionality for MAC Address Anonymity. / 7.2.1 Common MAC Frame Format / It is possible to use locally administered MAC addresses for all unencrypted communications. The Universally Administered MAC address need only be send in encrypted frames.
IH-128. / The MAC shall provide functionality to securely transfer the Authorization Information. / 8.7.3 Methods for Authorization (NMK Provisioning) / In FFT mode, several mechanism are provided to securely exchange authorization information (NMK provisionning): UKE, DAK-encrypted, higher level protocols
IH-131. / The MAC shall support at least 32 encryption keys thus having the possibility of communicating with different MACs, using different encryption keys. / 7.3.1.1.5.2.8 Encryption Key Select (EKS);
8.7.2.5 Point-to-Point Encryption Key (PPEK) / In FFT mode, EKS may be disambiguated based on source/destination
IH-132. / The MAC shall support the use of different encryption keys for different pairs of MACs in the same LAN. / 8.7.3 Methods for Authorization (NMK Provisioning);
8.7.2.5 Point-to-Point Encryption Key (PPEK) / In FFT mode, definition of Sub-BSS provides such a functionnality; point to point encryption is also supported.
Submission / Self assesment E / Rob Ranck, HomePlug, etal