TIA-4957 500-2017 Security Specification- Extension on Field Area Networks.pdf

1、 TIA-4957.500 July 2017Security Specification- Extension on Field Area Networks ANSI/TIA-4957.500-2017 APPROVED: APRIL 6, 2017 NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facil

2、itating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manu

3、facturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with th

4、e American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated wi

5、th its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. Any use of trademarks in this document are for information pur

6、poses and do not constitute an endorsement by TIA or this committee of the products or services of the company. (From Project No. ANSI/TIA-PN-4957.500-R1, formulated under the cognizance of the TIA TR-51 Smart Utility Networks). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Technology and Sta

7、ndards Department 1320 N. Courthouse Road, Suite 200 Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call IHS, USA and Canada (1-877-413-5187) International (303-397-2896) or search online at h

8、ttp:/www.tiaonline.org/standards/catalog/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents either in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permi

9、ssion to reproduce portions of this document, please contact the TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission. Details are located at: http:/www.tiaonline.org/standards/catalog/info.cfm#copyright or Telecommunications Industry Associa

10、tion Technology (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this D

11、ocument may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs

12、 attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensi

13、ng terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been compli

14、ed with as respects the Document or its contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendati

15、on or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Procedures for American National Standards) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relati

16、ng to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see TIA Procedures for American National Standards Annex C.1.2.3) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or p

17、ublications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, des

18、igns or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHA

19、NTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR T

20、HE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING

21、WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF AD

22、VISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. ANSI/TIA-PN4957-500 i i Contents 1 1 Introduction 1 2 1.1 Scope and Purpose . 1 3 1.2 Rel

23、ease History . 1 4 2 References . 2 5 2.1 General 2 6 2.2 IEEE . 2 7 2.3 ANSI/TIA 3 8 2.4 IETF . 4 9 3 Definitions 6 10 3.1 Terminologies 6 11 3.2 Acronyms . 6 12 4 Security Specification . 9 13 4.1 Public Key Infrastructure 9 14 4.1.1 Wi-SUN IDevId Construction . 10 15 4.2 FAN Access Control and Gr

24、oup Key Placement . 11 16 4.2.1 EAPOL Over 802.15.4 . 13 17 4.2.2 Authentication and PMK Installation Flow . 15 18 4.2.3 PTK and GTK Installation Flow . 17 19 4.2.4 Group Key Update Flow 19 20 4.2.5 Revocation of Node Access 21 21 4.3 Node to Node Pairwise (N2NP) Authentication and Key Generation 21

25、 22 4.3.1 Pairwise Session Management (SM) State Machine 21 23 4.4 Frame Security 41 24 4.5 Node Hardening . 41 25 Table of Figures 26 Figure 1 Authentication and Group Key Acquisition Flows . 12 27 Figure 2 State Machine Shapes Key . 24 28 Figure 3 Start State Transitions Part 1 25 29 Figure 4 Star

26、t State Transitions - Part 2 26 30 Figure 5 SessionPending1 State Transitions 27 31 Figure 6 SessionPending2 State Transitions 28 32 Figure 7 SessionValid State Transitions . 29 33 Figure 8 SessionOpen State Transitions . 30 34 Figure 9 Common Transitions . 31 35 Figure 10 SM Specific Error Message

27、. 37 36 37 ANSI/TIA-PN4957-500 ii Foreword (This foreword is not part of this standard) 1 This document is a TIA Telecommunications Standard produced by the Working Group of the 2 TR51 Committee. The standard was produced in accordance with TIA procedural guidelines, 3 and represents the consensus o

28、f the Working Group and its parent committee which served 4 as the formulating group. 5 6 This standard consists of 4 clauses. The clauses describe the public key infrastructure, FAN 7 access control, pairwise authentication, frame security and node hardening. This document 8 specifies the security

29、specification for Smart Utility Networks, particularly in Field Area 9 Networks. 10 The TR51 group officers wish to acknowledge the contributions and support of the following 11 TR51 members in the preparation of this standard: 12 13 4957 Series Revision Contributor Company / Representing Kramarikov

30、a, Marianna TIA Sturek, Don Silver Spring Networks Lynch, Michael MJ Lynch Part 2: Data Link Layer 4 (MAC Sub-layer)”, 5 http:/www.etsi.org/deliver/etsi_ts/102800_102899/10288702/01.01.06 1_60/ts_10288702v010101p.pdf 7 SP800-108 “NIST Special Publication 800-108 Recommendation for Key 8 Derivation U

31、sing Pseudorandom Function”, 9 http:/csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf 10 SP800-38A “Recommendation for Block Cipher Modes of Operation”, 11 http:/csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 12 SP800-38C “Recommendation for Block Cipher Modes of Operation: The C

32、CM 13 Mode for Authentication and Confidentiality”, 14 http:/csrc.nist.gov/publications/nistpubs/800-38C/SP800-15 38C_updated-July20_2007.pdf 16 SP800-38D “Recommendation for Block Cipher Modes of Operation: 17 Galois/Counter Mode (GCM) and GMAC”, 18 http:/csrc.nist.gov/publications/nistpubs/800-38D

33、/SP-800-38D.pdf 19 FIPS197 “Advanced Encryption Standard”, 20 http:/csrc.nist.gov/publications/fips/fips197/fips-197.pdf 21 FIPS198-1 “The Keyed-Hash Message Authentication Code (HMAC)”, 22 http:/csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf 23 24 25 2.2 IEEE 26 IEEE802.15.4-2011 “I

34、EEE Std 802.15.4-2011 IEEE Standard for Local and metropolitan 27 area networksPart 15.4: Low-Rate Wireless Personal Area 28 Networks (LR-WPANs)” 29 30 IEEE802.15.4-2015 “IEEE Std 802.15.4-2015 IEEE Standard for Local and metropolitan 31 area networksPart 15.4: Low-Rate Wireless Personal Area 32 Net

35、works (LR-WPANs)” 33 IEEE802.1X “IEEE Standard for Local and Metropolitan Area Networks Port 34 Based Network Access Control”, IEEE Std 802.1X-2010. 35 IEEE802.11 “IEEE Standard for Information Technology Telecommunications 36 and information exchange between systems Local and metropolitan 37 area n

36、etworksSpecific requirements Part 11: Wireless LAN Medium 38 ANSI/TIA-PN4957-500 3 Access Control (MAC) and Physical Layer (PHY) Specifications”, 1 IEEE Std 802.11-2012. 2 IEEE802.15.9 “Recommended Practice for Transport of Key Management Protocol 3 (KMP) Datagrams”, 802.15.9-2016. 4 IEEE802.1AR “IE

37、EE Standard for Local and Metropolitan Area Networks Secure 5 Device Identity”, IEEE Std 802.1AR-2009. 6 EUI48 “Guidelines for 48-Bit Global Identifier (EUI-48)”, 7 http:/standards.ieee.org/develop/regauth/tut/eui48.pdf 8 EUI “Guidelines for Use of OUI and CID”, 9 http:/standards.ieee.org/develop/re

38、gauth/tut/eui.pdf 10 IEEE802 “IEEE Standard for Local and Metropolitan Area Networks: Overview 11 and Architecture”, IEEE Std 802-2014, 12 https:/standards.ieee.org/findstds/standard/802-2014.html 13 14 15 2.3 ANSI/TIA 16 ANSITIA-4957.000 “Architecture Overview for the Smart Utility Network”, 17 htt

39、p:/ 18 ANSITIA-4957.200 “Layer 2 Standard Specification for the Smart Utility Network”, 19 http:/ 20 ANSITIA-4957.210 “Multi-hop Delivery Specification of a Data Link Sub-Layer”, 21 http:/ 22 ANSITIA-4957.300 “Network Layer Specification”, 23 http:/ 24 ANSITIA-4957.000a “TR-51 Architecture Overview

40、Extension on Field Area Network” 25 ANSITIA-4957.100a “TR-51 PHY Layer Specification Extension on Field Area Network” 26 ANSITIA-4957.200a “TR-51 Data Link Layer Specification Extension on Field Area 27 Network” 28 ANSITIA-4957.210a “TR-51 Multi-hop Sublayer Specification Extension on Field Area 29

41、Network” 30 ANSITIA-4957.300a “TR-51 Network Layer Specification Extension on Field Area 31 Network” 32 ANSITIA-4957.400a “TR-51 Transport Layer Specification Extension on Field Area 33 Network” 34 35 36 ANSI/TIA-PN4957-500 4 2.4 IETF 1 ARP “Address Resolution Protocol (ARP) Parameters”, 2 http:/www

42、.iana.org/assignments/arp-parameters/arp-3 parameters.xhtml#arp-parameters-2 4 RFC7731 “Multicast Protocol for Low power and Lossy Networks (MPL)”, 5 http:/tools.ietf.org/search/rfc7731 6 RFC3315 ”Dynamic Host Configuration Protocol for IPv6 (DHCPv6)”, 7 http:/www.ietf.org/rfc/rfc3315.txt 8 RFC3748

43、“Extensible Authentication Protocol (EAP)”, 9 http:/tools.ietf.org/html/rfc3748. 10 RFC4108 “Using Cryptographic Message Syntax (CMS) to Protect Firmware 11 Package”, https:/tools.ietf.org/html/rfc4108 12 RFC4193 “Unique Local IPv6 Unicast Addresses”, 13 http:/tools.ietf.org/html/rfc4193 14 RFC4291

44、“IP Version 6 Addressing Architecture”, 15 http:/tools.ietf.org/search/rfc4291 16 RFC4443 “Internet Control Message Protocol (ICMPv6) for the Internet Protocol 17 Version 6 (IPv6) Specification”, http:/tools.ietf.org/html/rfc4443 18 RFC4492 “Elliptic Curve Cryptography (ECC) Cipher Suites for Transp

45、ort Layer 19 Security (TLS)”, http:/tools.ietf.org/html/rfc4492 20 RFC4861 “Neighbor Discovery for IP version 6 (IPv6)”, 21 http:/tools.ietf.org/html/rfc4861 22 RFC4862 “IPv6 Stateless Address Autoconfiguration”, 23 http:/tools.ietf.org/html/rfc4862 24 RFC5216 “The EAP-TLS Authentication Protocol”,

46、25 http:/tools.ietf.org/html/rfc5216. 26 RFC5280 “Internet X.509 Public Key Infrastructure Certificate and Certificate 27 Revocation List (CRL) Profile”, https:/www.ietf.org/rfc/rfc5280.txt 28 RFC5480 “Elliptic Curve Cryptography Subject Public Key Information”, 29 https:/tools.ietf.org/html/rfc5480

47、. 30 RFC5652 “Cryptographic Message Syntax (CMS)”, 31 https:/tools.ietf.org/html/rfc5652 32 RFC6550 “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks”, 33 http:/tools.ietf.org/html/rfc6550 34 RFC6554 “An IPv6 Routing Header for Source Routes with RPL”, 35 http:/tools.ietf.org/html/rfc6554

48、 36 RFC6655 “AES-CCM Cipher Suites for Transport Layer Security (TLS)”, 37 https:/tools.ietf.org/html/rfc6655 38 ANSI/TIA-PN4957-500 5 RFC6775 “Neighbor Discovery Optimization for IPv6 over Low-Power Wireless 1 Personal Area Networks (6LoWPANs)”, 2 http:/tools.ietf.org/search/rfc6775 3 RFC7251 “AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS”, 4 https:/tools.ietf.org/html/rfc7251 5 6 7 8 ANSI/TIA-PN4957-500 6 3 Definitions 1 3.1 Terminologies 2 3 Asynchrono