IEEE 802.15.4y-2021 pdf download

IEEE 802.15.4y-2021 pdf download.IEEE Standard for Low‐Rate Wireless Networks Amendment 3:  Advanced Encryption Standard (AES)-256 Encryption and Security Extensions
9. Security
9.2 Functional description
9.2.2 Outgoing frame security procedure
Change the third paragraph of 9.2.2 item f) as indicated:
f) Secure the frame. For the frames specified in Table 9-1, the Private Payload field and Open Payload field shall be set as indicated in the table. For frames not specified in Table 9-1, the Private Payload shall be set to the MAC Payload field, and Open Payload field shall be empty. If the algorithm specified by secAeadAlgorithm is not supported, then the procedure shall return with a Status of UNSUPPORTED_ALGORITHM. If the size of secKey does not match the key length requirements of the algorithm specified by secAeadAlgorithm, then the procedure shall return with a Status of KEY_LENGTH_MISMATCH. The procedure shall then use the Private Payload field, the Open Payload field, the macExtendedAddress, the Frame Counter field (if TSCH is not being used), the ASN (if TSCH is being used), the SecurityLevel parameter, and the secKey and secAeadAlgorithm elements of the KeyDescriptor to produce the secured frame according to the transformation process defined in 9.3.45.
9.2.4 Incoming frame security procedure, Security Enabled field is set to one
Change the fourth paragraph of 9.2.4 item i) as indicated:
i) Unsecure frame. For frames specified in Table 9-1, the Private Payload field and Open Payload field shall be set as indicated in the table. Otherwise, the Private Payload field shall be set to the MAC payload field and the Open Payload field shall be empty. If the algorithm specified by secAeadAlgorithm is not supported, then the procedure shall return with a Status of UNSUPPORTED_ALGORITHM. If the size of secKey does not match the key length requirements of the algorithm specified by secAeadAlgorithm, then the procedure shall return with a Status of KEY_LENGTH_MISMATCH. The procedure shall then use the Private Payload field, the Open Payload field, secExtAddress of the DeviceDescriptor, the Frame Counter field of the frame to be unsecured (if TSCH is not being used), the ASN (if TSCH is being used), SecurityLevel, and the secKey and secAeadAlgorithm elements of the KeyDescriptor to produce the unsecured frame, according to the inverse transformation process described in the security operations, as described in 9.3.65. If the inverse transformation process fails, the procedure shall return with a Status of SECURITY_ERROR.
9.2.8 Incoming IE security level checking procedure
In the third paragraph of 9.2.8, delete item 1) of step c) and renumber the subsequent steps as necessary.
In the third paragraph, change item 2) and item 3) of step c) as follows:
Tthe procedure shall check whether the tuple formed by secAeadAlgorithm from the secKeyDescriptor and SecurityLevel from the incoming frame is equal to any of the elements of the secIeAllowedSecurityLevels of the secIeSecurityLevelDescriptor. If this check is successful, the procedure shall set the IeStatus in the IeStatusList for this IE to PASSED.
32) If the SecurityLevel is equal to 0x00 and secIecDeviceOverrideSecurityMinimumLevels of the secIeSecurityLevelDescriptor is set to TRUE, and the secExempt of the DeviceDescriptor is set to TRUE, the procedure shall set the IeStatus in the IeStatusList for this IE to PASSED.
9.2.10 Incoming security level checking procedure
In the second paragraph of 9.2.10, delete step a) and renumber the subsequent steps as necessary.
In the second paragraph of 9.2.10, change step b) and c) as follows:
ba) If secAllowedSecurityLevels in SecurityLevelDescriptor is not empty, the procedure shall check whether the tuple formed by secAeadAlgorithm from the secKeyDescriptor and SecurityLevel from the incoming frame is equal to any of the elements of the secAllowedSecurityLevels of the SecurityLevelDescriptor. If this check is successful, the procedure shall return with Status set to PASSED.
cb) If SecurityLevel is equal to 0x00 and the secDeviceOverrideSecurityMinimumLevels element of the SecurityLevelDescriptor is set to TRUE, the procedure shall return with Status set to CONDITIONALLY_PASSED.IEEE 802.15.4y pdf download.IEEE 802.15.4y-2021 pdf download