IEEE 1901b-2021 pdf download

IEEE 1901b-2021 pdf download.IEEE Standard for Broadband over Power Line Networks: Medium Access Control and Physical Layer Specifications Amendment 2: Enhancements for Authentication and Authorization
7 Security
7.10 Shared key DSNA
7.10.1 Common shared key DSNA elements
7.10.1.2 Encryption keys, pass phrases, nonces, and their uses
7.10.1.2.4 Temporary encryption key (TEK)
Change 7.10.1.2.4 as follows:
The Temporary Encryption Key (TEK) is an AES key that is used to encrypt messages used for key distribution on a temporary private channel between two STAs. It may be distributed using the receiver’s DAK, or generated by the Unicast Key Exchange (UKE) protocol (in 1901 in-home Shared Key DSNA only), or it may be generated using the procedure defined in Annex ZA. It can be used over unauthenticated channels (i.e., it may be distributed without proof of freshness using the DAK, or it may be generated using UKE, or it may be generated using the procedure defined in Annex ZA). It shall not be distributed to more than one STA, and both sender and receiver shall discard it after no more than Max_TEK_Lifetime. If the TEK was exchanged using UKE, it may be used only until a protocol frame with PMN = 0xFF is sent or until the protocol aborts (by either STA). Once a frame with PMN = 0xFF has been sent, the TEK established at the beginning of that rotocol run shall no longer be used. Support for at least one TEK is mandatory. Refer to 7.10.1.5.2 for  eneration of random AES keys.
7.10.1.6 Encrypted payload message
Change the dashed list introductory sentence of 7.10.1.6 as follows:
Within 1901 Shared Key DSNA, these are used for ten eleven distinct purposes:
Insert the following at the end of the dashed list of 7.10.1.6:
Distribution of the NMK using the TEK generated from the procedure defined in Annex ZA (PID = 0x0A—refer to 10.4.2.1.5).
7.10.3 Access shared by key DSNA
7.10.3.1 Methods for authorization (NMK provisioning)
Insert the following clause after 7.10.3.1.2:
7.10.3.1.3 Distribution of NMK using TEK
The distribution of NMK for STAs in the core cell using TEK is described in 10.4.2.1.5.
7.11 Shared key PSNA
7.11.2 Encryption keys and nonce
7.11.2.2 Pairwise key (PWK)
Change the second paragraph of 7.11.2.2 as follows:
The PWK is generated from the Pairwise Password (PPW) entered by a STAs user via the HLE (refer to
7.11.2.3). The PWK may also be generated by a key exchange protocol or by using IEEE 802.1X authentication (refer to Annex ZA).
7.11.3 Methods for sharing PWK
Change 7.11.3 as follows:
In order to be authenticated to a given BSS, a new STA must obtain the PWK. There are two methods by which station may obtain the PWK. They are:
Upper layer connections that are out of the scope this standard, which may include the IEEE 802.1X protocol (refer to Annex ZA)
Derived from the same Pairwise Password (PPW) entered on both the BM and the STA
10 MLME
10.4 Forming and joining an FFT access network
10.4.2 FFT forming or joining a BSS
10.4.2.1 Forming or joining access core cell
Change 10.4.2.1.2 heading text as follows:
10.4.2.1.2 Authorization using an authorization server and DAK
Change the first paragraph and ordered list of 10.4.2.1.2 as follows:
Once the STA is associated with the network using 10.4.2.1.1and has received a TEI and NID, the station can be authorized by the HE using the DAK as a shared secret between the STA and the AS. The process of issuing a NMK (Network Membership Key) to the STA is called authorization. In the following, the authorization server is described as though it were separate from the HE, which it may be. The AS may also be located at the HE as part of its HLE. The structure of the AS and how it communicates with the HE are beyond the scope of this standard. Any descriptions of HE-to-authorization-server interaction in what follows shall be considered informative; only the interactions within access are normative. IEEE 1901b pdf download.IEEE 1901b-2021 pdf download