Rec. ITU-T G.9978 (11/2018) - Secure admission in a G.hn network
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Secure admission methods
     6.1 Media access control authorization-based secure admission procedure
          6.1.1 Use cases
               6.1.1.1 Use case 1 – A user converts a non-secure domain to a new secure domain
               6.1.1.2 Use case 2 – A user selects one or more nodes in a non-secure domain to establish a secure domain (including the domain master)
               6.1.1.3 Use case 3 – A user selects a part of the nodes in a non-secure domain to establish a secure domain (not including the domain master)
               6.1.1.4 Use case 4 – A user adds nodes to an existing secure domain by selecting the nodes from a list displayed on the screen
               6.1.1.5 Use case 5 – A user adds nodes by configuring information about the joining node(s) in the user interface node
               6.1.1.6 Use case 6 – A user removes one or more nodes from a domain
               6.1.1.7  Use case 7 – A user adds nodes by confirming the node information of the joining nodes at the user interface node
          6.1.2 Secure admission description
               6.1.2.1 Secure admission protocol for creating a secure domain
               6.1.2.2 Secure admission protocol for adding nodes to an existing secure domain
                    6.1.2.2.1 Adding nodes by user selection
                    6.1.2.2.2 Adding nodes by user configuration
                    6.1.2.2.3 Adding nodes by user confirmation
               6.1.2.3 Removing nodes from a domain through MAC authorization
               6.1.2.4 MAC authorization secure admission protocol messages
                    6.1.2.4.1 Format of ADM_UI_MACauthorization.req
                    6.1.2.4.2 Format of ADM_UI_MACauthorization.cnf
                    6.1.2.4.3 Format of ADM_SecureDomain.req
                    6.1.2.4.4 Format of ADM_SecureDomain.cnf
                    6.1.2.4.5 Format of ADM_UI_MACauthorization.ind
                    6.1.2.4.6 Format of ADM_UI_MACauthorization.rsp
                    6.1.2.4.7 Format of SC_UI_Authorization.req
                    6.1.2.4.8 Format of SC_UI_Authorization.cnf
                    6.1.2.4.9 Format of SC_UI_Authorization.ind
                    6.1.2.4.10 Format of ADM_SelfNotify.ind
                    6.1.2.4.11 Format of ADM_UINewNodeExist.ind
     6.2 Admission through generic pairing mechanism
          6.2.1 Use cases
               6.2.1.1 Use case 1-a – Convert a non-secure domain to a secure domain through generic pairing
                    6.2.1.1.1 Use case 1-b – Add a node in unconnected state to a secure domain
               6.2.1.2 Use case 2-a – Add a node from a non-secure domain to an existing secure domain
                    6.2.1.2.1 Use case 2-b – Add a node that is in an unconnected state to an existing secure domain
               6.2.1.3 Use case 3 – A node that was already paired is switched on again
               6.2.1.4 Use case 4 – Power up of a node with an unconnected domain name
               6.2.1.5 Use case 5 – In multi-node pairing mode, convert a non-secure domain into a secure domain
               6.2.1.6 Case 6 – Multi-node pairing mode: Add multiple nodes from a default domain or in an unconnected state
               6.2.1.7 Fault case 7-a – PUSH_P event on only one node of a non-secure domain
                    6.2.1.7.1 Fault case 7-b – PUSH_P event on only one node that is in an unconnected state
               6.2.1.8 Fault case 8 – PUSH_P event on only one node in a secure domain
               6.2.1.9 Fault case 9 – User tries to add two nodes within one pairing window
               6.2.1.10 Use case 10 – User triggers PUSH_R event on a node in a secure domain
               6.2.1.11 Use case 11 – Single node pairing by user confirmation
          6.2.2 Secure admission by generic pairing
               6.2.2.1 Single-node pairing procedure description
                    6.2.2.1.1 Alternating between domain master and endpoint states
                    6.2.2.1.2 Example in a state machine of a PUSH_P event in single-node pairing mode
                    6.2.2.1.3 Pairing registration protocol in the single-node pairing mode
                    6.2.2.1.4 Informing the domain master about a PUSH_P event
                         6.2.2.1.4.1 Message: ADM_NodeReportPUSH_P.ind
                         6.2.2.1.4.2 Message: ADM_NodeReportPUSH_P.rsp
                         6.2.2.1.4.3 Message: ADM_PairingWindow.ind
                    6.2.2.1.5 Pairing registration protocol in the single-node pairing mode by user confirmation
               6.2.2.2 Pairing registration in the multi-node pairing mode
                    6.2.2.2.1 Conversion of a non-secure domain to a secure domain in the multi-node pairing mode
                         6.2.2.2.1.1 Merging of secure domains with temporary DMs
     6.3 Secure admission through a passphrase-based procedure
          6.3.1 Use cases
               6.3.1.1 Use case 1 – A user creates a secure domain with two nodes
               6.3.1.2 Use case 2 – Join a node to an existing secure domain
          6.3.2 Secure admission description
               6.3.2.1 Generation of the password from the user-introduced passphrase
               6.3.2.2 Generation of the domain-wide key from the password
     6.4 Admission through the auto-pairing mechanism
          6.4.1 Use cases
               6.4.1.1 Use case 1 – A user creates a domain with multi-nodes
               6.4.1.2 Use case 2 – A user adds a node to an existing secure domain after the pairing window time has expired
               6.4.1.3 Use case 3 – Fault case – The user plugs only one node into the network
          6.4.2 Secure admission by pairing in an auto-pairing scenario
               6.4.2.1 Pairing registration in an auto-pairing scenario
               6.4.2.2 Conversion of a non-secure domain to a secure domain in an auto-pairing scenario
7 Secure admission methods selection
     7.1 Information on secure supported admission methods
     7.2 Interoperability between secure admission methods
8 Management message OPCODEs
Bibliography