Title:                               SV8 - Unnecessary Random Challenge field

PDR Reference:                       M2080001

Originator Reference:

SARPs Document Reference:            Sub-Volume VIII 8.6.3.11.3 & 8.6.3.5.3

CAMAL Document Reference:            Draft Part V Chapter 4, 4.7.3.4

P/OICS Document Reference            -

Status:                              ACCEPTED

Impact:                              A

PDR Revision Date:                   02 Oct 2002 (updated)
				     23 Sep 2002 (Accepted)
PDR Submission Date:                 09 Aug 2002 (Submitted)

Submitting State/Organization:       CIVAL Consulting Ltd

Submitting Author Name:              A J Kerr

Submitting Author E-mail Address:    tony.kerr@cival.co.uk

Submitting Author Supplemental Contact Information: Tel: +44 (0)1252 724386

SARPs Date:                          Doc 9705 Ed 3 (Jul 02)

P/OICS Date:                                                 -

SARPs Language:                      English

Summary of Defect:

In SSO-AMACP, a random challenge value is inserted in the ATNAppendix
validity field whenever a Session Key is derived.  It should only be
included in the response to the initial signed message during the
atnEstablish security exchange. (Previous drafts of SV8 included a check on
the Counter to accomplish this).

The effect is to send a spurious 32-bit value over the air-ground datalink
whenever an application requests a Secured Dialogue.

The SV8 GM, in 4.7.3.4, states that the random challenge is generated by
the Destination Peer, which may be an application entity other than CM.


Assigned SME:                              Sub-Volume VIII SME

Proposed SARPs amendment:

In 8.6.3.11.3, bullets c) & d),
REPLACE
c) set ATNAppendix.validity.random to the Random Challenge for the Source
Peer and Destination Peer when the Session Key is not available at
invocation of SSO-AMACP.
d) omit ATNAppendix.validity.random when the Session Key is available at
invocation of SSO-AMACP.

WITH
c) set ATNAppendix.validity.random to the Random Challenge value for the
Source Peer and Destination Peer end systems when the Shared Key Derivation
Parameter is not available at invocation of SSO-AMACP.
d) omit ATNAppendix.validity.random when the Shared Key Derivation
Parameter is available at invocation of SSO-AMACP.

In the SV8 Guidance Material, in 4.7.3.4, clarify that the Random Challenge
is only generated in response to the initial signed message, as part of the
Session Key derivation sequence, and that the Random Challenge value is
shared by all applications within the scope of the existing security
relationship between these two end systems.

Comment from SV8 SME (5 Sep 2002):

The problem identified for items c and d above does exist.  However, it also
applies to items e, f, g, and h in 8.6.3.11.1 as well.  The references to
"Session Key" in 8.6.3.11.1 items a and b are correct.  In addition, Section
8.6.3.5.3 item b contains an unnecessary check for the existence of the
Random Challenge.  The following material lists the required SARPs and guidance changes.

Proposed SARPs amendments:

1/ 8.6.3.11.1.e: Replace "Session Key" with "Shared Key Derivation Parameter".
2/ 8.6.3.11.1.f: Replace "Session Key" with "Shared Key Derivation Parameter".
3/ 8.6.3.11.1.g: Replace "Session Key" with "Shared Key Derivation Parameter".
4/ 8.6.3.11.1.h: Replace "Session Key" with "Shared Key Derivation Parameter".
5/ 8.6.3.11.3.c: Replace "Session Key" with "Shared Key Derivation Parameter".
6/ 8.6.3.11.3.d: Replace "Session Key" with "Shared Key Derivation Parameter".
7/ 8.6.3.5.3.b: Remove item b and relabel items c through f as b through e.
8/ 8.6.3.5.3.b: Reword the new item b (old item c) as follows:
"b) generate the Random Challenge for the Local Peer and Remote Peer."

Proposed guidance amendments:

9/ 4.7.3.4: Replace the entire paragraph with the following.

"The Random Challenge is exchanged over a Secured Dialogue Supporting Key
Management only.  For ATS applications, this means that the Random Challenge
is exchanged either during a CM-logon or CM-update.  When the first exchange
between the CM-air-user and CM-ground-user is a CM-logon, the CM-ground-user
generates the Random Challenge.  When the first exchange between the two is
a CM-update, the CM-air-user generates the Random Challenge.  Note that the
Random Challenge is generated by the entity that verifies the
Secured-Association-Signature during the Session Key derivation sequence.

The Random Challenge is used in the generation of the Shared Key Derivation
Parameter on the Secured Dialogue Supporting Key Management.  In this use,
it ensures that session keys derived from an older Secured Dialogue
Supporting Key Management cannot be reused.  Section 4.6.10 contains more
detailed guidance on the generation of a random challenge."

Impact on interoperability:     Interoperability is not possible between 
implementations that incorporate this PDR and those that do not, as the 
modification to MAC'ed data (in SSO-AMACP) would cause the MAC-check to fail 
if such implementations attempted to exchange data.

PDR Validation Status:

SME Recommendation to CCB: Hold pending resolution of ongoing discussions 
concerning extensibility of signed data.

CCB Decision: