Issue link: https://read.uberflip.com/i/1464684
LoRaWAN ® Remote Multicast Setup Specification TS005-2.0.0 ©2022 LoRa Alliance ® Page 11 of 21 The authors reserve the right to change specifications without notice. 330 The McAppSKey and the McNwkSKey are then derived from the group's McKey as 331 follows: 332 McAppSKey = aes128_encrypt(McKey, 0x01 | McAddr | pad 16 ) 333 McNwkSKey = aes128_encrypt(McKey, 0x02 | McAddr | pad 16 ) 334 The multicast key derivation scheme is summarized in Figure 1: 335 AESencrypt McAppSKey (index) 0x01 MulticastAddr McNwkSkey (index) 0x02 McKey_encrypted (index) McKEKey McKey (index) SE interface 336 Figure 1: Multicast key derivation scheme 337 Note: Using a Key Encryption Key to transport the multicast group 338 McKey allows for a completely secure multicast scheme when using a 339 hardware secure element, assuming the Secure Element (SE) does 340 not export the McKey, McAppSKey, and McNwkSKey to the outside. 341 It does not increase the security if a full software implementation is 342 used in the end-device. However, for compatibility reasons, it is 343 recommended to systematically use this scheme. 344 345 McAddr is the multicast group network address. McAddr is negotiated by the Application 346 Server with the Network Server. However, this mechanism is out of the scope of this 347 specification. McAddr consists of 32 bits and SHALL follow the same format as LoRaWAN 348 end-device address (DevAddr); specifically, the McAddr SHALL be inside the address 349 space allocated to the Network Server. 350 351 The minMcFCnt field is the next frame counter value of the multicast downlink to be sent 352 by the server for this group. This information is required in case an end-device is added to a 353 group that already exists. The end-device SHALL reject any downlink multicast frame using 354 this group multicast address if the frame counter is less than minMcFCnt. 355 356 maxMcFCnt specifies the lifetime of this multicast group expressed as a maximum value of 357 the frame counter (McFCnt). The end-device will only accept a multicast downlink frame if 358 the 32-bit frame counter value is minMcFCnt ≤ McFCnt ≤ maxMcFCnt. 359