Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE 802.11k Security: A Conceptual Model Bernard Aboba Microsoft.

Published byKristin Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE 802.11k Security: A Conceptual Model Bernard Aboba Microsoft."— Presentation transcript:

1 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE 802.11k Security: A Conceptual Model Bernard Aboba Microsoft

2 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 2 Overview Before proposing an appropriate security scheme for 802.11k, we need to articulate the threat model – what we are trying to protect against. The primary threats to RRM are bad measurements. –This is not a classic “denial of service” attack! We also need to understand the deployment implications –Can implemented ciphersuites be reused? –Can RRM support be retrofit in existing NIC drivers?

3 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 3 Basic Principles Radio Resource Measurement support is orthogonal to security. –RRM can be used with any level of security (even open auth) –RRM support should be easily retrofit on existing drivers IEEE 802.11k security needs to leverage implemented ciphersuites –Adding ciphersuites creates deployment barriers –Subtracting ciphersuites lowers security Many RRM security issues are not addressed by transmission security. –Measurements are only a “hint”. –Bad Measurements cannot be eliminated by security, only heuristics. IEEE 802.11k implementations need to validate measurements whether or not frames are protected –Just because a measurement is protected doesn’t mean it’s correct!

4 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 4 Data Frame Proposal Described in detail in 11-04-0722-Action- Ethertype.doc Allow encapsulation of Action frames as data frames Does not affect other management frames FieldsOctets SME-Information Ethertype1-2 SME-Information Version3 SME-Information Type4 SME-Information Length5-6 SME-Information Body7-N

5 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 5 Flow of Information Incoming –Incoming Action Ethertype data frame passed up by driver to the OS –OS passes information back down to the driver via an OID –Result: no special treatment for Action Ethertype in driver. Outgoing –Driver requests formation of an Action frame from the OS. –OS encapsulates Action frame in an Action Ethertype and sends it back down to the driver.

6 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 6 Data Frame Proposal Pros –Guaranteed to work on all existing hardware. No need for separate negotiation, configuration or policy –No changes to existing security mechanisms. RRM uses implemented ciphersuites. No modifications to 4-way handshake. –Compatible with WPA2 driver model. Driver passes up SMI-Information frames to OS as data OS reflects SMI-Information frames back down to the driver via OIDs Enables sending of RRM frames over the DS in future. Cons –Requires allocation of new Ethertype Experimental Ethertype used until actual Ethertype allocated

7 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 7 Challenges Addressing DoS attacks in 802.11k does not lessen the vulnerability of 802.11 systems as a whole –Many DoS threats unaddressed by IEEE 802.11i –Many IEEE 802.11k DoS attacks cannot be eliminated by cryptography, only heuristics

8 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 8 Measurements as “Hints” Bad measurements are likely –Can result from poor calibration, stale data, timing errors, etc. Robustness is the core requirement, not cryptography –STAs and APs need to be robust against misleading measurements –STAs and APs cannot trust IEEE 802.11k frames, even when security is in use. Conclusion: IEEE 802.11k implementations must not assume that frames transmitted securely are correct!

9 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 9 Bad Measurements Require Heuristics Cryptography cannot guarantee accurate measurements –Security services (authentication, integrity, confidentiality) only ensure that bad measurements are received as sent. –Threats from bad measurements exist, even after security services are implemented Replace “attacker STA” by “uncalibrated/poorly implemented but authenticated STA” and the same attacks are possible Heuristics needed –For rubustness, STAs MUST be able to recover from reception of incorrect data In a good implementation, service is not denied, only delayed Conclusion: security only reduces the quantity of 802.11k attacks, but does not affect their quality.

10 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 10 802.11k Useful At Any Security Level 802.11k useful at any security level –Customers want to use 802.11k with Open Auth, WEP, TKIP, CCMP, etc. –Vendors may retrofit 802.11k on legacy NICs or APs No room in NVRAM for additional ciphersuites No additional CPU cycles for security Conclusions –802.11k should utilize existing security mechanisms rather than creating new ones –802.11k security can’t be mandatory to use. –802.11k not the right group to tackle security for management/action frames Handling action/management frame security in a new PAR would allow 802.11k to complete sooner, focus on the security threats unique to measurement

11 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 11 Example: The Neighbor Report The Neighbor Report data is third hand - AP A providing the STA with information about AP B The information is inherently suspect –Neighbor report entry can become stale: AP B was a neighbor, but was removed for maintenance; how long before AP A removes it? –Neighbor report entry can be polluted: AP B was (incorrectly) submitted by STA in a Beacon Report, AP A didn’t validate the entry with another STA or with its “Authorized AP list” before including AP B in the Neighbor Report. –Neighbor report has limited “shelf life”: it’s only useful prior to scanning.

12 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 12 Neighbor Report Robustness A STA may choose to ignore part or all of the measurements provided –The STA might validate the neighbor report using other mechanisms (active or passive scan) –The STA might ignore part or all of the neighbor report A STA MUST be robust against misleading information. –Example: A STA should not “blacklist” APs based on the Neighbor Report “Bad” APs are just lower priority, not “off limits”. –When information in the Neighbor Report conflicts with other sources, the other sources (scan, 4-way handshake, etc.) are definitive. Once the STA scans, it behaves the same way it would if there were no Neighbor Reort. The Neighbor Report has a very short “shelf life”

13 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 13 Deployment Issues Separate RRM Security Negotiation –Requires confirmation in 4-way handshake or the security negotiation is insecure. –Driver needs to pass up RRM security negotiation results to operating system to enable confirmation New OIDs required; current WPA2 driver model does not support this! –End result: substantial delays until 802.11k can be supported –Cleaner to leverage 802.11i security negotiation Legacy driver support –Many of today’s NIC drivers unlikely to be modified to support RRM –Data frame encapsulation enables RRM support to be added in the OS Enables performance improvements for legacy drivers.

14 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 14 Motion Instruct the editor to incorporate text from 11-04-0722-00-000k-action-ethertype.doc into the TGk draft

15 doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 15 Feedback?

Download ppt "Doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE 802.11k Security: A Conceptual Model Bernard Aboba Microsoft."

Similar presentations

IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Doc.: IEEE 802.11-03/173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.

Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE 802.11-05/0499r1 Submission May 2006 Srinivas SreemanthulaSlide 1 TGu Proposal: Network Selection Notice: This document has been prepared to.

Doc.: IEEE /0499r1 Submission May 2006 Srinivas SreemanthulaSlide 1 TGu Proposal: Network Selection Notice: This document has been prepared to.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Doc.: IEEE 802.11-11-1250-00-00ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.

Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
November 2005 Floyd Simpson, MotorolaSlide 1 doc.: IEEE 802.11-05/1193r0 Submission LB78 D3.0 Active Scanning Comments (clause 11.1.3.2.1) Notice: This.

November 2005 Floyd Simpson, MotorolaSlide 1 doc.: IEEE /1193r0 Submission LB78 D3.0 Active Scanning Comments (clause ) Notice: This.
Doc.: IEEE 802.11-12/1054r0 Submission Sep. 2012 Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: 2012-09-07 Authors:

Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Submission doc.: IEEE 11-12/0281r0 March 2012 Jarkko Kneckt, NokiaSlide 1 Recommendations for association Date: 2012-03-05 Authors:

Submission doc.: IEEE 11-12/0281r0 March 2012 Jarkko Kneckt, NokiaSlide 1 Recommendations for association Date: Authors:
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id # 993923182.

Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Doc.: IEEE 802.11-12/0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: 2012-07-06 July 2012.

Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE 802.11-14/0407r3 Submission Proposed Resolution to Comments Pertaining to Section 9.33.11 in CC12 Date: 2014-3-20 KB PngSlide 1 March 2014.

Doc.: IEEE /0407r3 Submission Proposed Resolution to Comments Pertaining to Section in CC12 Date: KB PngSlide 1 March 2014.
Lecture 24 Wireless Network Security

Lecture 24 Wireless Network Security
Doc.: IEEE 802.11-05/1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.

Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-09/1128r1 Submission Nov 2009 Allan Thomson, Cisco SystemsSlide 1 BSS Transition with Bearing Date: 2009-11-17 Authors:

Doc.: IEEE /1128r1 Submission Nov 2009 Allan Thomson, Cisco SystemsSlide 1 BSS Transition with Bearing Date: Authors:
Doc.: IEEE 802.11-07/2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.

Doc.: IEEE /2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.
Doc.: IEEE 802.11-07/2215r1 Submission July 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal – Supported Radio Resource Measurement Bitmask IE.

Doc.: IEEE /2215r1 Submission July 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal – Supported Radio Resource Measurement Bitmask IE.

Similar presentations

Ads by Google