Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,

Published byMavis Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,"— Presentation transcript:

1 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson, Atheros Al Potter, TruSecure Niels Ferguson, MacFergus Jesse Walker, Intel Thomas Hardjono, Verisign Doug Whiting, HiFn Russ Housley, RSA Labs

2 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 2 Agenda Motivation Objectives Overview Details Issues and Status

3 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 3 Motivation (1) Reduce complexity –Enable security analysis –Eliminate redundant cases –Common approach for BSS, IBSS, initial contact, roaming Modular architecture –Separate security from connectivity Address gaps in current architecture –How to bind authorization onto the PSK –How to bind to the “right” man-in-the-middle designed into 802.1-based networks Enable proper problem partitioning –Networking problems decompose differently than security –Composition of secure components does not necessarily result in secure systems

4 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 4 Motivation (2): Architectural Gap Credential Alice STA A MAC A No Credential AP B MAC B Credential Louie EAP Server No Address 802.1X: exchange Credential Alice. Credential Louie and distribute key K TKIP, AES: MAC A and MAC B identify key K Problem: Authenticating Louie doesn’t tell Alice MAC B identifies K, and authenticating Alice doesn’t tell AP B that MAC A identifies K

5 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 5 Motivation (3) For the key distribution to be meaningful –key identifiers used by 802.11 (MAC addresses) must be bound to 802.1X credentials (allowed to be more general than MAC addresses) –STA and AP need some way to verify that its peer MAC satisfies the binding EAP server intends Cryptographic community doesn’t know how to accomplish these goals except by having EAP Server Louie tell both STA A and AP B the binding Key distribution more than key transport; binding proper level ids to key is the critical function of key distribution

6 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 6 Objectives Base on 802.1X architecture –Coexistence, not cooption –Evolution, not revolution Utilize the same key-passing procedure for initial contact, roaming, and for IBSS Utilize proven security procedures Eliminate AP-AP transactions ! Define a complete architecture –Advertisements, Registration, Unicast key distribution, Multicast key distribution, Revocation

7 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 7 Details Who is Louie? Functions in Louie’s realm: –Unicast key distribution –Registration –Discovery –Key revocation –Multicast key distribution Not every network implements all functions, but all are needed by some network

8 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 8 Who is Louie? To make security possible, every network must have a “crypto king” –Crypto king a logical function for enforcing the security policy of the network In an ESS, the “crypto king” = 802.1X Authentication Server In an IBSS, the “crypto king” is the station “setting up the conference call”

9 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 9 Unicast key distribution Note: Needham-Schroeder  Kerberos

10 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 10 Registration with a Shared Secret

11 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 11 Registration with a Public/Private key pair

12 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 12 Initial Discovery

13 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 13 Key Revocation

14 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 14 Multicast/Broadcast Comments Multicast/Broadcast encapsulation is a different animal than unicast –Infeasible to prevent forgeries by group members  it is inappropriate to protect multicast/broadcast messages that are not idempotent Updating key not sufficient; must also update IV and key id –If someone joins group, must update IV space as well as key Revocation only needed when someone leaves the group –Revocation can be accomplished by distributing a new key for the group –Revocation should happen from central policy decision point

15 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 15 Broadcast/Multicast key generation

16 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 16 Distributing Bcast/Mcast keys

17 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 17 Activating Bcast/Mcast keys

18 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 18 Bcast/Mcast key distribution

19 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 19 Example 1: Ad hoc Members elect Louie Members arrange to register with Louie –Louie issues shared secret for enrollment Louie periodically transmits invitation Members register with Louie After registering, members execute unicast key distribution for each peer with whom they wish to communicate Louie issues updated broadcast key as needed

20 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 20 Example 2: Home or SoHo Owner deploys device hosting Louie Owner arranges to register devices with Louie –Louie issues shared secret for enrollment Louie periodically transmits invitation Members register with Louie After registering, members execute unicast key distribution for each peer with whom they wish to communicate Louie issues updated broadcast key as needed Owner uses revocation as needed

21 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 21 Example 3: Enterprise Enterprise IT deploys Louie = 802.1X server for a new security domain IT register new devices with Louie, including their MAC addresses Louie periodically transmits invitation Authorized (i.e., registered) devices execute unicast key distribution for each peer with whom they wish to communicate Louie issues updated broadcast key as needed Enterprise uses revocation as needed

22 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 22 Example 4: Hot Spot Hot Spot provider deploys Louie = 802.1X server for a new security domain Either –Hot spot provider register new customer devices with Louie, including their MAC addresses, or –New customers enroll themselves, using the Louie registration procedure as one step Louie periodically transmits invitation Authorized (i.e., registered) devices execute unicast key distribution for each peer with whom they wish to communicate Louie issues updated broadcast key as needed Hot spot provider uses revocation as needed

23 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 23 Issues We need buy-in from TGi participants The architecture affects –IEEE 802.11i –IEEE 802.1X –IETF AAA –IETF EAP Revocation, Bcast/Mcast incompatible with RADIUS; requires adoption of DIAMETER or COPS for back-end

24 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 24 Status IETF draft-walker-aaa-key-distribution-01.txt to appear shortly –Defines an EAP key distribution method to obsolete AAA NASREQ key distribution IETF draft-walker-eap-registration-00.txt to appear next month –Defines EAP enrollment protocol using pre-shared secret, another using RSA Multicast/broadcast, key revocation incompatibility with RADIUS being studied

25 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 25 Summary Uniform keying model for BSS, ESS, IBSS –Uniform model enables security analysis Works in enterprise, home, hot spot, SoHo, ad hoc Minimizes complexity by minimizing keying models Complete proposal for IBSS that is compatible with all other deployments discussed Fills gaps in TGi architecture Relies on well-studied cryptographic protocols Evolutionary outgrowth of TGi’s current direction

26 doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 26 Feedback?

Download ppt "Doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Extended Service Set (ESS) Mesh Network Daniela Maniezzo.

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
CAPWAP Architecture draft-mani-ietf-capwap-arch-00 Mahalingam Mani Avaya Bob O’Hara Airespace Lily Yang Intel.

CAPWAP Architecture draft-mani-ietf-capwap-arch-00 Mahalingam Mani Avaya Bob O’Hara Airespace Lily Yang Intel.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Doc.: IEEE 802.11-02/431r0 Submission July 2002 Carlos Rios, RiosTek LLC Slide 1 Pre-Shared Key RSN Extensions Enrollment, Authentication and Key Management.

Doc.: IEEE /431r0 Submission July 2002 Carlos Rios, RiosTek LLC Slide 1 Pre-Shared Key RSN Extensions Enrollment, Authentication and Key Management.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Doc.: IEEE 802.11-10/492r02 Submission Orange Labs Date: 2010-05-19 Collaboration between 2.4/5 and 60 GHz May 2010 Authors:

Doc.: IEEE /492r02 Submission Orange Labs Date: Collaboration between 2.4/5 and 60 GHz May 2010 Authors:
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Michal Rapco 05, 2005 Security issues in Wireless LANs.

Michal Rapco 05, 2005 Security issues in Wireless LANs.
Doc.: IEEE 802.11-11/1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: 2011-05-10 Authors: NameCompanyAddressPhoneemail.

Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Doc.: IEEE 802.11-00/137r2 Submission June 2000 Tim Godfrey, IntersilSlide 1 TGe Requirements Version r2 8 June 2000.

Doc.: IEEE /137r2 Submission June 2000 Tim Godfrey, IntersilSlide 1 TGe Requirements Version r2 8 June 2000.

Similar presentations

Ads by Google