Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-00/684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.

Similar presentations


Presentation on theme: "Doc.: IEEE 802.11-00/684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks."— Presentation transcript:

1 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks

2 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 2 Extended Keymap ID Current Encryption key Technology –Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS per STA –Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS for multicast/broadcast

3 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 3 What if? We added a mechanism whereby we could use more than 4 keys per STA for Broadcast traffic. –A STA can receive secure multicast traffic based on application while still able to respond to multicast IP traffic like arp.

4 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 4 Why Premium Subscriptions in the WISP, or carrier area –Pay Per view –Subscription broadcast data service An Administrator can determine if errors are caused by configured events or unconfigured events. A heterogenous environment can support multiple group keys for a more graceful transition to stronger encryption.

5 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 5 How Add a field to the EAPOL Key Descriptor that indicates the key value in the encryption header of the MPDU format. – EAPOL Key messages have an 8 byte field that is reserved to zero. –802.1x already has a Key ID f field that is used for multiple group keys. Proposal is to make two of those bytes the Key ID fields

6 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 6 How Assign some reserved bits in the encryption header to map a Key Id to a particular encryption key –There are 5 bits available between the key ID and TSC/IV fields of CCMP 5 bits for TKIP

7 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 7 How Add Key Id field to MPDU format. –There are enough bits in the reserved field with 48 bit counter format –Noted Differences between CCMP and TKIP TKIP supports a 5 bit field CCMP supports a 12 bit field

8 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 8 TKIP MPDU Format KID EX = Key ID Extension

9 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 9 CCMP MPDU Format

10 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 10 How Add SNMP MIB: –dot11numKeymapID Number of different key map IV a STA needs to keep track of. –dot11recievedFramesNoKeymap Indicates how many frames a STA has received for which it did not have the keymap ID. –A normal situation. Add appropriate logic to Pseudo code after the key has been looked up if that entry contains a key that is null discard the frame body and increment dot11WEPUndecryptableCount else if there is no key entry for keymap field in MPDU Increment dot11recievedFramesNoKeymap else attempt to decrypt with that key, incrementing dot11WEPICVErrorCount if the ICV check fails

11 doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 11 Conclusion Key IDs can be exended for both broadcast and unicast traffic with little change to the current SSN/TGI implementations


Download ppt "Doc.: IEEE 802.11-00/684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks."

Similar presentations


Ads by Google