Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.

Similar presentations


Presentation on theme: "Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from."— Presentation transcript:

1 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from the RSN Information Element Paul A. Lambert

2 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 2 Privacy Field Current Usage Current specification requires the “Privacy Field” in the IE to always be set when there is an RSN IE: Capability Information field STAs (including APs) that include the RSN IE in beacons and probe responses shall set the Privacy subfield to 1 in any frame that includes it A STA sets the Privacy bit set in the same way as WEP.

3 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 3 Background “Privacy Field/Bit” is the legacy WEP encryption negotiation RSN IE is the new cipher suite negotiation Setting Privacy Field on with RSN forces all legacy (WEP) devices to only use WEP if they are not RSN capable

4 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 4 What’s Wrong with Always Setting the Privacy Field A client STA may not always have a key! Hotspot example: –“New users’ will never have existing keys or credentials and must join with no authentication or encryption –It would be desirable to encrypt the traffic of users (over the same AP) that have credentials. –Since the Privacy bit must be set for RSN, there can be no RSN security and all users must have no encryption.

5 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 5 Privacy Field Recommendations Make WEP/legacy negotiation be independent from RSN IE negotiation Allow mixed mode traffic (encrypted an non-encrypted) Mixed mode (encrypted/unencrypted) need not be insecure since traffic can be segregated at the AP (e.g. VLAN tags)

6 doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 6 Motion Replace the first paragraph in section " Capability Information field” with: "STAs (including APs) that include the RSN IE in beacons and probe responses may set the Privacy Subfield to 0 or 1 independent of the RSN IE. STAs that are only IEEE compatible will not recognize the RSN IE and will continue to use the Privacy Subfield to determine if the WEP algorithm must be used."


Download ppt "Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from."

Similar presentations


Ads by Google