Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:

Similar presentations


Presentation on theme: "Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:"— Presentation transcript:

1 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: Authors:

2 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 2 Baseline STA Assumption IEEE defines one MAC/PHY for a STA with a MAC address. –Each STA has its own MAC address. A product can include multiple STAs in it. –When a product includes multiple STAs, the interaction among multiple STAs are not defined by the standard. Note: in this presentation, STA, radio, interface have one-to-one relationship in a multiple-radio MP.

3 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 3 STA in s Draft Mesh security defines the mechanism to optimize the key negotiation when an MP has multiple STAs. –Each STA has its own MAC address to identify it. –An MP with multiple STAs selects one MAC address as its identifier. Mesh routing/forwarding does not say anything about how to select routes and forward frames in a MP with multiple STAs.

4 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 4 Current Multiple Radio MP Support The baseline standard does not preclude a product with multiple STAs: –dot11StationConfigTable includes multiple dot11StationConfigEntry, –each dot11StationConfigEntry has its unique MAC address, EDCA parameter set… Mesh security optimizes the key acquiring procedure in a multiple radio mesh network. –This optimization means that multiple radios in an MP are active simultaneously. MP1 MP2 MP4 MP8 MP6 MP7 MP4,1 MP4,2 MP1,1 MP2,1 MP3 MP3,2 MP3,1 MP6,1 MP7,1 MP7,2 MP8,1 MP5 MP5,1 MPy,1 STA ID MPy MPy,2 Radio/STA/Interface STA ID The radio in the end point of the red and green links work in different channels.

5 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 5 Current Multiple Radio MP Support (Cont’d) The current s architecture does not harmonize security optimization with routing/forwarding. –Mesh security optimization is on top of each STA in an MP, –Both routing and forwarding belong to the MAC of each STA in an MP. There is no text about how to create, accept, process PREQ/PREP/PERR in a multiple radio MP. The forwarding information does not show which STA (interface) will be used. The frame forwarding procedure does not indicate how to forward a frame in a multiple radio MP.

6 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 6 MP5 tries to find a path to MP1, MP32 broadcast PREQ only in red channel. MP1 will never receive this PREQ. Security Optimization with Routing AS mesh key distributor mesh authenticator supplicant MP5 MP3 Peer Link Establishment EAP Authentication EAPoL via Mesh Data EAP via Mesh Action EAP over RADIUS Key Delivery via Mesh Action EAPoL via Mesh Data 4-way Handshake Key Holder setup handshake via Mesh Action Management EAP Authentication MA enables supplicant to perform EAP authentication. MA advertises services enabling supplicant to join. MA obtains a derived key to enable handshake with supplicant. MA derives PTK to secure link with supplicant. MP1 MP5 can not send this frame since it can not find a path to MP1. The security optimization can not be implemented without multiple- radio routing/forwarding support. MP1 MP2 MP4 MP8 MP6 MP7 MP4,1 MP4,2 MP1,1 MP2,1 MP3 MP3,2 MP3,1 MP6,1 MP7,1 MP7,2 MP8,1 MP5 MP5,1 MP3 and MP4 do not support inter-radio path selection. But they support security optimization.

7 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 7 MP Architecture With Multiple Radio Support MP routing, forwarding, key management, link management are on top of all STAs with mesh functionality. MAC_SAP Routing, Forwarding, Key Management, Link Management… MLME PLME MLME_SAP PLME_SAP MAC PHY SME PHY_SAP The source MP sends out framesThe destination MP receives frames An intermediate MP forwards frames

8 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 8 Multiple Radio HWMP Introduction A simple multi-radio HWMP protocol should be defined. –The shortest path selection algorithm is still used. –The factor if the hops of a path work in different channels has no influence to the path selection. Only the link metric is considered when selecting a path. Each multiple-radio MP indicates an interface address (e.g. lowest MAC address of all interfaces) as its MP ID (MP main address). Each interface in an MP has its own sequence number. –Another option is that there is only one sequence number in a multiple radio MP. Each interface in an MP can be used as the source address or destination address. –MAC layer provides this flexibility. Up layer or MLME decides which address will be used.

9 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 9 Forwarding Information Definition in Multiple Radio MP The following information maintained by an intermediate MP allows it to perform its path selection and forwarding functions: –Destination MAC address, –Next hop MAC address, –Interface address for next hop, –Precursor MAC address, –Interface address for precursor hop, –Airtime metric, –Lifetime. When creating/updating forwarding or reverse path information, the interface (from which the PREQ/PREP is transmitted/received) information will also be updated besides the destination address, the next hop address, sequence number, lifetime.

10 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 10 Additional Data Frame Forwarding in Multiple Radio MP An MP with multiple radios compares all the MAC addresses with address 3 to see if it is the destination of the received frames. An MP with multiple radios selects the interface based on the routing information to queue frame for transmission.

11 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 11 Additional PREQ Processing in Multiple Radio MP A multiple radio MP broadcasts PREQ it creates or accepts using all its radios. When creating a PREQ for the frames from the MLME, the originator uses its main address to fill the originator address field. The destination address of PREQ is copied from the received management frame/MLME primitive. When creating a PREQ for the data frames, the originator uses the source MAC address of the data frame/primitive to fill the originator address field. The destination address of PREQ is copied from data frame’s destination address. When deciding if the PREQ is accepted, all the MAC addresses of the receiving MP are compared with the destination address of the PREQ. When initiating a PREP on behalf of another MP, an intermediate MP updates its forwarding information by placing the last hop MP (from which it received the PREQ) into the precursor list for the forward path entry for the destination and the interface (by which it receives the PREQ) into the precursor interface. In addition, this intermediate MP also updates its forwarding information for the MP originating the PREQ by placing the next hop and the interface toward the destination in the precursor list for the reverse path entry.

12 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 12 Additional PREP Processing in Multiple Radio MP When deciding if it is the destination of a PREQ, an MP with multiple radios compares all its MAC addresses with the destination address of the PREQ. If each interface has its own sequence number, the sequence number related to the destination MAC address is increased according to target sequence number updating rules before transmitting a PREP. Otherwise the sequence number related to the destination MP is increased according to target sequence number updating rules before transmitting a PREP. The destination address will be copied from the received PREQ when the destination MP create a PREP. If the MP propagates the PREP, the precursor list for the Destination Address is updated by adding the next hop MP to which the PREP is propagated. The precursor interface for the destination address is updated by adding the interface by which the PREP is propagated. In addition, at the MP the precursor list for the originator address is updated by adding the next hop MP towards the Destination Address. The interface for the originator address is updated by adding the interface that the PREP is received.

13 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 13 additional PERR/RANN Processing in Multiple Radio MP A multiple radio MP selects broadcast radios based on the precursor interface of the forwarding information if PERR broadcast is used. –Broadcast PERR in all interfaces may not be necessary. A multiple radio MP broadcasts RANNs it creates or accepts using all its radios. When an originator with multiple radios creates a RANN, the originator uses its main MAC address to fill the originator address field. A multiple radio MP registers all its MAC addresses with a root.

14 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 14 Conclusion Harmonizing security optimization with HWMP routing protocol. Harmonizing security optimization and the updated HWMP with architecture. Minor change to HWMP: –Using the current airtime metric definition. –The path metric is just the sum of link metrics without considering the channel difference used by each link.

15 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 15 Backup Slides

16 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 16 Mesh Security Optimization The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. –Authentication credential is issued one MP device. –One PMK-MKD and one MKDK for an MP, shared by all the radios. Different radio in the same MP should use different PTK. –Distribute keys for radios of the device through one time initial authentication procedure. There should be one MPTK-KD between an MA and MKD. –The communication between MKD and MP is not tied to a peer link with MAC addresses.

17 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 17 Mesh Security Optimization (Cont’d) Clarify two identifiers –MP-ID: the identifier of the MP. It could be one of the MAC addresses of the MP if it has more than one PHY, and it could not be changed once it determined. –MPA: the MAC address of the communicating radio module of the MP. –Three roles when MP doing authentication and key hierarchy, and different ID names to identify the roles which actually is ‘MP-ID’. Amend the current security solution defined in D2.0 –Bind PMK-MKD,MKDK and PMK-MA to SP-ID instead of SPA MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS- ID, MKDD-ID, SPA SP-ID) –Only one MPTK-KD between an MA and MKD The key is to protect the communication between the two node entities, not the link level –PTKs should bind with peer link MAC addresses Rename the ‘MA-ID’ into ‘MAA’ (Mesh Authenticator Address), because the MAA has the same definition of ‘MA-ID’ in s D2.0 MP-IDMPA SupplicantSP-IDSPA AuthenticatorMA-IDMAA MKDMKD-IDN\A

18 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 18 IP Routing and Forwarding There is one routing/forwarding which are on top of all interfaces. IP Forwarding LLC/MAC PHY TCP/UDP Routing

19 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 19 Bridging There is one routing/forwarding for all interfaces. Higher Layer Entities MAC PHY (Spanning Tree Protocol Entity, Bridge Management etc.) LLC MAC Relay Entity

20 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 20 Path Selection without Multiple Radio Support MP4 does not support inter-Radio forwarding. MP3 and MP7 support inter-radio forwarding. The path between MP4,1 and MP7,2 is shown in blue arrows. –This is a live path loop and non-optimized path! MP1 MP2 MP4 MP5 MP6 MP7 MP4,1 MP4,2 MP1,1 MP2,1 MP3 MP3,2 MP3,1 MP6,1 MP7,1 MP7,2 MP5,1 1 MP5 MP5, MPx MPx,1 MPy MPy,1 m STA ID Link metric STA ID The radio in the end point of the red and green links work in different channels.

21 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 21 Path Selection without Multiple Radio Support MP3, MP4 and MP7 do not support inter-Radio forwarding. The path between MP1 and MP5 can not be found. –It is strange that two MPs are in one mesh network, but can not communicate with each other. MP1 MP2 MP4 MP5 MP6 MP7 MP4,1 MP4,2 MP1,1 MP2,1 MP3 MP3,2 MP3,1 MP6,1 MP7,1 MP7,2 MP5,1 1 MP5 MP5, MPx MPx,1 MPy MPy,1 m STA ID Link metric STA ID

22 doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 22 References [1] Changdong Fan etc /317r6, “Authentication and key management of MP with multiple radios”.


Download ppt "Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:"

Similar presentations


Ads by Google