Presentation is loading. Please wait.
Published byEmma Simmons Modified over 9 years ago
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation makes the case for formation of a Study Group on Enhanced Security for 802.11.
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 3 802.11 Security is Not Complete Enterprise security is there but we have failed to provide technology to secure other use cases. –Attacks against known flaws generate bad press for 802.11 Its either simple to deploy or secure, but not both. Updates to 802.11 security are needed –Faster and more efficient algorithms –Enhancements to prevent known and published attacks– allow for passwords to be used securely. –Improvements to support more usable, robust and secure 802.11 networks. There is a market for deployments that are problematic today –No 802.1x, no centralized AAA server –Easy to configure, easy to deploy, robust but is still secure –Secure password-based authentication
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 4 What is the Problem? New ciphers have been designed that are better than CCM, the one used in 802.11 today. –GCM: provides higher throughput and less power consumption than CCM –SIV: provides misuse-resistance and is more generally useful than CCM. Strong security is only possible when using 802.1x but that is not appropriate for all use cases and is complex to deploy. –Passwords are easy to use but 802.11 does not define how to use them securely. –There is a market for peer-to-peer applications but 802.1x is a pure client/server protocol. –Other organizations want to address these shortcomings but their attempts are complicated, insecure, or both. There is at least one feature in 802.11 that needs security but no existing Task Group has the scope to take on that work. IEEE 802.11 does not have a way to add small featurettes such as these to the standard.
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 5 Whats the Solution? A Study Group to define a PAR and 5C for a new Task Group that will address these issues. –Define how GCM and SIV are used to protect an 802.11 frame. –Define how to use a secure password-authenticated key exchange from TGs more generally in 802.11, for ESS, IBSS, mesh, and any other peer-to-peer application. –Develop a peer-to-peer variant of an existing certificate-based key exchange (e.g. DHKE-1) that is appropriate for ESS, IBSS, mesh, and any other peer-to-peer application. –Address the security of TGvs location service. Most of this has already been developed, it just needs to be defined for 802.11 –A constrained scope would ensure timely results.
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 6 Whats the Benefit and Why Should I Care? Network deployment can be simple yet secure if: –Passwords are used with a protocol implementing a zero-knowledge proof. This would be resistant to attack where RSN PSK is not. –Authentication is done using authentication frames! –Protocols are specified in a peer-to-peer fashion. –STAs can authenticate each other directly, no AAA needed! Less power consumption means longer battery life, and its green. 802.11 will be applicable for more use cases while still providing strong security. This improves the end-user experience and customer experience with 802.11 gear which can result in better and wider deployments of 802.11 which benefits us all!
doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 7 References NIST SP800-38D P. Rogaway and T. Shrimpton, Deterministic Authenticated Encryption, A Provable Security Treatment of the Key-Wrap Problem, Advances in Cryptology– EUROCRYPT 06, St. Petersburg, Russia, 2006. RFC 5297 D. Harkins, Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks, Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, Cap Esterel, France, 2008. V. Shoup, On Formal Models for Secure Key Exchange. ACM Computer and Communications Security Conference, 1999.
© 2023 SlidePlayer.com Inc.
All rights reserved.