Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.

Published byJocelyn Gonzalez Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129."— Presentation transcript:

1 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129 Date: 2008-07-13 Authors:

2 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 2 Overview A number of new types of Deny of Service (DoS) associated with the 802.11n A-MPDU BA operations have been identified, commented and acknowledged since LB 115 for 802.11n. Resolutions for the relating comments in the recent LB 124 called for solutions less complicated and lower implementation cost than those in 802.11-08/0665r0, the jointly developed solutions. Following the thinking outlined in 802.11-08/0755r1, we present here a scaled-down version of 08/0665r0 which focuses on the DoS types with the most significant damages. Also see LB129 CID 8075, 8076.

3 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 3 Block Ack Security problems The following security problems exist: (802.11-08/0665r0) –The SN values of data packets are not protected – yet, SN values of data packets can be used to adjust the RX Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient. –A single forged SN value in a data packet can also cause the recipient to place the received frames in an incorrect order, which can cause problems both when the security layer examines the sequence of PN values in the MAC SN-ordered frames and when the frames are passed to the next layer for processing. –A single forged SN value in a data packet can cause RX scorecard information to be updated, and a subsequent transmission of a BA frame in response to a legitimate AMPDU can include this bogus scorecard information. –A captured and replayed packet cannot be detected except by replay detection in the security layer. If the RX buffer reordering is performed before this check, then the SN in that replayed packet can cause incorrect RX Buffer LE movement. –The BAR frame is not protected – yet the BAR frame SSN value is used to adjust the RX Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient. –The BA frame is not protected – yet the BA frame SSN value is used to adjust the originators TX scorecard LE value. Forged BA frames can cause false adjustments to the LE value that result in some data packets not being transmitted to the recipient, since they now have SN values below the new LE value. Data is lost. –Forged BA frames can suppress retransmission of frames that were not successfully received (even without moving LE at TX)

4 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 4 Prioritizing the A-MPDU DoS Attacks Sort the A-MPDU DoS Types on their ease of launching: (base prioritization from 802.11-08/0755r1) 4) False Block ACK Request (BAR) with advanced SN. easy to launch, can be addressed, e.g., by protecting the BAR by wrapping it in an encrypted management frame, an 11w mechanism. 1) Forged packets with advanced Sequence Numbers (SN) easy to launch, can be addressed, e.g., by reversing the order of BA reordering and decryption. 3) Captured and Replayed packets with advanced SN without modification. more difficult, less likely to be successful, can be addressed by, e.g., a replay check before BA reordering, 5) False BA to prevent retransmission. less likely be successful, not unique since regular ACK can cause similar DoS., but can be addressed by replay check before BA reordering 2) Captured and Replayed packets with modified SN. more difficult, can be addressed by encrypting the SN, ( drop this one ?) The following proposed solution will focus on the most significant and easy-to-launch ones: 4), 1) and 3).

5 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 5 A Scaled-down Solution A scaled-down solution addressing the most significant few of the problems is: –Include capability for A-MPDU protection for backward compatibility –Use a new protected form of the BAR frame to convey BAR information, and allow this protected BAR frame to cause RX Buffer LE movement while forbidding unprotected BAR frames from making RX Buffer LE changes –Allow alternative architectural ordering of Block Ack Reordering AFTER MPDU decryption, just before the Block Ack Reordering but preserve existing ordering option as well for legacy implementation –Include Block ACK Replay detection during Block Ack Reordering function

6 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 6 Secure Block Ack Rules Part 1 1 – unencrypted BAR is not used to shift recipient RX BUFFER LE –Encrypted BAR can shift recipient RX BUFFER LE STA with hybrid support for secure PN but no support for encrypted BAR can still use unencrypted BAR to shift recipient LE 2 – unsolicited unencrypted BA is not used to shift originator LE –SIFS-response unencrypted BA may be used to shift originator LE –Encrypted BA may be used to shift originator LE at any time 3 - recipient sends BA using partial state –BA of SSN is based on immediately preceding MPDU(s) –SIFS separation requires JAM for attacker to succeed –BA SSN mismatch to AMPDU SNs can be used to detect weak attack

7 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 7 Secure Block Ack Rules Part 2 4a - Recipients that are incapable of verifying SN values before crafting a BA (i.e. within SIFS) –employ ephemeral state operation I.e. WINSTART_R and scorecard information is deleted after BA transmission Incorrect RX scoreboard information that is due to rogue MPDU SN values will not survive This is less stateful than partial state operation –Shall not send an encrypted BA after SIFS Because encrypted information is based on potentially rogue SN info –WINSTART_R moves do not matter E.g. those generated by rogue BAR or rogue MPDU SN –WINSTART_B moves are based on protected SN values Implies reversal of reordering and decryption steps

8 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 8 Secure Block Ack Rules Part 3 4b - Recipients that are capable of verifying SN values before crafting a BA –WINSTART_R moves are based SN values –WINSTART_B moves are based SN values 5 – Only the new protected MGMT frame can be used to perform BAR-style RX BUFFER pointer moves 6 – use only AMPDU, even if wishing to send a single MPDU –i.e. do not use non-AMPDU for single frame transmission, since it will elicit ACK which can be jammed

9 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 9 Capability Negotiation: RSN Element changes PBAC – Protected BAR/BA Capable –Indicates capability to perform modified replay rules and decryption ordering –Indicates capability to perform encryption/decryption of BAR/BA Mgmt Action frames If both STA advertise PBAC=1, then PBAC SHALL be used –If at least one STA of a pair advertises PBAC=0, then PBA SHALL NOT be used –STA that supports PBAC must also indicate TGw (e.g. dot11RSNAProtectedManagementFramesEnabled) –SIFS-BA is allowed Pre-Auth PTKSA Replay Counter GTKSA Replay Counter Reserved No Pairwise PeerKey Enabled PBACReservedResv B0B1B2B3B4B5B6B8B9B10B11B12B13B15 Modified RSN Capabilities subfield of the RSN Element

10 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 10 Encrypted BAR frame New Action frame –Category = Block Ack –Action = BAR –Body = BAR Control, BAR Information (see TGn draft) Multi-TID version allowed Uncompressed? Encrypted according to TGw

11 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 11 Encrypted BA frame New Action frame –Category = Block Ack –Action = BA –Body = BAR Control, BAR Information (see TGn draft) Multi-TID version allowed Uncompressed? Optionally includes recipient RX Buffer LE value –To allow originator to synch its TX Buffer with RX Buffer Encrypted according to TGw

12 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 12 Specification change for order of operations Allow alternative ordering of Block Ack Reordering AFTER A new Block Ack Replay Detection function that includes a preceding MPDU decryption step, but preserve existing ordering option as well for legacy implementations. Add a BlockAck Replay Detection function here Move MPDU Decryption and Integrity Function to here

13 doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 13 Add Replay Detection within Block Ack Reordering block Add new parameter WinPN_B at recipient, per TID, WinPN_B and WinStart_B operations are as follows: –Initialize WinPN_B = SSN from ADDBA WinPN_B = next higher value of PN that has SN portion that matches ADDBA-SSN from current WinPN_B value –If RX DATA packet fails decryption Discard –If RX PN < WinPN_B Discard –If RX PN = WinPN_B + 1 WinPN_B = highest PN in RX Buffer in sequence starting with WinPN_B+1 –Note that false holes may exist in the sequence when the protected MORE FRAGS bit appears in MPDUs which have a FRAG bit value of less than 0xF –Next in sequence determination skips these holes Move WinStart_B to equal the SN portion of adjusted WinPN_B –Accept the packet –If RX PN > WinPN_B + WinSize_B * 16 WinPN_B = WinStart_B = PN – WinSize_B * 16 + 1 –Accept the packet –If WinPN_B + 1 < RX PN <= WinPN_B + WinSize_B * 16 No change to WinStart_B or WinPN_B –Accept the packet if there is not currently a packet with this PN stored in the RX BUFFER –Declare a replay if the packet if there already is a packet with this PN stored in the RX BUFFER and discard the packet –If secure BAR passes decryption WinStart_B = WinPN_B = SSN from secure BAR –Note that WinSize_B is expressed in terms of MSDUs, but PN values track fragments, hence the factor of 16

Download ppt "Doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129."

Similar presentations

Doc.: IEEE 802.11-02/300R0 Submission May 2002 Terry Cole, AMDSlide 1 Slides to Assist with Joint Meeting of TgE and TgG Terry Cole AMD Fellow

Doc.: IEEE /300R0 Submission May 2002 Terry Cole, AMDSlide 1 Slides to Assist with Joint Meeting of TgE and TgG Terry Cole AMD Fellow
Doc.: IEEE 802.11-11/0465r0 Submission March 2011 Mark RISON, CSRSlide 1 A-MPDUs with U-APSD 2011-03-17 Authors:

Doc.: IEEE /0465r0 Submission March 2011 Mark RISON, CSRSlide 1 A-MPDUs with U-APSD Authors:
Doc.: IEEE 802.11-12/0104r1 SubmissionLiwen Chu Etc.Slide 1 Fragmentation with A-MPDU Date: 2012-01-16 Authors: Date: Jan, 2012.

Doc.: IEEE /0104r1 SubmissionLiwen Chu Etc.Slide 1 Fragmentation with A-MPDU Date: Authors: Date: Jan, 2012.
Doc.: IEEE 802.11-07/2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.

Doc.: IEEE /2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.
A-MPDU Delimiter Changes

A-MPDU Delimiter Changes
Doc.: IEEE 802.11-08/0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE 802.11n A-MPDU Denial of Service.

Doc.: IEEE /0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE n A-MPDU Denial of Service.
Doc.: IEEE 802.11-08/0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of 802.11n A-MPDU DoS Issues – Progress and Status Authors:

Doc.: IEEE /0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of n A-MPDU DoS Issues – Progress and Status Authors:
Doc.: IEEE 802.11-08/1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-04 Authors:

Doc.: IEEE /1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems.

Doc.: IEEE /0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems.
Doc.: IEEE 802.11-08/0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.

Doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE 802.11-08/1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-09 Authors:

Doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE 802.15-08-0125-00-003c Submission March, 2008 Inha Univ.Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Doc.: IEEE c Submission March, 2008 Inha Univ.Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Doc.: IEEE 802.11-08/0026r0 Submission Dec. 2007 Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.

Doc.: IEEE /0026r0 Submission Dec Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.
Doc.: IEEE 802.11-02/301R0 Submission May 2002 Terry Cole, AMDSlide 1 A More Efficient Protection Mechanism Terry Cole AMD Fellow +1.

Doc.: IEEE /301R0 Submission May 2002 Terry Cole, AMDSlide 1 A More Efficient Protection Mechanism Terry Cole AMD Fellow +1.
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.:IEEE 802.11-12/0859r0 July 2012 Simone Merlin, Qualcomm Inc Short Block Ack Date: 2012-07-16 Authors:

Doc.:IEEE /0859r0 July 2012 Simone Merlin, Qualcomm Inc Short Block Ack Date: Authors:
Submission doc.: IEEE 802.11-12/0789r3 NameAffiliationsAddressPhoneemail George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,

Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
1 November, 2002 doc:.: 802.15-02/480r0 Daniel V. Bailey, Ari Singer, NTRU 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

1 November, 2002 doc:.: /480r0 Daniel V. Bailey, Ari Singer, NTRU 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Doc.: IEEE 802.11-08/0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: 2008-05-12 Authors:

Doc.: IEEE /0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: Authors:
Doc.: IEEE 802.11-08/0315r1 Submission Mar 2008 Hart (Cisco Systems) Slide 1 Coexistence Mechanisms at 5 GHz Date: 2008-03-17 Authors:

Doc.: IEEE /0315r1 Submission Mar 2008 Hart (Cisco Systems) Slide 1 Coexistence Mechanisms at 5 GHz Date: Authors:

Similar presentations

Ads by Google