Presentation on theme: "Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:"— Presentation transcript:
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 2 Abstract This document presents an idea to radically simplify the draft.
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 3 Security Architecture is Confusing There are many protocols– Abbreviated Handshake, MSA 4-way Handshake, SAE, MSA Initial Exchange, MSA Key Pulling, Mesh Key Holder Handshake, Peer Link Management The relationship between them is complex Fundamentally there are two models for mesh security being represented with these protocols: –An ad-hoc laissez-faire model where each device authenticates its peer(s) directly based upon its peer(s) credential(s). –A centralized model where each device authenticates, through the device with which it wants to establish a secure connection, to a centralized server which then distributes keys to both devices.
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 4 Centralized Mesh A mesh is, fundamentally, a peer-to-peer network. The centralized mesh attempts to overlay a client-server model on top of that. –Must use a peer-to-peer protocol, like the Peer Link Management protocol, to negotiate roles. –Once roles are established client-server protocols are used for authentication– MSA Initial Exchange (802.1x), MSA 4-way Handshake– to establish keys and bring up a session. This creates much complexity. –At least 18 decision points (perhaps more?) when the centralized mesh maintains key hierarchies. –At least 8 decision points when the centralized mesh uses a key distributor. –Multiple centralized key servers causes much more complexity. –There are race conditions that need to be addressed. This makes for a more fragile mesh. Topological changes can create islands of connectivity with no connection to the centralized key server. Two islands cannot connect until one of them discovers a connection to the centralized key server. The mesh forms more slowly and has trouble healing itself.
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 5 AbbrHS Peer discovered Shared an MKD? yes MKD identified? PMK available? Succeed? no yes PLM SAE succeeds AbbrHS Succeeds? yes no SAE preferred? MKD decided? EAP authentication 4WHS yes no Am I the authenticator? Have supplicants key? yes no Key pulled? yes MSA 4WHS/AbbrHS Need authentication? EAP succeeds? MSA 4WHS yes Initiate AbbrHS? AbbrHS Wait to respond to 4WHS no yes MSA 4WHS/AbbrHS Session Protocol Decisions with MSA Key Hierarchies (stolen from 11-08/1296r0) fail succeed fail succeed fail succeed fail no yes no fail yes no fail no Only 1 MKD? yes fail
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 6 Peer Discovery Do I share PMK with Peer? SAE or EAP? No SAE Succeeds? Yes Abbrev HS Succeeds? Yes Session Yes No SAE EAP PLM Succeeds? No Do I share MKD with Peer? Yes Key Pulling Succeeds? EAP Succeeds? Yes No Yes No Protocol Decisions with Key Distribution (stolen from 11-08/1296r0)
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 7 Laissez-Faire Mesh The mesh remains peer-to-peer –Authentication is peer-to-peer at authentication time. –Session establishment is peer-to-peer post authentication. Protocol decisions are much simpler. Its possible to be authenticated to more than one mesh point. It is not necessary to throw away a PMK when the session is torn down (and session keys are thrown away). This brings up an interesting state diagram analogous to figure 11-6 in IEEE Std
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 8 A State Representation that is Known and Understood Unauthenticated And Unassociated Authenticated And Unassociated Authenticated And Associated authentication association disassociation deauthentication SAE authentication Abbreviated Handshake Peer link close Key expiry or deauthentication No shared key And No peer link Shared key And No peer link Shared key And Peer link
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 9 Laissez-Faire Mesh Abbrev HS Succeeds? Session Do I share PMK with Peer? Did SAE succeed? Yes Peer Discovery Yes No Yes No Three decision points Simple to describe and simple to implement Short latency in establishing secure link Lower debugging and testing costs
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 10 The Modest Proposal… Greatly simplify the 11s draft by getting rid of the centralized mesh option. If mesh security is desired, use SAE and the Abbreviated Handshake; if its not use PLM
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 11 The Modest Proposal… What do we lose if we get rid of the centralized option? –Existing authentication infrastructure based on AAA technology will not be used for establishment of the mesh, but can continue to be used to authenticate users (its reason for existence). –A Passphrase/PSK is the only supported credential a mesh point can use to authenticate (unless we resurrect an older proposal for peer-to-peer authentication with certificates, which is not part of this modest proposal). –Revocation of a mesh points credential is problematic, especially if per- device credentials are not used. What do we gain if we get rid of the centralized option? –A much simpler and less confusing specification, elimination of many comments (there are around 190 on MSA alone!), and the probability of being done earlier. –A more robust mesh that forms faster and can heal itself faster in the event of unanticipated partition.
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 12 What Kind of Mesh Do You Envision? There are use cases for which the laissez-faire model works but the centralized model does not: –Small office/home-office mesh –A PDA meshing with a phone meshing with a baby monitor meshing with a digital video recorder (DVR) meshing with…. The laissez-faire model makes sense even in the deployments where a centralized model makes sense: –Emergency responder– why worry about access to an MKD when lives are at stake? –Metropolitan or enterprise mesh– the infrastructure can be built securely using SAE. While a AAA server probably exists the need to use it for device authentication is not very compelling. And nothing stops it from continuing to be used to authenticate clients (not MPs)!
doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 13 How about a straw poll? The TGs motto is: perfection is achieved not when there is nothing else to add but when there is nothing else to take away. Q: The centralized mesh option should be removed from the draft. - Yes: - No: - Unable to make an opinion either way: