Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Published bySydney Harding Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

2 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 2 Abstract This document describes the changes necessary to the 802.11s Draft to support suite B compliance

3 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 3 What is suite B? A specification of cryptographic building blocks used to construct a secure system –Key exchange using elliptic curve Diffie-Hellman (ECDH) –Authentication using elliptic curve Digital Signature Algorithm (ECDSA) –Hashing with SHA-256 or greater –Use of approved elliptic curves (over prime field of at least 256 bits) –AES-GCM for bulk data protection A revised set of requirements (on top of FIPS) by NSA and the US government to sell product to protect data with a certain classification level

4 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 4 suite B support in 11s SAE implements an ECDH-like exchange using approved elliptic curves and specifies SHA-256 but… –Authentication is not ECDSA –The keys are still used with AES-CCM Today an 11s implementation would not meet suite B requirements and cannot be sold into certain markets We could do a bit more work to rectify this –Propose a new authentication protocol using ECDH and ECDSA, with SHA-256, that can support approved elliptic curves –Define use of AES-GCM for 11s (that might be a lightning rod for negative comments in the next ballot, or maybe not)

5 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 5 A suite B-compliant Authentication Protocol for 11s Use action frames to request and obtain a peers certificate Use authentication frames to perform a peer-to-peer protocol which does an ECDH exchange and ECDSA to authenticate Leverage lots from SAE –The state machine will be almost identical –A new AKM in beacons indicates support for the exchange –Use the same mechanism for negotiating the elliptic curve –The result of the exchange is an authenticated PMK, just like SAE, that is input to APE to establish a secure peering.

6 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 6 A suite B-compliant Authentication Protocol for 11s Mesh Point A identified by ID-A Mesh Point B identified by ID-B 1.Choose random a less than order of group, nonce Na 2.Compute element A = a*G 1.Choose random b less than order of group, nonce Nb 2.Compute element B = b*G Na, A Nb, B Sign {Na | Nb | A | B | ID-A | ID-B} Sign {Nb | Na | B | A | ID-B | ID-A} Session ID = MAX(Na, Nb) | MIN(Na, Nb) Shared Secret = a * b * G

7 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 7 Straw Polls Ability to sell product into government markets using sensitive data is important –Yes: 5 –No: 0 –Dont Care: 2 We should add another authentication protocol to the Draft to support suite-b for this purpose –Yes: 1 –No: 0 –Dont Care: 0 –Dont Know: 7

8 doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 8 References

Download ppt "Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:"

Similar presentations

Doc.: IEEE 802.11-09/1259r0 Submission Nov 2009 Michael Bahr, Siemens AGSlide 1 RFI Tüddelkram Date: 2009-11-16 Authors:

Doc.: IEEE /1259r0 Submission Nov 2009 Michael Bahr, Siemens AGSlide 1 RFI Tüddelkram Date: Authors:
Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE 802.11-09/0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: 2009-01-19 Authors:

Doc.: IEEE /0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Submission doc.: IEEE 802.11-11/1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date: 2011-09-22.

Submission doc.: IEEE /1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date:
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: 2013-05-07 Authors:

Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: Authors:
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE 802.11-10/1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.

Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Doc.: IEEE 802.11-12/1106r0 Submission September 2012 Osama Aboul-Magd, Huawei TechnologiesSlide 1 A Short-Header Frame Format Date: 2012-09-14 Authors:

Doc.: IEEE /1106r0 Submission September 2012 Osama Aboul-Magd, Huawei TechnologiesSlide 1 A Short-Header Frame Format Date: Authors:
Doc.: IEEE 802.11-11/0877r0 Submission June 2011 802.11 WG Slide 1 TGs response to CN NB comments Date: 2011-06-17 Authors:

Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
Doc.: IEEE 802.11-09/0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: 2009-03-08 Authors:

Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
Doc.: IEEE 802.11-12/0371r0 Submission March 2012 Ron Porat, Broadcom BF Feedback and Protocol Date: 2012-03-12 Authors: Slide 1.

Doc.: IEEE /0371r0 Submission March 2012 Ron Porat, Broadcom BF Feedback and Protocol Date: Authors: Slide 1.
Slide 1 doc.: IEEE 802.11-10/1092r0 Submission Simone Merlin, Qualcomm Incorporated September 2010 Slide 1 ACK Protocol and Backoff Procedure for MU-MIMO.

Slide 1 doc.: IEEE /1092r0 Submission Simone Merlin, Qualcomm Incorporated September 2010 Slide 1 ACK Protocol and Backoff Procedure for MU-MIMO.
Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02

Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Doc.: IEEE 802.11-11/1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2011-11-01 Authors:

Doc.: IEEE /1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:

Similar presentations

Ads by Google