Presentation on theme: "EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute."— Presentation transcript:
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute
EPON Technology Team EPON Technology Team (.) 2/9/ af This is a project of the MAC Security Task Group. It is not an amendment to IEEE std 802.1X This standard need not extends 802.1X to establish securi ty associations for 802.1ae MAC Security
EPON Technology Team EPON Technology Team (.) 2/9/2014 Authentication problem Link security is between access point and access device Authentication is between access point and access device, too. In order to authenticate access device, we need not use x We can use symmetric key encryption between access point and access device because of many reasonable reason. And, we need symmetric key. Master key generating session keys m ust set before security process. The confirm of Master key is authentication This method is very simple, and low cost.
EPON Technology Team EPON Technology Team (.) 2/9/2014 Problems of 802.1x authentication The use of IEEE Std 802.1X, already widespread and su pported by multiple vendors, in additional applications. This is just assumption. If not so who assure that EAP message is relayed to authentication server? we must implement 802.1x. –This is very complex, and high cost if we develop an low cost switch. –And we need an authentication server in case of absent –Supplicant, Authenticator, Authentication server state machine For example, if there is a bridge, the bridge must have above all thr ee state machines. Because bridge can be supplicant or authenticat or or authentication server. There is two security channel. One is for MAC security, the other is for key security And, Need two configuration protocols for each, too As you know, key security was made for MAC security.
EPON Technology Team EPON Technology Team (.) 2/9/2014 Authentication as the confirm of Master key very simple If encrypted message can be decrypt, the receiver can transmit ac k message encrypted Low cost Need not authentication server Need not KDC Symmetric key is available for access point, access device can get secured channel as only an authentication Key exchange through the secured channel need not get information such as certificate from upper lay er. Link security can be operated independently