Presentation is loading. Please wait.

Presentation is loading. Please wait.

Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: 2012-05-14 Authors: NameAffiliationsAddressPhoneemail.

Similar presentations


Presentation on theme: "Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: 2012-05-14 Authors: NameAffiliationsAddressPhoneemail."— Presentation transcript:

1 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: 2012-05-14 Authors: NameAffiliationsAddressPhoneemail Hiroki NakanoTrans New Technology, Inc. Sumitomo Seimei Kyoto Bldg. 8F, 62 Tukiboko-cho, Shimogyo, Kyoto 600-8492 JAPAN +81-75-213- 1200 cas@gmail4.trans -nt.com Hitoshi Morioka Allied Telesis R&D Center 2-14-38 Tenjin, Chuo- ku Fukuoka 810-0001 JAPAN +81-92-771- 7630 hmorioka@root- hq.com

2 Submission doc.: IEEE 11-12/0273r9 Abstract DCN: IEEE11-12/0273r9 Title: SFD Text for Higher Layers Authors and Companies: Hiroki Nakano (Trans New Technology, Inc.) Hitoshi Morioka (Allied Telesis R&D Center) Scope: Upper layer Motivation: page 3 (abstract) Background information: page 4-31 Motion: page 32-39 including five motions Slide 2Hiroki Nakano, Trans New Technology, Inc. May 2012

3 Submission doc.: IEEE 11-12/0273r9May 2012 Hiroki Nakano, Trans New Technology, Inc. Slide 3 Motivation An IP(v4) address are normally assigned by DHCP(v4) and the specification of DHCP is stable. DHCP includes definition of state transition and have lots of extensions derived from lots of past discussions. Non-AP STA should be still a DHCP client. The discussions of IPv6 address assignment are still going on actively in IETF and its specification is being changed. We should provide a framework for them. In addition, TGai should not deny the other protocols because we are the link layer.

4 Submission doc.: IEEE 11-12/0273r9 Background Information for IPv4 RFC2131 - Dynamic Host Configuration Protocol RFC4039 - Rapid Commit Option for the Dynamic Host Configuration Protocol version 4 (DHCPv4) Slide 4Hiroki Nakano, Trans New Technology, Inc. May 2012

5 Submission doc.: IEEE 11-12/0273r9 Background Information for IPv6 RFC3315 - Dynamic Host Configuration Protocol for IPv6 (DHCPv6) RFC4429 - Optimistic Duplicate Address Detection (DAD) for IPv6 RFC4862 - IPv6 Stateless Address Autoconfiguration RFC6106 - IPv6 Router Advertisement Options for DNS Configuration RFC6434 - IPv6 Node Requirements Slide 5Hiroki Nakano, Trans New Technology, Inc. May 2012

6 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 6 The past Straw poll 1 Do you support to add the following text to the clause 4 of SFD: “The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.” Yes:5No:3Don’t care:17(Mar 15 AM1)

7 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 7 The past Straw poll 2 Do you support to add the following text to the clause 4 of SFD: “The TGai amendment defines a generalized method for upper layer transport encapsulation during FILS to enable higher layer services.” Yes:7No:1Don’t care:22(Mar 15 AM1)

8 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 8 Proposed Amendment 1 Clause to amend: Section 3 Add to the last of Section 3: 3.x Encapsulation Framework for HLCF The TGai amendment defines a generalized method for upper layer transport encapsulation during FILS to enable higher layer services.

9 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 9 Motivation of Proposed Amendment 1 This sentence intends TGai to support IPv4, IPv6 and other upper layer protocols. Transparency as a link layer is important in order to support various upper layer protocols.

10 Submission doc.: IEEE 11-12/0273r9 Possibly Encrypted Generalized Sequence May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 10 Non-AP STAAP Conf. server Higher Layer Configuration Service Processing for security Configuration Request Configuration Reply AS At this point, Non- AP STA has been authenticated. AP keeps a HLCF data. Maximum time is assumed to be less than 100 msec. less than 100ms (See TGai Functional Requirements) Possibly Encrypted AS and Conf. server can reside inside AP.

11 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 11 Proposed Amendment 2 Clause to amend: Section 5 Add the following text: 5.x Forwarding of HLCF information The TGai amendment defines HLCF as an AP forwards information carried from an non-AP STA by HLCF to the others than the non-AP STA only either after successful authentication or with assurances of the same security level as the existing 802.11 security framework.

12 Submission doc.: IEEE 11-12/0273r9 Possibly Encrypted Sequence Example by DHCP with RCO May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 12 Non-AP STAAP DHCP server DHCP Client Software Processing for security DHCP Discover w/ RCO DHCP Ack AS At this point, Non- AP STA has been authenticated. AP keeps a DHCP packet. Maximum time is assumed to be less than 100 msec. less than 100ms (See TGai Functional Requirements) Possibly Encrypted

13 Submission doc.: IEEE 11-12/0273r9 Possibly Encrypted Sequence Example by ICMPv6 RS/RA May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 13 Non-AP STAAP Router Stateless Configuration Software Processing for security Router Solicitation Router Advertisement AS At this point, Non- AP STA has been authenticated. AP keeps a RS packet. Maximum time is assumed to be less than 100 msec. less than 100ms (See TGai Functional Requirements) Possibly Encrypted

14 Submission doc.: IEEE 11-12/0273r9 Possibly Encrypted Sequence Example by DHCPv6 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 14 Non-AP STAAP Router Stateful Configuration Software Processing for security Router Solicitation ICMPv6 RA with M flag AS At this point, Non- AP STA has been authenticated. AP keeps a RS packet. Maximum time is assumed to be less than 100 msec. less than 100ms (See TGai Functional Requirements) Possibly Encrypted DHCPv6 on 802.11 Data frames

15 Submission doc.: IEEE 11-12/0273r9 Sequence Example by DHCPv6 with RCO (challenging framework) May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 15 Non-AP STAAP DHCP server Stateful Configuration Software Processing for security DHCPv6 Solicit w/ RCO RA & DHCPv6 Reply AS At this point, Non- AP STA has been authenticated. AP keeps a DHCP packet. Maximum time is assumed to be less than 100 msec. less than 100ms (See TGai Functional Requirements) Possibly Encrypted Possibly Encrypted

16 Submission doc.: IEEE 11-12/0273r9 Comments & Answers Frames get bigger. It’s the problem. TGai intends to reduce exchanges of packets, not reduce information itself. Therefore, it is natural that less exchanges leads to bigger packets. A round trip of 1000-byte-long frames is obviously preferable to 10 round trips of 100-byte-length packets. TGai can provide special “compression” encodings for specific upper layer protocols, such as DHCP. For instance, most of DHCP packets have about 200-byte-long consecutive zeros and a generic data compression technique or a special encoding for DHCP can compress DHCP packets without changing information. Slide 16Hiroki Nakano, Trans New Technology, Inc. May 2012

17 Submission doc.: IEEE 11-12/0273r9 Comments & Answers What packets should be forwarded or not? Does it affect security? Basically, piggybacked frames of upper layers should be forwarded after authentication is finished. Essentially, non-AP STA can throw any kind of packets for upper layers after authentication. If you want a further optimization such as a premature start of IP address assignment processing before completion of authentication, you must consider security mechanism such as packet filtering. However, this is out of our scope, although TGai does not prevent such techniques. Slide 17Hiroki Nakano, Trans New Technology, Inc. May 2012

18 Submission doc.: IEEE 11-12/0273r9 Comments & Answers How long does an AP wait for a response from DHCP server? The TGai Functional Requirements document requests to provide a secure link set-up in less than 100 ms. Therefore, Maximum time for an AP to wait is 100ms. DHCP packets transfer between an AP and a non-AP STA in a normal manner after 802.11ai link setup. If a response from DHCP server reaches an AP after the AP sends a response to non-AP STA, DHCP packets can be sent in the same manner as Data frames. Slide 18Hiroki Nakano, Trans New Technology, Inc. May 2012

19 Submission doc.: IEEE 11-12/0273r9 Possibly Encrypted A Case with late Reply from Conf. server May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 19 Non-AP STAAP Conf. server Higher Layer Configuration Service Processing for security Configuration Request Configuration Reply AS AP can abandon piggybacking after waiting for configured period. less than 100ms (See TGai Functional Requirements) Possibly Encrypted Normal data frame Association Response

20 Submission doc.: IEEE 11-12/0273r9 Comments & Answers What happens when lease time of an IP address is expired? Higher layer protocols can use normal data frames to exchange additional packets for DHCP etc. Extension of DHCP lease time will be done in a normal manner. Slide 20Hiroki Nakano, Trans New Technology, Inc. May 2012

21 Submission doc.: IEEE 11-12/0273r9 Comments & Answers Do APs require to keep HLCF (DHCP) packets during processing for security? Does this enable attackers to consume memory of APs? TGai assumes that each authentication for each non-AP STA is finished within 100ms. See Section 2.2.1 “Link Set-Up Time” of TGai Functional Requirements (IEEE 11-11/0745r5) Our media 802.11 can transfer 5000 packets per second at most. The size of a HLCF packet is 1500 byte at most. MTU of 802.11 is about 2300 byte. Therefore, amount of packets for AP to keep is 750KB at most in case that all packets flying are employed for attacks. Slide 21Hiroki Nakano, Trans New Technology, Inc. May 2012

22 Submission doc.: IEEE 11-12/0273r9 Comments & Answers IPv6 has the DAD (Duplicate Address Detection) mechanism. Does this take a long time? RFC4429 defines Optimistic Duplicate Address Detection (DAD) for IPv6. This mechanism enables us to use IPv6 address before DAD is finished, while DAD is being performed by using normal 802.11 data frames. Slide 22Hiroki Nakano, Trans New Technology, Inc. May 2012

23 Submission doc.: IEEE 11-12/0273r9 Comments & Answers Is SEcure Neighbor Discovery (RFC3971) available on this framework? Router Solicitation with the unspecified address can be used. Router Advertisement with CGA option, RSA Signature option and the other related options can be used. If a non-AP STA has no certificate enough to verify, further exchanges of packets, for instance, Certification Path Solicitation/Advertisement, are required. Slide 23Hiroki Nakano, Trans New Technology, Inc. May 2012

24 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 24 Proposed Amendment 3 Clause to amend: Section 5 Add the following text: The TGai amendment defines a mechanism to provide IPv4/IPv6 address assignment to STAs during the authentication procedure.

25 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 25 Proposed Amendment 4 Clause to amend: Section 5 Add the following text: 5.x Indication of availability of IP address configuration during association The TGai amendment defines a method to enable a non-AP STA to know IP address configuration during association prior of the TGai association process.

26 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 26 Proposed Amendment 5 Clause to amend: Section 5 Add the following text: 5.x Indication of availability of higher layer protocols The TGai amendment defines a method to enable a non-AP STA to know availability of higher layer protocols in advance of the TGai association process.

27 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 27 Proposed Amendment 6 Clause to amend: Section 5 Add the following text: 5.x IPv4 support The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.

28 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 28 Proposed Amendment 7 Clause to amend: Section 5 Add the following text: 5.x IPv6 stateless autoconfiguration support The TGai amendment defines a method of IPv6 stateless address autoconfiguration which works as a transport of ICMPv6 RS/RA.

29 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 29 Proposed Amendment 8 Clause to amend: Section 5 Add the following text: 5.x IPv6 stateful autoconfiguration support The TGai amendment defines a method of IPv6 stateful address autoconfiguration which works as a transport of ICMPv6 RS/RA and DHCPv6.

30 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 30 Proposed Amendment 9 Clause to amend: Section 5 Add the following text: 5.x Miscellaneous protocol support The TGai amendment is open to other higher layer protocols and their services than IPv4 and IPv6.

31 Submission doc.: IEEE 11-12/0273r9 Summary of Proposed Amendments HLCF Security: Assure that HLCF works safely. Protocols we support at least: IPv4 and IPv6 Indication of availability in beacons or something: IPv4/IPv6 address assignment higher layer configuration services (generalized text) Supported protocols in detail: IPv4 DHCP IPv6 stateless configuration IPv6 stateful configuration other miscellaneous protocols Slide 31Hiroki Nakano, Trans New Technology, Inc. May 2012

32 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 32 Motion 2 Move to add the following text to the Section 5 of SFD: “5.x Forwarding of HLCF information The TGai amendment defines HLCF as an AP forwards higher layer information between an non-AP STA and the others than the non-AP STA only either after successful authentication or with assurances of the same security level as the existing 802.11 security framework.” Moved: Seconded: Yes:No:Abstain:

33 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 33 Motion 3 Move to add the following text to the Section 5 of SFD: “The TGai amendment defines a mechanism to provide IPv4/IPv6 address assignment to STAs during the authentication procedure.” Moved: Seconded: Yes:No:Abstain:

34 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 34 Motion 4 Move to add the following text to the Section 5 of SFD: “5.x Indication of availability of IP address configuration during association The TGai amendment defines a method to enable a non-AP STA to know IP address configuration during association prior of the TGai association process.” Moved: Seconded: Yes:No:Abstain:

35 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 35 Motion 5 Move to add the following text to the Section 5 of SFD: “5.x Indication of availability of higher layer protocols The TGai amendment defines a method to enable a non-AP STA to know availability of higher layer protocols in advance of the TGai association process.” Moved: Seconded: Yes:No:Abstain:

36 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 36 Motion 6 Move to add the following text to the Section 5 of SFD: “5.x IPv4 support The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.” Moved: Seconded: Yes:No:Abstain:

37 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 37 Motion 7 Move to add the following text to the Section 5 of SFD: “5.x IPv6 stateless autoconfiguration support The TGai amendment defines a method of IPv6 stateless address autoconfiguration which works as a transport of ICMPv6 RS/RA.” Moved: Seconded: Yes:No:Abstain:

38 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 38 Motion 8 Move to add the following text to the Section 5 of SFD: “5.x IPv6 stateful autoconfiguration support The TGai amendment defines a method of IPv6 stateful address autoconfiguration which works as a transport of ICMPv6 RS/RA and DHCPv6.” Moved: Seconded: Yes:No:Abstain:

39 Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 39 Motion 9 Move to add the following text to the Section 5 of SFD: “5.x Miscellaneous protocol support The TGai amendment is open to other higher layer protocols and their services than IPv4 and IPv6.” Moved: Seconded: Yes:No:Abstain:

40 Submission doc.: IEEE 11-12/0273r9May 2012 Hiroki Nakano, Trans New Technology, Inc. Slide 40 Backup

41 Submission doc.: IEEE 11-12/0273r9 New software for new protocol A possible counterproposal May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 41 Non-AP STAAPDHCP server Processing for security TGai new protocol DHCP Discover w/ RCO TGai new protocol DHCP Ack Translation?

42 Submission doc.: IEEE 11-12/0273r9 Comparison DHCP with RCONew protocol w/ DHCP- like frame format New protocol Frame exchange1 round trip Non-AP STA isDHCP clientTGai client AP isa forwarderoften a DHCP client TGai isa transport a protocol for IP address assignment What information is distributed? DHCP defines DHCP defines (including future extensions?) TGai defines Behavior of non-AP STA DHCP definesTGai defines Behavior of APa forwarderTGai defines AP hasno statesome state(?) When an address assignment expires DHCP uses normal transport to extend TGai defines extending procedure Slide 42Hiroki Nakano, Trans New Technology, Inc. May 2012

43 Submission doc.: IEEE 11-12/0273r9May 2012 Hiroki Nakano, Trans New Technology, Inc. Slide 43 IPv6 Internet Drafts Considerations on M and O Flags of IPv6 Router Advertisement (draft-ietf-ipv6-ra-mo-flags-01) Default Router and Prefix Advertisement Options for DHCPv6 (draft-droms-dhc-dhcpv6-default-router-00)


Download ppt "Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: 2012-05-14 Authors: NameAffiliationsAddressPhoneemail."

Similar presentations


Ads by Google