Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:

Published bySybil Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:

2 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Background IEEE 802.11 provides cryptographic security using work developed in TGi (2004) –Key Establishment / Authentication Pre-Shared Keys 802.1X / EAP / Radius Authentication –AES-CCMP for link encryption What are we missing? March 2012 Paul A. Lambert (Marvell)Slide 2

3 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Strong Device-to-Device Authentication IEEE 802.11 does not have a “good” solution for device-to-device authentication Preshared keys are problematic: –Difficult to install –Poor authentication (can be reshared) EAP based methods are designed to use a remote server July 2012 Paul A. Lambert (Marvell)Slide 3

4 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Device-to-Device Authentication Possible Use Cases and Benefits Simplified secure device discovery –All devices have an provable identity –Enables good peer-to-peer security Easy device enrollment and installation –Provable identity greatly simplifies installation process –Simplified installation of headless devices (sensors, etc) Cost and complexity reduced for systems needing centralized authorization July 2012 Paul A. Lambert (Marvell)Slide 4

5 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Proposed Framework Every device has a public / private key – public key is used as identity Raw key or hash of Key Certificate, but not requiring a Certificate Authority (CA’s assign names – this is not necessary) Simple Key Exchange –Preassociation in 802.11 –4 message exchange –based on well defined cryptographic standards (a few to choose from – ANSI, etc.) –Able to support Suite B July 2012 Paul A. Lambert (Marvell)Slide 5

6 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Public Key Based Authentication November 2011 Paul A. Lambert (Marvell)Slide 6 Private Key Public Key Public Keys can be openly shared Key pairs are used in an authentication exchange that proves that an entity “holds” a particular public key K 1 K 2

7 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Simple Device Enrollment Devices have a identity out-of-the box –Self generated key pair –Binding of wireless authentication to a specific device Label based on public key Remote enrollment based on knowing identity July 2012 Paul A. Lambert (Marvell)Slide 7

8 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Scalable Access Authorization November 2011 Paul A. Lambert (Marvell)Slide 8 Can K 1 enter network? K 1 K 2 Access control servers do NOT need to hold any secrets

9 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Straw Poll Would this group support the definition of device-to-device public key authentication mechanisms for IEEE 802.11? yes: no: abstain: July 2012 Paul A. Lambert (Marvell)Slide 9

Download ppt "Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:"

Similar presentations

Authentication.

Authentication.
Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Doc.: IEEE 802.11-15/0348r0 Submission March 2015 Lee Armstrong, Armstrong Consulting, Inc.Slide 1 Proposed Tiger Team actions Date: 2015-03-07 Authors:

Doc.: IEEE /0348r0 Submission March 2015 Lee Armstrong, Armstrong Consulting, Inc.Slide 1 Proposed Tiger Team actions Date: Authors:
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Doc.: IEEE 802.11-12/0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: 2012-5-6 Authors:

Doc.: IEEE /0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: Authors:
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Similar presentations

Ads by Google