Doc.: IEEE 802.11-04-0724-01-000k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE 802.11k Security: A Conceptual Model Bernard Aboba Microsoft.

Slides:



Advertisements
Similar presentations
IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Advertisements

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE /0499r1 Submission May 2006 Srinivas SreemanthulaSlide 1 TGu Proposal: Network Selection Notice: This document has been prepared to.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
November 2005 Floyd Simpson, MotorolaSlide 1 doc.: IEEE /1193r0 Submission LB78 D3.0 Active Scanning Comments (clause ) Notice: This.
Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Submission doc.: IEEE 11-12/0281r0 March 2012 Jarkko Kneckt, NokiaSlide 1 Recommendations for association Date: Authors:
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE /0407r3 Submission Proposed Resolution to Comments Pertaining to Section in CC12 Date: KB PngSlide 1 March 2014.
Lecture 24 Wireless Network Security
Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Doc.: IEEE /1128r1 Submission Nov 2009 Allan Thomson, Cisco SystemsSlide 1 BSS Transition with Bearing Date: Authors:
Doc.: IEEE /2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.
Doc.: IEEE /2215r1 Submission July 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal – Supported Radio Resource Measurement Bitmask IE.
Submission doc.: IEEE 11-12/535r1 May 2012 Jarkko Kneckt, NokiaSlide 1 Scanning and FILS requirements Date: Authors:
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Doc.: IEEE /109r1 Submission July 2002 J. Edney, H. Haverinen, J-P Honkanen, P. Orava, Nokia Slide 1 Temporary MAC Addresses for Anonymity Jon.
Doc.: IEEE /0848-r2 Submission July 2006 K.HayesSlide 1 RSC Pools for Mgmt Frames Notice: This document has been prepared to assist IEEE
Submission doc.: IEEE 11-13/0526r1 May 2013 Donald Eastlake, HuaweiSlide 1 Sub-Setting Date: Authors:
Doc.: IEEE /0971r0 Submission Sept 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Redefining the SSID Notice: This document has been prepared to.
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
Doc.: IEEE /0237r0 Submission March 2005 Fabrice Stevens, Sébastien Duré Requirements for Management Frame Protection Schemes Fabrice Stevens,
Doc.: IEEE /251 Submission May 2001 Bernard Aboba, MicrosoftSlide 1 Secure Roaming IEEE TgF Bernard Aboba Tim Moore Microsoft.
Doc.: IEEE /1219r4 Submission March, 2006 S. Ponnuswamy (Aruba Networks)Slide 1 Virtual AP Presentation Notice: This document has been prepared.
Doc.: IEEE /1468r1 Submission Jan 09 Ashish Shukla, Marvell SemiconductorSlide 1 ERP Protection in IEEE s Mesh Network Date:
SubmissionJoe Kwak, InterDigital1 STA disassociation behavior Joe Kwak, Marian Rudolf InterDigital doc: IEEE /106r0January 2004.
SubmissionJoe Kwak, InterDigital1 Two New MAC Measurements loading measurements for STA transmit traffic and AP service ability to support network management.
Doc.: IEEE /034r0 Submission January 2002 Matthew B. Shoemake, TGg ChairpersonSlide 1 TGg Report to the IEEE Working Group Matthew B. Shoemake.
Robust Security Network (RSN) Service of IEEE
Security Issues in 11k Emily H. Qi Huai-An (Paul) Lin
FILS Reduced Neighbor Report
Coexistence of Legacy & RSN STAs in Public WLAN
Wake Up Frame to Indicate Group Addressed Frames Transmission
Broadcast of Neighbor Info
Multiple Frequency Channel Scanning
IGTK Switch Announcement
FILS Reduced Neighbor Report
July 2002 Threat Model Tim Moore Tim Moore, Microsoft.
Beacon Protection Date: Authors: July 2018 July 2018
Beacon Protection Date: Authors: May 2018 January 2018
Security for Measurement Requests and Information
Security for Measurement Requests and Information
IEEE k Security: A Conceptual Model
A Review of the Site Reporting Protocol in IEEE802.11k Draft 0.2
Security for Measurement Requests and Information
802.11ba Architecture Discussion
CID#89-Directed Multicast Service (DMS)
Improved TSF Information
Mesh Security Proposal
Regulatory Information for Low Latency Scanning in 5 GHz bands
MIB TruthValue Usage Patterns Presentation
Responses to Clause 5 Comments
Beacon Protection Date: Authors: July 2018 July 2018
Clause 7 Comment Resolutions
Beacon Protection Date: Authors: May 2018 January 2018
MBCA and Beacon Timing element clean up
Thinking About the Site Report
Lightweight Mesh Point – A confusing term
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
Site Report Conceptual Model
MIB TruthValue Usage Patterns Presentation
Presentation transcript:

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE k Security: A Conceptual Model Bernard Aboba Microsoft

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 2 Overview Before proposing an appropriate security scheme for k, we need to articulate the threat model – what we are trying to protect against. The primary threats to RRM are bad measurements. –This is not a classic “denial of service” attack! We also need to understand the deployment implications –Can implemented ciphersuites be reused? –Can RRM support be retrofit in existing NIC drivers?

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 3 Basic Principles Radio Resource Measurement support is orthogonal to security. –RRM can be used with any level of security (even open auth) –RRM support should be easily retrofit on existing drivers IEEE k security needs to leverage implemented ciphersuites –Adding ciphersuites creates deployment barriers –Subtracting ciphersuites lowers security Many RRM security issues are not addressed by transmission security. –Measurements are only a “hint”. –Bad Measurements cannot be eliminated by security, only heuristics. IEEE k implementations need to validate measurements whether or not frames are protected –Just because a measurement is protected doesn’t mean it’s correct!

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 4 Data Frame Proposal Described in detail in Action- Ethertype.doc Allow encapsulation of Action frames as data frames Does not affect other management frames FieldsOctets SME-Information Ethertype1-2 SME-Information Version3 SME-Information Type4 SME-Information Length5-6 SME-Information Body7-N

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 5 Flow of Information Incoming –Incoming Action Ethertype data frame passed up by driver to the OS –OS passes information back down to the driver via an OID –Result: no special treatment for Action Ethertype in driver. Outgoing –Driver requests formation of an Action frame from the OS. –OS encapsulates Action frame in an Action Ethertype and sends it back down to the driver.

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 6 Data Frame Proposal Pros –Guaranteed to work on all existing hardware. No need for separate negotiation, configuration or policy –No changes to existing security mechanisms. RRM uses implemented ciphersuites. No modifications to 4-way handshake. –Compatible with WPA2 driver model. Driver passes up SMI-Information frames to OS as data OS reflects SMI-Information frames back down to the driver via OIDs Enables sending of RRM frames over the DS in future. Cons –Requires allocation of new Ethertype Experimental Ethertype used until actual Ethertype allocated

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 7 Challenges Addressing DoS attacks in k does not lessen the vulnerability of systems as a whole –Many DoS threats unaddressed by IEEE i –Many IEEE k DoS attacks cannot be eliminated by cryptography, only heuristics

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 8 Measurements as “Hints” Bad measurements are likely –Can result from poor calibration, stale data, timing errors, etc. Robustness is the core requirement, not cryptography –STAs and APs need to be robust against misleading measurements –STAs and APs cannot trust IEEE k frames, even when security is in use. Conclusion: IEEE k implementations must not assume that frames transmitted securely are correct!

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 9 Bad Measurements Require Heuristics Cryptography cannot guarantee accurate measurements –Security services (authentication, integrity, confidentiality) only ensure that bad measurements are received as sent. –Threats from bad measurements exist, even after security services are implemented Replace “attacker STA” by “uncalibrated/poorly implemented but authenticated STA” and the same attacks are possible Heuristics needed –For rubustness, STAs MUST be able to recover from reception of incorrect data In a good implementation, service is not denied, only delayed Conclusion: security only reduces the quantity of k attacks, but does not affect their quality.

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide k Useful At Any Security Level k useful at any security level –Customers want to use k with Open Auth, WEP, TKIP, CCMP, etc. –Vendors may retrofit k on legacy NICs or APs No room in NVRAM for additional ciphersuites No additional CPU cycles for security Conclusions –802.11k should utilize existing security mechanisms rather than creating new ones –802.11k security can’t be mandatory to use. –802.11k not the right group to tackle security for management/action frames Handling action/management frame security in a new PAR would allow k to complete sooner, focus on the security threats unique to measurement

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 11 Example: The Neighbor Report The Neighbor Report data is third hand - AP A providing the STA with information about AP B The information is inherently suspect –Neighbor report entry can become stale: AP B was a neighbor, but was removed for maintenance; how long before AP A removes it? –Neighbor report entry can be polluted: AP B was (incorrectly) submitted by STA in a Beacon Report, AP A didn’t validate the entry with another STA or with its “Authorized AP list” before including AP B in the Neighbor Report. –Neighbor report has limited “shelf life”: it’s only useful prior to scanning.

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 12 Neighbor Report Robustness A STA may choose to ignore part or all of the measurements provided –The STA might validate the neighbor report using other mechanisms (active or passive scan) –The STA might ignore part or all of the neighbor report A STA MUST be robust against misleading information. –Example: A STA should not “blacklist” APs based on the Neighbor Report “Bad” APs are just lower priority, not “off limits”. –When information in the Neighbor Report conflicts with other sources, the other sources (scan, 4-way handshake, etc.) are definitive. Once the STA scans, it behaves the same way it would if there were no Neighbor Reort. The Neighbor Report has a very short “shelf life”

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 13 Deployment Issues Separate RRM Security Negotiation –Requires confirmation in 4-way handshake or the security negotiation is insecure. –Driver needs to pass up RRM security negotiation results to operating system to enable confirmation New OIDs required; current WPA2 driver model does not support this! –End result: substantial delays until k can be supported –Cleaner to leverage i security negotiation Legacy driver support –Many of today’s NIC drivers unlikely to be modified to support RRM –Data frame encapsulation enables RRM support to be added in the OS Enables performance improvements for legacy drivers.

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 14 Motion Instruct the editor to incorporate text from k-action-ethertype.doc into the TGk draft

doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 15 Feedback?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.