Secure Frame Format Proposal SFF: PAR, Architecture, 5 Criteria, Some ideas and notes

Slides:

Advertisements

Similar presentations

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Advertisements

Overview of the SDE Protocol Presented by Ken Alonge Chair,

Doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.

ECMP for 802.1Qxx Proposal for PAR and 5 Criteria Version 2 16 people from ECMP ad-hoc committee.

LAN Protocol Architecture

CompTIA Network+ Chapter 2

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Chapter 8 Web Security.

IEEE Wireless LAN Standard

1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Data Link Layer Network Fundamentals – Chapter 7.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Month Year doc.: IEEE yy/0221r2 Mar 2013

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Doc.: IEEE /0981r1 TGs Reference Architecture Considerations September 6, 2004 Tricci So & W. Steven Conner.Slide 1 TGs ESS Mesh System Reference.

Router and Routing Basics

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

March th IETF - Prague1 TRILL Working Group From draft 03 to draft 04 Dinesh Dutt, Cisco Silvano Gai, Nuova Radia Perlman, Sun.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.

Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.

Objectives  Explain the role of Data Link layer protocols in data transmission.  Describe how the Data Link layer prepares data for transmission on.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Doc.: 802_Handoff_Architecture_Elements_r2 Submission May David Johnston, IntelSlide 1 Architectural Elements of an 802 Handoff Solution David Johnston.

Chapter 6 – Layer 2 MAC, Frames, Hex, etc.. Layer 1 / Layer 2 Layer 1 Signals, media, bit streams Layer 2 –Communicates with upper layers using Logical.

Primitive End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting.

Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:

Open System Interconnection Describe how information from a software application in one computer moves through a network medium to a software application.

1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.

Doc.: IEEE /0981r0 TGs Reference Architecture Considerations August 30, 2004 Tricci So.Slide 1 TGs ESS Mesh System Reference Architecture Considerations.

Omniran CF00 1 VLANs in relation to P802.1CF NRM Date: Authors: NameAffiliationPhone Max RiegelNokia Networks

Network Security Introduction

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Switched Networks Routing And Switching 1.0.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:

IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.

802.11: Introduction Reference: “IEEE : moving closer to practical wireless LANs”; Stallings, W.; IT Professional, Volume: 3 Issue: 3, May- June.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Use of MAC addresses in MIH protocol Date Submitted: June 19,

© 2002, Cisco Systems, Inc. All rights reserved..

Network Layer Security Network Systems Security Mort Anvari.

1 3/13/ :25 Chapter 5Protocol Architecture1 Rivier College CS575: Advanced LANs Chapter 5: Protocol Architecture.

K. Salah1 Security Protocols in the Internet IPSec.

Week #8 OBJECTIVES Chapter #5. CHAPTER 5 Making Networks Work Two Networking Models –OSI OPEN SYSTEMS INTERCONNECTION PROPOSED BY ISO –INTERNATIONAL STANDARDS.

LonWorks Introduction Hwayoung Chae.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Doc.: IEEE /0537r0 Submission May 2010 Kazuyuki Sakoda, Sony CorporationSlide 1 General frame format comment resolution overview Date:

IEEE Std Proposed Revision Purpose, Scope & 5 Criteria.

IP-NNI Joint Task Force Status Update

Teleconference Agenda

IP-NNI Joint Task Force Status Update

– Chapter 5 (B) – Using IEEE 802.1x

Resolutions of the Remaining Power Management Comments

Confidentiality, Integrity, Nonrepudiation

Presentation transcript:

Secure Frame Format Proposal SFF: PAR, Architecture, 5 Criteria, Some ideas and notes

802.1 June ‘03Secure Frame Format ProposalMick Seaman 2 SFF Proposal : Agenda Explain the key concepts behind the words of the PARExplain the key concepts behind the words of the PAR Describe the architectural fit of this component of the security solutionDescribe the architectural fit of this component of the security solution Provide further material for the 5 criteriaProvide further material for the 5 criteria Share some ideas about potential solutions and consequencesShare some ideas about potential solutions and consequences

802.1 June ‘03Secure Frame Format ProposalMick Seaman 3 Proposed Scope : Some words To define a secure frame format to ensure the connectionless confidentiality of MAC Service Data Units (MSDUs) and to ensure data origin identification and the connectionless integrity of the MAC frames that convey these MSDUs using a secure association between MAC layer entities providing the MAC Internal Sublayer Service (-1-) or the MAC Enhanced Internal Sublayer Service (-2-). This proposed standard will not include key management but will make use of other projects to establish the secure association. References: -1- IEEE Std 802.1D, -2- IEEE Std 802.1Q.

802.1 June ‘03Secure Frame Format ProposalMick Seaman 4 SFF PAR Concepts Communication between: Peer media access method independent MAC layer entities:Peer media access method independent MAC layer entities: Providing ISS (.1D) or EISS (.1Q)Providing ISS (.1D) or EISS (.1Q)With Connectionless data integrityConnectionless data integrity Connectionless data confidentialityConnectionless data confidentiality Data origin authenticityData origin authenticity

802.1 June ‘03Secure Frame Format ProposalMick Seaman 5 Concepts : SFF Entities PeersPeers Media access method independentMedia access method independent MAC layer entitiesMAC layer entities MAC Service Boundary Media Access Method Dependent Functions

802.1 June ‘03Secure Frame Format ProposalMick Seaman 6 Concepts : Internal Sublayer Service ISS = MAC Service + MAC SA, FCS, access priority EISS = ISS + VLAN ID MAC Service Boundary Media Access Method Dependent Functions

802.1 June ‘03Secure Frame Format ProposalMick Seaman 7 Concepts : Connectionless data Connectionless Service Provision Each service request is independent of any otherEach service request is independent of any other –Delivery probability and ordering are aspects of QoS Connectionless Service Support Each service request is supported by a single frame transmission, not a sequence of related framesEach service request is supported by a single frame transmission, not a sequence of related frames Frames are mutually independentFrames are mutually independent –Agreed replay protection discussion is in PAR scope

802.1 June ‘03Secure Frame Format ProposalMick Seaman 8 Concepts : Data integrity & confidentiality Data integrity Covers MAC DA, SA, VID*, user priority*, user dataCovers MAC DA, SA, VID*, user priority*, user data Does not cover MAC dependent fieldsDoes not cover MAC dependent fields Data confidentiality Covers user dataCovers user data –Possible interworking issues between.1D + SFF and.1Q + SFF Does not cover MAC DA, SA, VID*, user priority*, MAC dependent fieldsDoes not cover MAC DA, SA, VID*, user priority*, MAC dependent fields

802.1 June ‘03Secure Frame Format ProposalMick Seaman 9 Concepts : Data origin authenticity Need to know which entity has ‘secured’ the data if not implicit at receiver, i.e. if ‘multihop’ or non-pt-to-pt Integrity guaranteedIntegrity guaranteed Confidentiality explicitly not providedConfidentiality explicitly not provided –Facilitate management observation Confuse or optimize with key identity?Confuse or optimize with key identity? Field may be absent if pt-to-pt single hopField may be absent if pt-to-pt single hop Field may be absent, if logical pt-to-pt single hop?Field may be absent, if logical pt-to-pt single hop? –System redundancy with LLID?

802.1 June ‘03Secure Frame Format ProposalMick Seaman 10 Concepts : What’s not in Denial of service BUT after known time deltaT has elapsed after any attack has ceased the system is guaranteed to recover from the DoSBUT after known time deltaT has elapsed after any attack has ceased the system is guaranteed to recover from the DoS

802.1 June ‘03Secure Frame Format ProposalMick Seaman 11 SFF Architecture (likely consequences 1) Secure association end points map to Ports (.1D,.1X)Secure association end points map to Ports (.1D,.1X) Uncontrolled and Secured/Authorized PortsUncontrolled and Secured/Authorized Ports –Address the bootstrap problem –In principle could have multiple Ports, each corresponding to a number of security associations MAC Service Boundary Media Access Method Dependent Functions

802.1 June ‘03Secure Frame Format ProposalMick Seaman 12 SFF Architecture (likely consequences 2)

802.1 June ‘03Secure Frame Format ProposalMick Seaman 13 Notes : On a frame format DA, SADA, SA SFF TAGSFF TAG –Key Identifier –Data Origin (Securing Party) Identifier VLAN TAG (optional)VLAN TAG (optional) User dataUser data Integrity Check ValueIntegrity Check Value Integrity Confidentiality optional