Security for Measurement Requests and Information Month 2002 doc.: IEEE 802.11-02/xxxr0 Jan 2004 Security for Measurement Requests and Information Jon Edney, Nokia Corp. Henry Haverinen, Nokia Corp. Dan Harkins, Trapeze Networks Edney,Haverinen:Nokia, Harkins:Trapeze Networks John Doe, His Company

Jan 2004 Goals Provide optional privacy of TGk information within a group of stations Provide optional source integrity for unicast action frames Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Problem with only Protecting Action Frames Jan 2004 Problem with only Protecting Action Frames Just encrypt Action frames Use pairwise keys for unicast frames Use group key for multicast frames Problem: Not all TGk information is sent in action frames Requirement is protect TGk information not just action frames Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Core Assumptions IEEE802.11i is completed as per current draft. Jan 2004 Core Assumptions IEEE802.11i is completed as per current draft. Good keys are available and managed under IEEE802.11i Information is secret to a group of stations but need not be hidden from other group members Source integrity might be needed for some types of data Most violations of source integrity only result in DOS attack by providing misinformation Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Jan 2004 Flexible approach Approach allows protection Information Elements separate from delivery method Approach also allows integrity protection of Action Frames IE protection is based on a group key rather than pairwise key. Action Frame protection based on pairwise key for source integrity Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Jan 2004 Concept Summary Contents of TGk information elements are protected using a group key. This gives information privacy and protects against modification, forgery and replay by non-group member Contents of unicast TGk Action frame can be optionally protected with pairwise MIC to protect against forgery by group member Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Examples Hiding channel map information in a Probe Response Jan 2004 Examples Hiding channel map information in a Probe Response TGK IE Probe Response Probe Response cont… Broadcast action frame with partly hidden information Action Frame Hdr TGK IE Fully protected unicast action frame Action Frame Hdr MIC TGK IE Protected by Group Key Protected by Pairwise Key Unprotected Other Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Information Elements Four IEs eligible for protection: Jan 2004 Information Elements Four IEs eligible for protection: Measurement Request Measurement Report AP Channel Report Site Report Edney,Haverinen:Nokia, Harkins:Trapeze Networks

General format for “Protectable IEs” Jan 2004 General format for “Protectable IEs” New Same as current draft Elem ID Length Flags Security Hdr. (opt) Element Specific Data Rsvd Protected Key ID ESN0 ESN1 ESN2 ESN3 ESN4 ESN5 b0 - b4 b5 b6 - b7 Protected bit indicates Whether Security header is present ESN = Element Sequence number (increments for each IE generated) Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Protection of IE using CCM Jan 2004 Protection of IE using CCM Elem ID Length Flags ESN0-5 Element Specific Data AAD Source MAC (TA) CCM Processing Nonce PIEkey Elem ID Length Flags ESN0-5 Protected Data MIC Note: Use of group key means there is no source integrity. Source MAC address is included to prevent Nonce collisions Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Jan 2004 Replay Protection PIEkey has group sequence number “Element Sequence Number” (ESN). Each Station tries to keep value of ESN up to date from received PIEs. This is “Transmit PIE” (TESN) Each station is given up to date ESN with key on first connection (First TESN) Possible race condition on transmit by two stations using same ESN Problem resolved by keeping separate ESN value for each station from which PIEs are received Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Maintaining the TESN Value is initialized from PIEkey key message Jan 2004 Maintaining the TESN Value is initialized from PIEkey key message When receiving valid PIE from other station, if ESN in received frame is greater than TESN then TESN is updated TESN is increment by one prior to each PIE generation Edney,Haverinen:Nokia, Harkins:Trapeze Networks

ESN Table Keep entry for each other station Jan 2004 ESN Table Keep entry for each other station When receiving PIE from other station check that ESN is greater than last value received Initialize entry for each other station using own value of TESN Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Action Frames Generic format of action frame Jan 2004 Action Frames Generic format of action frame Category Action Details Existing TGk Radio Measurement Format 03 Action Dlg Tkn Information Elements Protected (& unprotected) Information Elements go here Proposed TGk Radio Measurement Format 03 Control Dlg Tkn MIC (opt) Information Elements 16 octets MIC computed over action frame plus TA & RA Using HMAC-SHA1-128 Using Pairwise keys of TA and RA Prot bit indicates Whether MIC present Prot Action b0 b1 - 7 Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Keys Protected Information Element Key (PIEkey) Jan 2004 Keys Protected Information Element Key (PIEkey) Derived for each station from GMK Delivered using EAPOL-Key message Must be recomputed when group key updated MGK = PRF-128(GMK, “Protected IE Expansion”||AA||Nonce) Measurement Pairwise Key (MPK) Use existing pairwise keys Edney,Haverinen:Nokia, Harkins:Trapeze Networks

Jan 2004 Motion Move that TGk adopt the security approach described in doc 04-1003-00 and instruct the editor to incorporate the text of 04-0036-00 into the TGk draft Edney,Haverinen:Nokia, Harkins:Trapeze Networks