Pre-Association Negotiation of Management Frame Protection (PANMFP)

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Robust Security Network (RSN) Service of IEEE
PHY Security FRD and SRD Text
History and Implementation of the IEEE 802 Security Architecture
FILS Reduced Neighbor Report
TGaq Transaction Protocol
Security Enhancement to FTM
Month Year doc.: IEEE yy/xxxxr0 May 2012
Some LB 62 Motions January 13, 2003 January 2004
PHY Security FRD and SRD Text
Discussions on FILS Authentication
Keying for Fast Roaming
Service discovery architecture for TGaq
Pre-association Security Negotiation for 11az SFD Follow up
Triggering the Broadcast Probe Response
Defense Against Multi-Channel Man-in-the-Middle (MITM)
Functional Requirement for Secure Ranging
Pre-association Security Negotiation for 11az SFD Follow up
Mesh Security Proposal
Dynamic Generation of Password Identifier
Defense Against Multi-Channel Man-in-the-Middle (MITM)
Use of EAPOL-Key messages during pre-auth
PEKM (Post-EAP Key Management Protocol)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Secure WUR frames Date: Authors: January 2018
March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Call for Proposals] Date Submitted:
Pre-Association Security Negotiation (PASN) for 11az
FILS Reduced Neighbor Report
Beacon Protection Date: Authors: July 2018 July 2018
Beacon Protection Date: Authors: May 2018 January 2018
Fast Authentication in TGai : Updates to EAP-RP
Intel Secured Location Threat Model
Functional Requirement for Secure Ranging
Jesse Walker and Emily Qi Intel Corporation
Authentication and Key Management of MP with multiple radios
Reducing Overhead in Active Scanning with Simulation Results
Fast Roaming Compromise Proposal
Mesh Security Proposal
FTM Frame Exchange Authentication
Reducing Overhead in Active Scanning with Simulation Results
Fast Roaming Compromise Proposal
Beacon Protection Date: Authors: July 2018 July 2018
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Roaming Compromise Proposal
Triggering the Broadcast Probe Response
Keying for Fast Roaming
Jesse Walker, Intel Corporation Russ Housley, Vigil Security
FILS Frame Content Date: Authors: February 2008
Beacon Protection Date: Authors: May 2018 January 2018
Month Year doc.: IEEE yy/xxxxr0 May 2012
Defense Against Multi-Channel Man-in-the-Middle (MITM)
Defense Against Multi-Channel Man-in-the-Middle (MITM)
Intel Secured Location Threat Model
AoD in Passive Ranging Date: Authors: Name Affiliations
11az Ranging and Location Privacy
11ay Fast Association Authentication
11ay Fast Association Authentication
On the Need for an ai Annex
Intel Secured Location Threat Model
Presentation transcript:

Pre-Association Negotiation of Management Frame Protection (PANMFP) October 2016 doc.: IEEE 802.11-16/1289r0 January 2017 Pre-Association Negotiation of Management Frame Protection (PANMFP) Date: 2017-03-01 Authors: Nehru Bhandaru et. al. Adrian Stephens (Intel Corporation)

Background Motivation for FTM Security January 2017 Background Motivation for FTM Security Integrity of measurement and location Requires management and control frame protection Location and ranging privacy Management frame protection Earlier Contributions (See references) FTM Security Enhancements (16/1020r0) Security Requirements (16/1256r1) FTM Security in Associated and Un-associated States (16/1498r1) Group interest in more detail Protection in Un-associated state Mechanism allows any management frame to be protected Using standard MFP after key derivation whether associated or not Slide 2 Nehru Bhandaru et. al.

Introduction We believe PANMFP protocol is presented here January 2017 Introduction We believe Standard Management Frame Protection (MFP) i.e. using AES-xCMP should be leveraged to protect management frames pre and post association Protect FTM/Location Protect additional discovery mechanisms (e.g. Service Discovery) Additional privacy pre-association Possible in Un-associated state with extensions to key negotiation protocol(s) PANMFP protocol is presented here Not discussed in this presentation Control frame protection, but it can leverage MFP Mechanisms to protect against physical layer attacks Slide 3 Nehru Bhandaru et. al.

PANMFP Authentication Protocol January 2017 PANMFP Authentication Protocol non-AP STA AP Beacon(RSNIE(PANMFP)) Auth(1, PANMFP, PMKID(s), DH-S(FCG, FFE) or SNonce, RSNIE, Wrapped Data) Auth(2, PANMFP, PMKID, DH-A(FCG, FFE) or ANonce, Wrapped Data, MIC) Auth(3, PANMFP, MIC) Slide 4 Nehru Bhandaru et. al.

PANMFP Authentication Protocol January 2017 PANMFP Authentication Protocol RSN IE advertises PANMFP AKM PANMFP 802.11 authentication protocol establishes a PTK Mutual authentication Includes key confirmation Optional support for PFS Use existing elements - FCG, FFE, Wrapped Data, MIC Management frame protection using the PTK Unicast frame protection only Protect robust action frames and de-authentication frame Slide 5 Nehru Bhandaru et. al.

PANMFP Authentication Protocol January 2017 PANMFP Authentication Protocol Authentication Frame 1 PMKID(s) identifying possible PMK(s) from initial Security Association to another AP in ESS can use any AKM for initial SA identified in RSN IE Allow for DH or Nonces to derive PTK Optionally allow Wrapped Data - can carry EAP-rp as in FILS Slide 6 Nehru Bhandaru et. al.

PANMFP Authentication Protocol January 2017 PANMFP Authentication Protocol Authentication Frame 2 PMKID identifying the PMK Optionally allow Wrapped Data - can carry EAP-rp as in FILS MIC protects the frame AP derives PTK before sending the frame DH public values or nonces are integrity protected using PTK (KCK) KCK used with CMAC or HMAC-SHA-xxx where xxx is 384 or 256 as determined by RSNIE Example key derivation(s) PTK without PFS = KDF-Hash-Length(PMK, “PANMFP-PTK”, SNonce||ANonce||BSSID||STA-Addr) PTK with PFS = KDF-Hash-Length(PMK, “PANMFP-PTK”, DH-shared-secret||BSSID||STA-Addr) MIC lengths of 16 or 24 octets as in [1] KCK length is per AKM in the RSNIE KEK not used Slide 7 Nehru Bhandaru et. al.

PANMFP Authentication Protocol January 2017 PANMFP Authentication Protocol Authentication Frame 3 Completes key confirmation with MIC Keys installed on AP after the frame is ACK’d Keys installed on non-AP STA after the frame ACK is received Slide 8 Nehru Bhandaru et. al.

Expected changes to 802.11 Spec January 2017 Expected changes to 802.11 Spec AKM selector for PANMFP AKM (Table 9-133) Algorithm Assigned Number for PANMFP PANMFP Key derivation and hierarchy (12.7.1.x) PANMFP Authentication Protocol (12.x) frame generation and processing on STA and AP Frame filtering Robust action frames are class 2 when SA established by PANMFP is present FTM negotiation Advertise secure FTM capabilities (Extended Capabilities IE) Negotiate secure FTM use (FTM parameters) Secure FTM relies on PANMFP and standard MFP FTM Security Considerations Slide 9 Nehru Bhandaru et. al.

Questions & Discussion January 2017 Questions & Discussion Can we use SAE No, since SAE derives PMK only What about FILS Used for initial authentication only Key confirmation part of association Wrapped data can be used to execute EAP-rp protocol to derive PMK What about FBT PMK-r1 can be used as PMK in PANMFP How is PMK distributed No new mechanisms for PMK distribution. Can we work with no PMK Possibly, similar to OWE Changes to 802.11 state machine Not required, but filtering rules change Slide 10 Nehru Bhandaru et. al.

Questions & Discussion January 2017 Questions & Discussion Do we need replay protection for negotiation No, renegotiate with new Nonces or FFEs Can association follow PANMFP authentication and data frame protection using keys derived via PANMFP No, must 802.11 re-authenticate, re-associate and establish an RSN SA that is not from PANMFP Can Authentication happen with Public Keys and Certificates instead of a PMK Yes, but not in the scope of this proposal Can the key be negotiated in two messages No, since the first message may not be protected and needs to be confirmed Slide 11 Nehru Bhandaru et. al.

Summary FTM/11az needs security January 2017 Summary FTM/11az needs security FTM frame protection should use standard MFP Presented a pre-association protocol To establish keys to protect FTM and other frames prior to association Independent of FTM Can possibly protect other frames Slide 12 Nehru Bhandaru et. al.

January 2017 Straw Poll The 802.11 authentication method described here should be used for negotiating pre-association security (Keys, SA) used to secure FTM Agree: Disagree: Abstain: Slide 13 Nehru Bhandaru et. al.

January 2017 References [1] IEEE Std 802.11 REVmc_D8.0, IEEE Standard for Information Technology – Telecommunications and information exchange between systems, local and metropolitan area networks – Specific requirements, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications [2] “Proposed 802.11az Functional Requirements”, IEEE 802.11-16/424r3 [3] IEEE 802.11-16/1020r0, Q. Wang, et. al., “Security Enhancement to FTM”, July 2016 [4] IEEE 802.11-16/1256-01-00az, Qi Wang et. al., Functional Requirement for Secure Ranging [5] IEEE 802.11-16/1498-01-00az, Qi Wang et. al., FTM Security in Associated and Un-sssociated States Slide 14 Nehru Bhandaru et. al.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.