FILS Handling of Large Objects

Slides:



Advertisements
Similar presentations
Submission doc.: IEEE 11-14/0141r0 January 2014 Jarkko Kneckt (Nokia)Slide 1 Element Fragmentation Date: Authors:
Advertisements

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /0133r3 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: Submission May 13, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date:
Doc.: Submission January 22, 2014 Rene Struik (Struik Security Consultancy)Slide 1 TGai Motions Date: Authors: NameCompanyAddressPhone .
Doc.: Submission March 21, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
Doc.: Submission April 22, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date:
Doc.: Submission February 5, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
Doc.:IEEE /0318r0 March 2013 A. Asterjadhi, Qualcomm Inc. Short MAC Header Design Date: Authors:
Doc.: Submission May 14, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Piggy-Backing Aspects Date: Authors: NameCompanyAddressPhone .
Submission doc.: IEEE /0336r0 March 2016 Xiaofei Wang (InterDigital)Slide 1 Relay Improvement: Regarding CID 9058 & 9075 Date: Authors:
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Higher Layer Packet Container Proposal Presentation
FILS Reduced Neighbor Report
Discussion of Outstanding TGai Security Topics
Security Enhancement to FTM
MU BAR Frame Format Date: Authors: November 2015 Month Year
White Space Map Notification
Service discovery architecture for TGaq
Fast Authentication in TGai
Random Access RU Allocation in the Trigger Frame
Random Access RU Allocation in the Trigger Frame
TGaq Transaction Protocol (update)
FILS Handling of Large Objects
FILS Handling of Large Objects, FILS Piggy-Backing
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
FILS Handling of Large Objects
November 2011 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: MAC common concepts and merge strategy.
Multiple Locations Channel Availability Query
Multiple Locations Channel Availability Query
Multiple Locations Channel Availability Query
Secure WUR frames Date: Authors: January 2018
How To Fragment An IE Date: Authors: May 2013
December 7, 2018 doc.: IEEE r0 July, 2003
FILS Reduced Neighbor Report
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Reducing Overhead in Active Scanning
Fragmentation with A-MPDU
Beacon Protection Date: Authors: July 2018 July 2018
Beacon Protection Date: Authors: May 2018 January 2018
FILS Handling of Large Objects
Security for Measurement Requests and Information
CID#102 - Channel Allocation
Random Access RU Allocation in the Trigger Frame
Security for Measurement Requests and Information
Net 323 D: Networks Protocols
TGai Motions Date: Authors: January 22, 2014 Name Company
Reducing Overhead in Active Scanning
Random Access RU Allocation in the Trigger Frame
Overview of Changes to Key Holder Frame Formats
Proposed Resolutions to RFI comments of LB 166 on IEEE s D7.0
February 24, 2019 doc.: IEEE r0 July, 2003
Reducing Overhead in Active Scanning with Simulation Results
<author>, <company>
Fast Authentication in TGai
CID#89-Directed Multicast Service (DMS)
Channel Allocation March 2008 Authors: Date: Month Year
Amendment for emergency alert system notification
Reducing Overhead in Active Scanning with Simulation Results
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
FILS Frame Content Date: Authors: February 2008
Beacon Protection Date: Authors: May 2018 January 2018
<author>, <company>
Reducing Overhead in Active Scanning
Reducing Overhead in Active Scanning
Request for Legacy IE ID for RSN Extension
Presentation transcript:

FILS Handling of Large Objects April 2009 doc.: IEEE 802.19-09/1243r1-draft February 5, 2013 FILS Handling of Large Objects Date: 2013-02-05 Authors: Name Company Address Phone email René Struik Struik Security Consultancy Toronto ON, Canada USA: +1 (415) 690-7363 Toronto: +1 (647) 867-5658 Skype: rstruik rstruik.ext@gmail.com René Struik (Struik Security Consultancy) Rich Kennedy, Research In Motion

Review Comments on 802.11ai – D0.2 Generalized Problem Statement February 5, 2013 Review Comments on 802.11ai – D0.2 Ref: 13/0036r09 (tgai-draft-review-combined-comments) CID #242 (David Goodall, 13/0016r0): Comment (8.4.2.184): An X.509v3 certificate may be longer than 253 bytes and therefore requires fragmentation across multiple elements. A certificate chain may require additional fragmentation. Proposed change: 11ai will need to provide a mechanism for fragmenting certificates and certificate chains. It may be possible to adopt a mechanism from 11af etc. Generalized Problem Statement What to handle large objects that fit within a single frame? How to fragment FILS frames, if these become too long due to large objects?

Outline Constructs from 802.11-2012 February 5, 2013 Outline Constructs from 802.11-2012 Frame fragmentation/defragmentation Management frame body components Protocol recap Certificate-based protocol Protocol including “piggy-backed info” Application to FILS protocol Handling of large objects Handling of “foreign” objects (e.g., higher-layer “piggy-backed data” along key confirmation flows)

Frame Fragmentation (802.11-2012) February 5, 2013 Frame Fragmentation (802.11-2012) Conceptual Channel 802.11 Channel w/Fragmentation Notes: Headers contain Sequence Control Field that indicates fragment# (4-bits) and sequence # (12-bits) Originator (A) partitions frame body and sends individual segments in separate frames, in order Recipient (B) reconstructs original (conceptual) frame from received segments, in order When secure channel used, each segment is individually secured (by originator) or unsecured (by recipient) Duplicate segments and segments received after time-out are acknowledged 802.11-2012 allows fragmentation/defragmentation with individually addressed MSDUs and MMPDUs HDR Body2 FCS A B HDR1 Body1 FCS1 HDR3 Body3 FCS3 HDR2 FCS2

Management Frame Body Components (802.11-2012) February 5, 2013 Management Frame Body Components (802.11-2012) Information Elements (8.4.2): Named objects with format (Type, Length, Value), where Type: Element-ID (1-octet field); Length: Octet-length of Value field (1-octet field); Value: Variable field. Non-Information Elements (8.4.1): Specified objects with tailored length and value attributes Notes: Information elements cannot have size larger than 255 octets, whereas non-information elements can. With 802.11-2012, Authentication frames (8.3.3.11) are specified with field elements that are non-IEs, as is the case with some field elements specified with association request frames (8.3.3.5) and Association Response frames (8.3.3.6).

Protocol Recap February 5, 2013 Notes: Our exposition is relative to certificate-based public-key protocol (i.e., without online third party), but does leave out details not necessary for current discussion A Random X, Nonce NA {NA, NB,[CertCA(IdA,QA), signA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB {NB, NA,[CertCA(IdB,QB), signB]}KEK2 STA AP René Struik (Struik Security Consultancy)

Protocol Recap w/ “Piggy-Backed Info” February 5, 2013 Protocol Recap w/ “Piggy-Backed Info” Notes: Key confirmation messages can become quite large, due to accumulation of certificates; Signature; “piggy-backed info”. Certificate (chain) verification has to happen after completion of the key computation (thus, forcing a serialized implementation (optionally carrying out computations between A and B in parallel). A Random X, Nonce NA {NA, NB,[CertCA(IdA,QA), signA, TextA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB STA AP {NB, NA,[CertCA(IdB,QB), signB, TextB]}KEK2 René Struik (Struik Security Consultancy)

Suggested Protocol Flows February 5, 2013 Suggested Protocol Flows Notes: Easy fragmentation/defragmentation of Authentication frames (since no 802.11-2012 frame protection); Fragmentation on Association frames possible (since no 802.11-2012 frame protection of those frames); All objects that do not fit restrictions of IEs can easily be represented as field elements (in 802.11-2012’s 8.4.1 sense). Intra-frame fragmentation of higher-layer TLV objects (13/133r3) can be handled uniformly and aligned with 802.11-2012 fragmentation/re-assembly Sequence Control Field approach (details in next version) Further “ugly” optimization: Partition certificate that “just does not fit” over 1rst/3rd flow, resp. 2nd/4th flow (thus, not increasing #flows) A Random X, Nonce NA, {NA, NB,[CertCA(IdA,QA), signA, TextA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB STA AP CertCA(IdA,QA) CertCA(IdB,QB) {NB, NA,[CertCA(IdB,QB), signB, TextB]}KEK2 René Struik (Struik Security Consultancy)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.