Limiting GAS State-1 Query Response Length Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Limiting GAS State-1 Query Response Length Date: 2006-11-13 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Abstract The current 802.11u-d0.02 draft text includes support for Generic Advertising Service (GAS). Currently, GAS does not support any means to limit responses to queries from state-1 STAs. Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Overview STAs in state 1 can request via GAS information about internetworking services of the DS This proposal does not apply to state-3 clients as they would not be communicating with advertising servers in the DS via GAS Delivery by the AP of these query responses takes away bandwidth from other services being provided to associated STAs, so it is highly desirable to have means to limit query response length for state-1 STAs Unlimited query response length, as currently defined, has potential risks for misuse and various attacks. This proposal describes methods by which query response length can be limited: Query Response Length Limit is configured on AP and provided to STA via Advertisement Protocol IE If natively supported by advertisement protocol, AP may also supply Query Response Length Limit to servers in the DS to which AP is proxying state-1 client queries. Stephenson/Sreemanthula/Canpolat John Doe, Some Company

GAS Capability IE Copied from 802.11u-d0.02 for reference purposes Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 GAS Capability IE Element ID Length Advertisement Protocol IE #1 Advertisement Protocol IE #2 (optional) … Advertisement Protocol IE #N (optional) Octets: 1 2 variable Copied from 802.11u-d0.02 for reference purposes Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Advertisement Protocol IE Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Advertisement Protocol IE Element ID Length Delivery Method Query Response Length Limit Advertisement Protocol ID Octets: 1 2 Copied from 802.11u-d0.02 and modified to include Length field Query Response Length Limit is maximum number of octets that AP will transmit in GAS Initial Response action frame or GAS Comeback Response action frame(s) To provide flexibility for Generic Advertising Service, Query Response Length Limit is specified in Advertisement Protocol IE rather than in GAS Capability IE Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 802.21 Example: Providing Query Response Length Limit natively when using 802.21-IS query protocol Network selection queries currently rely on 802.21 semantics to provide the desired bandwidth efficiency for STAs in state-1 802.21 Information queries, presently, can be used to query a lot of information yielding several MSDUs in query exchange GAS Query Response Length Limit will be useful to limit query response lengths. Lengthy query responses can be further reduced by restricting state-1 queries by limiting them to only the candidate WLAN Stephenson/Sreemanthula/Canpolat John Doe, Some Company

802.21 Example (cont.) How do we do this? Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 802.21 Example (cont.) How do we do this? AP performs offline 802.21 system management operations to carry the BSSID/ESSID and additional network info configured in AP (e.g. message length) to the Advertising Server (AServ). AServ establishes a link between transport over which the query was made vs the query itself This allows restricting the query result to that specific network and limit its message length Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Example 802.21 Message Sequence Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Example 802.21 Message Sequence STA AP AServ Sysman_req(AP-Info) AServ co-relates AP-Info and its transport parameters to a certain network and saves the transport address of AP Sysman_resp() Gas Query Gas Query AServ co-relates transport address of AP to a certain network. Query responses are limited to that network only Gas Response* Gas Response* * Response limited to WLAN network AP belongs to Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Proposal Benefits Generic mechanism has been described to limit length of GAS Query Responses for state-1 STAs Helpful to mitigate DoS attacks Provides superior integration of Query/Responses for Advertisement Protocols having native capability to limit query response length Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Feedback? November 2006 Month Year doc.: IEEE 802.11-yy/xxxxr0 Stephenson/Sreemanthula/Canpolat John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2006 Straw Poll Shall draft text in accordance with 11-06/1784r0 be developed for inclusion into the respective 802.21 and TGu amendments? Stephenson/Sreemanthula/Canpolat John Doe, Some Company