HIP DEX for Fast Initial Authentication in

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in Date:
Advertisements

Doc.: IEEE /0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P Working Group.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.
Doc.: IEEE HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE /484r0 Submission NameAffiliationsAddressPhone George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.
IEEE Wireless LAN Standard
Submission doc.: IEEE /1146r0 Hitoshi Morioka, ROOT INC. Jun 2010 Feasibility Study of FIA Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.
Robust Security Network (RSN) Service of IEEE
Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure
doc.: IEEE /xxx Jon Edney, Nokia
Discussions on FILS Authentication
FILS presentation on High Level Security Requirements
AP Discovery Information Broadcasting
Fast Authentication in TGai
Resource Request/Response Discussion
Differentiated Initial Link Setup (Follow Up)
TGaq Pre-Association Summary
IGTK Switch Announcement
Using Upper Layer Message IE in TGai
Pre-association Service Discovery Use Cases
Improvement on Active Scanning
Uplink Broadcast Service
FILS Association Date: Authors: Name Affiliations Address
IGTK Switch Announcement
AP discovery with FILS beacon
AP discovery with FILS beacon
AP discovery with FILS beacon
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Low Power Sensor Broadcast Use Cases
Reducing the Probe Response transmission
Robert Moskowitz, Verizon
Listen to Probe Request from other STAs
AP Power Down Notification
Month Year doc.: IEEE yy/xxxxr0
Prioritized Active Scanning in TGai
Access distribution in ai
Link Setup Flow July 2011 Date: Authors: Name Company
Fast Authentication in TGai
Access Control Mechanism for FILS
May 2004 doc.: IEEE /629r1 May 2004 The Nature of an ESS
Secure Network Selection
Impact of KTP Non-definition
Robert Moskowitz, Verizon
HIP DEX for Fast Initial Authentication in
IEEE TGai Closing Report
Mobility Support in Wireless LAN
Computer Networks Presentation IEEE Architecture
Liaison Report Date: Authors: March 2012
Heterogeneous wireless mesh network interworking
Synchronization of Quiet Periods for Incumbent User Detection
Robert Moskowitz, Verizon
Konstantinos Georgantas, HIIT
Management Enhancement for WLAN
Month Year doc.: IEEE yy/xxxxr0 May 2012
Differentiated Initial Link Setup (Follow Up)
Link Setup Flow July 2011 Date: Authors: Name Company
Access distribution in ai
Month Year doc.: IEEE yy/xxxxr0
July 2013 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Technical Decisions for KMP transport Date.
Month Year doc.: IEEE yy/xxxxr0
Fast passive scan for FILS
Month Year doc.: IEEE yy/xxxxr0 May 2012
Presentation transcript:

HIP DEX for Fast Initial Authentication in 802.11 Konstantinos Georgantas, HIIT Page 1 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 HIP DEX for Fast Initial Authentication in 802.11 Date: 2011-05-10 Authors: Name Company Address Phone email Konstantinos Georgantas Helsinki Institute for Information Technology 0030-6974343988 Konstantinos.Georgantas@hiit.fi Robert Moskowitz Verizon Business 15210 Sutherland, Oak Park, MI 48237, USA +1-248-219-2059 rgm@labs.htt-consult.com Slide 1 Konstantinos Georgantas, HIIT Page 1 Konstantinos Georgantas, HIIT

Abstract Konstantinos Georgantas, HIIT Page 2 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Abstract This document presents the use of a HIP Diet EXchange (DEX) based architecture which intends to provide the necessary IP layer elevated security mechanisms in order to face the challenge of fast authentication in WLANs. HIP introduces a radically new way of authenticating hosts in WLANs in only two message exchanges and therefore saves time during authentication Slide 2 Konstantinos Georgantas, HIIT Page 2 Konstantinos Georgantas, HIIT

Agenda Konstantinos Georgantas, HIIT Page 3 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Agenda Problem statement Solution overview Network architecture HIP DEX adjustments Protocol operation Open work items Conclusions Slide 3 Konstantinos Georgantas, HIIT Page 3 Konstantinos Georgantas, HIIT

Problem Statement Konstantinos Georgantas, HIIT Page 4 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Problem Statement Why Fast Initial Authentication? Moving users with high velocity between APs Big amount of users entering an AP Smaller and smaller cell areas Ultimate goal: Can we go with a single roundtrip? Slide 4 Konstantinos Georgantas, HIIT Page 4 Konstantinos Georgantas, HIIT

Solution Overview (1/3) Konstantinos Georgantas, HIIT Page 5 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (1/3) Maybe not a single roundtrip but what about 2 roundtrips? “Lightweight Authentication and Key Management on 802.11 Wireless Networks” by Konstantinos Georgantas and Andrei Gurtov submitted in IEEE GLOBECOM 2011 Introduce a new network hierarchy Move the authenticator – HIP responder one level above Authentication only when ESS transition occurs Let the APs act as relays Introduce port based Net Access Control allowing HIP only traffic until the Initiator is authenticated Slide 5 Konstantinos Georgantas, HIIT Page 5 Konstantinos Georgantas, HIIT

Solution Overview (2/3) Konstantinos Georgantas, HIIT Page 6 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (2/3) Let HIP datagrams run over 802.11 Authentication frames HIP UPDATE can act as a rekeying mechanism EAP can also run on HIP! Slide 6 Konstantinos Georgantas, HIIT Page 6 Konstantinos Georgantas, HIIT

Solution Overview (3/3) Konstantinos Georgantas, HIIT Page 7 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (3/3) Proposed operation Slide 7 Konstantinos Georgantas, HIIT Page 7 Konstantinos Georgantas, HIIT

Reference Papers Konstantinos Georgantas, HIIT Page 8 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Reference Papers Some papers to review D. Kuptsov, A. Khurri, A. Gurtov, Distributed authentication architecture in Wireless LANs, in Proc. of the 10th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'09), June 2009. http://www.cs.helsinki.fi/u/gurtov/papers/wowmom09.pdf J. Korhonen, A. Mäkelä, T. Rinta-aho, HIP Based Network Access Protocol in Operator Network Deployments http://rinta-aho.com/papers/M2NM_napi.pdf Slide 8 Konstantinos Georgantas, HIIT Page 8 Konstantinos Georgantas, HIIT

Open Work Items Konstantinos Georgantas, HIIT Page 9 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Open Work Items STA validation of AP Include a CERT parameter in R1 that contains an X.509 cert for the AP Assumption is the STA can validate the cert without any 'upstream' assistance, or delay validation until IP connectivity is provided Timing concerns for AUTHENTICATION RESPONSE 802.11 does not specify a response time window, but does WiFi certification? If so do we need NULL keepalives or loosening of timings when AUTHENTICATION used for KMP? Slide 9 Konstantinos Georgantas, HIIT Page 9 Konstantinos Georgantas, HIIT

Conclusions Thank you! Konstantinos Georgantas, HIIT Page 1010 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Conclusions Seamless intra-domain handovers (BSS transitions) Only 2 roundtrips (instead of 11) for inter-domain handovers (ESS transitions) But there are still some security considerations under review Thank you! Slide 10 Konstantinos Georgantas, HIIT Page 10 Konstantinos Georgantas, HIIT

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.