Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Advertisements

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /1521r2 Submission January 2012 Marc Emmelmann, FOKUSSlide 1 AP and Network Discovery Enhancements Date: Authors:
Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: IEEE /1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1
Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1042r3 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: Authors:
Doc.: IEEE /0257r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: Authors:
Doc.: IEEE /0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0977r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN
Submission doc.: IEEE ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for ai Passive Scanning Improvement.
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE / ai Submission Nov 2011 Huawei Technologies Co. LtdSlide 1 Broadcast Probe Response in TGai Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0061r1 SubmissionJae Seung Lee, ETRISlide 1 Probe Response frame transmission interval Date:
Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Doc.: IEEE /0158r2 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE /1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: Authors:
Doc.: IEEE /1233r3 Submission Sep 2011 Slide 1 Passive Scanning Improvement Date: Authors:
Submission doc.: IEEE ai September 2012 Lei Wang, InterDigital CommunicationsSlide 1 Ad Hoc Discussions of ai Passive Scanning during.
Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc.: IEEE /1042r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /0275r3 Submission March 2012 Hitoshi Morioka, Allied Telesis R&D CenterSlide 1 Higher Layer Configuration Function for TGai SFD Date:
Doc.: IEEE /0977r1 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN
Submission doc.: IEEE 11-11/0761r0 July 2012 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Operating Channels Information Date: Authors:
Doc.: IEEE /1000r1 Submission July 2011 Jihyun Lee, LG ElectronicsSlide 1 TGai FILS Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: Slide 1 March 2012.
Submission doc.: IEEE ai May 2012 InterDigital Slide 1 Passive Scanning Improvement Ad Hoc Report Date: Authors:
Submission doc.: IEEE 11-12/1051r2 Multi-channel information for AP discovery 1 September 2012 HTC Corp. NameAffiliationsAddressPhone Jing-Rong HsiehHTC.
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE /0042r1 Submission January 2013 Yongho Seok, LG ElectronicsSlide 1 Fast Moving Scan Channel Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.:IEEE /1523r1 Submission November 2011 Access Delay Reduction for FILS: Network Discovery & Access congestion Improvements Slide 1 Authors:
Doc.: IEEE /0158r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /xxxr0 Submission Nov Jonathan Segev (Intel)Slide 1 Rapid Scanning Procedure Date: Authors:
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Doc.: IEEE /0294r2 Submission March 2012 Jonathan Segev (Intel)Slide 1 Active Scanning Reply Window Date: Authors:
Access Control Mechanism for FILS
Month Year doc.: IEEE yy/xxxxr0 May 2012
Discussions on FILS Authentication
TGai Guideline for Submissions to TGai Template Slides
Triggering the Broadcast Probe Response
Fast Authentication in TGai
Triggering the Broadcast Probe Response
Probe Request and Response in TGai
Access Control Mechanism for FILS
Listen to Probe Request from other STAs
Security Properties Straw Polls
Access Control Mechanism for FILS
Fast Authentication in TGai
AP Status Broadcast Date: Authors: November 2011
Access Control Mechanism for FILS
Triggering the Broadcast Probe Response
FILS Frame Content Date: Authors: February 2008
Month Year doc.: IEEE yy/xxxxr0 May 2012
Cooperative AP Discovery
Fast passive scan for FILS
GAS procedure in TGai Date: Authors: May 2012 Month Year
Month Year doc.: IEEE yy/xxxxr0 May 2012
Presentation transcript:

doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:

doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation describes a proposed FILS authentication protocol.

doc.: IEEE /1429r2 Submission Conformance with TGai PAR & 5C January 2012 Dan Harkins, Aruba NetworksSlide 3 Conformance QuestionResponse Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in ? No Does the proposal change the MAC SAP interface?No Does the proposal require or introduce a change to the architecture? No Does the proposal introduce a change in the channel access mechanism? No Does the proposal introduce a change in the PHY?No Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (Re-)establishment, exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment. 3

doc.: IEEE /1429r2 Submission Otway-Rees: Authentication with a TTP Classic 3-party protocol Players: –Alice, a client/peer with identity A –Bob, a server/peer with identity B –Trent, the trusted 3 rd party with identity T Assumptions: –Alice shares a key with Trent, K at –Bob shares a key with Trent, K bt Notation: –{X}y is wrapping message X with key y –g x is a Diffie-Hellman exponential, generator g raised to power x –Nx is a nonce, a random number, contributed by party x –sess is a session identifier –X  Y means X sends to Y January 2012 Dan Harkins, Aruba NetworksSlide 4

doc.: IEEE /1429r2 Submission “Otway-Rees” with Key Confirmation A  B: A, B, sess, {Na, A, B, sess} K at B  T: B, A, sess, {Nb, B, A, sess, {Na, A, B, sess} K at } K bt B  T: sess, {Nb, Na, Kab, {Na, Nb, K ab }K at }Kbt A  B: sess, {Na, Nb, K ab }K at K ab-mac | PMK = KDF(Na | Nb, K ab ) A  B: HMAC(K ab-mac, sess | MAC-A | MAC-B) A  B: HMAC(K ab-mac, sess | MAC-B | MAC-A) K ab-ccm = KDF(PMK, sess, min(MACS), max(MACS)) January 2012 Dan Harkins, Aruba NetworksSlide 5

doc.: IEEE /1429r2 Submission “Otway-Rees” with Key Confirmation Nonces provide a proof of “liveness” to the resulting shared key Embedding Alice’s messages in Bob’s thwarts certain cut-and-paste attacks Final two messages provide proof-of-possession K ab Trent, the trusted third party, is a key distributor –Someone else besides Alice and Bob know their secret –Trent is solely responsible for creating the secret If either Alice’s or Bob’s long-term secret is compromised, then all past sessions can be exposed –Lacks Perfect Forward Secrecy (PFS) January 2012 Dan Harkins, Aruba NetworksSlide 6

doc.: IEEE /1429r2 Submission Authentication Using a TTP– Adding PFS Use Diffie-Hellman exchange to derive a unique session key Use Trent to authenticate the exchange, not be a key distributor Diffie-Hellman exchange provides Perfect Forward Secrecy– if Alice’s or Bob’s long term secret is compromised, past sessions remain confidential and secure. January 2012 Dan Harkins, Aruba NetworksSlide 7

doc.: IEEE /1429r2 Submission Authentication Using a TTP– Adding PFS A  B: A, sess, Na, {A, B, sess, g a } K at B  T: B, sess, {B, A, sess, g b, {A, B, sess, g a }K at } K bt B  T: sess, {B, A, sess, g b, g a, {A, B, sess, g a, g b }K at }K bt, A  B: sess, Nb, {A, B, sess, g a, g b }K at (g b ) a = g ab = (g b ) a K ab-mac | PMK = KDF(Na | Nb, g ab ) A  B: HMAC(K ab-mac, sess | MAC-A | MAC-B) A  B: HMAC(K ab-mac, sess | MAC-B | MAC-A) K ab-ccm = KDF(PMK, sess, min(MACS), max(MACS)) January 2012 Dan Harkins, Aruba NetworksSlide 8

doc.: IEEE /1429r2 Submission Authentication Using a TTP– Adding PFS Diffie-Hellman exponentials in wrapped content provide the “liveness” proof to the exchange Embedding messages from/for Alice into Bob’s messages helps thwart cut-and-paste attacks Alice knows Bob created g b and Bob knows Alice created g a (because Trent said so), and they both know that the only entities that can know g ab are themselves Final two messages provide proof-of-possession of g ab Generation of a CCMP (GCMP!) key for initial use and a PMK for subsequent use January 2012 Dan Harkins, Aruba NetworksSlide 9

doc.: IEEE /1429r2 Submission Putting FILS Authentication Using a TTP Into Authenticated Diffie-Hellman between Alice and Bob is four messages– two for the interaction with Trent, and two to prove possession of the resulting shared secret. –Use authentication frames for first two –Use association frames for second two Fits in nicely with state machine –Discovery is through Beacons and Probe responses –State 0 to State 1 transition is using authentication frames –State 1 to State 2 transition is using association frames –STA could associate with multiple APs while associated with another Can put other things, like DHCP Request/Response, into Association Request/Response January 2012 Dan Harkins, Aruba NetworksSlide 10

doc.: IEEE /1429r2 Submission Putting FILS Authentication Using a TTP Into January 2012 Dan Harkins, Aruba NetworksSlide beacon/probe response authentication request authentication response association request association response FILS-TTP authentication request FILS-TTP authentication response STAid, sess, {blob}sta-ttp TTPid, APid APid, sess, {blob}ap-ttp sess, {blob}ap-ttp sess, {blob}sta-ttp H(K, sess | MAC-STA | MAC-AP) H(K, sess | MAC-AP | MAC-STA) STAAPTTP

doc.: IEEE /1429r2 Submission Putting FILS Authentication Using a TTP Into Fast! –Only operations using asymmetric cryptography invole the Diffie- Hellman key exchange –PFS is optional! –The TTP does not do any computationally intensive action! Use state-of-the-art crypto –Use RFC 5297 for wrapping/unwrapping of blobs –Use RFC 5869-style “extract-the-expand” KDF –Works with elliptic curve as well as finite field cryptography Communication with Trent: –Use existing infrastructure: RADIUS or DIAMETER. January 2012 Dan Harkins, Aruba NetworksSlide 12

doc.: IEEE /1429r2 Submission Properties of FILS Authentication Using a TTP Perfect Forward Secrecy: Yes, optionally Mutual Authentication: Yes Key Generation: Yes Identity Protection: No Protection against DDOS attacks: No Crypto-agility: Yes Negotiation of crypto capabilities: Yes January 2012 Dan Harkins, Aruba NetworksSlide 13

doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 14 References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.