SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE 802.11-04/552r0May 2004.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Advertisements

Overview of the SDE Protocol Presented by Ken Alonge Chair,
Doc.: IEEE /2913r0 Submission November 2007 Kapil Sood, Intel CorporationSlide 1 Protecting Associations Attacks – Some Considerations Date:
Doc.: IEEE /0032r1 Submission January 2007 Donghee Shim et al, LG Electronics, Inc.Slide 1 Comments resolutions: Emergency call support in 11u.
Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
November 2005 Floyd Simpson, MotorolaSlide 1 doc.: IEEE /1193r0 Submission LB78 D3.0 Active Scanning Comments (clause ) Notice: This.
Doc.: IEEE /1468r0 Submission Dec 2008 Ashish Shukla, Marvell SemiconductorSlide 1 ERP Protection in IEEE s Mesh Network Date:
WEP Protocol Weaknesses and Vulnerabilities
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Submission doc.: IEEE ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for ai Passive Scanning Improvement.
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.
Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Submission doc.: IEEE 11-12/0553r4 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: Authors:
Doc.: IEEE /0644r2 Submission May 2006 Päivi Ruuska, NokiaSlide 1 Measurement Pilot Transmission Information as optional information in Probe.
Submission doc.: IEEE /1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: Authors:
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Doc.: IEEE /1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: Authors:
Wireless security Wi–Fi (802.11) Security
Doc.: IEEE /0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.
Submission November 2010 doc.: IEEE /1236r0 Enhancements to Enablement Procedure Slide 1 Santosh Abraham, Qualcomm Incorporated Date:
Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
Doc.: IEEE /xxxxr0 July 2011 Padam Kafle, Nokia Submission Simplification of Enablement Procedure for TVWS Authors: Date: July 18, 2011 NameCompanyAddressPhone .
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Resolutions to Static RTS CTS Comments
Fall 2006CS 395: Computer Security1 Key Management.
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.:IEEE /0313r1 Submission Robert Stacey (Intel) March 12, 2010 Slide 1 Rekeying Protocol Fix Authors: Date:
Doc.: IEEE /0041r1 AP Location Capability January 2007 Donghee Shim et alSlide 1 AP Location Capability Notice: This document has been prepared.
Doc.: IEEE /1219r4 Submission March, 2006 S. Ponnuswamy (Aruba Networks)Slide 1 Virtual AP Presentation Notice: This document has been prepared.
Doc.: IEEE k Submission July 2004 Bernard Aboba, MicrosoftSlide 1 IEEE k Security: A Conceptual Model Bernard Aboba Microsoft.
SubmissionJoe Kwak, InterDigital1 STA disassociation behavior Joe Kwak, Marian Rudolf InterDigital doc: IEEE /106r0January 2004.
SubmissionJoe Kwak, InterDigital1 Retrieving MIB contents from STA’s Joe Kwak, Marian Rudolf InterDigital doc: IEEE /554r0July 2003.
SubmissionJoe Kwak, InterDigital1 Two New MAC Measurements loading measurements for STA transmit traffic and AP service ability to support network management.
SubmissionJoe Kwak, InterDigital1 PHY measurements for interference reduction from 11h Joe Kwak, Marian Rudolf InterDigital doc: IEEE /537r0July.
Doc.: IEEE /0537r0 Submission May 2010 Kazuyuki Sakoda, Sony CorporationSlide 1 General frame format comment resolution overview Date:
Doc.: IEEE /0343r1 Submission May 2005 Kapil Sood, IntelSlide 1 Protection of Management Frames - Protocol Requirements Notice: This document.
January 2003 Joe Kwak InterDigital Communications Corporation
November 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted:
October 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted: [17.
October 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted: [17.
Mesh Security Proposal
Coexistence of Legacy & RSN STAs in Public WLAN
Broadcast of Neighbor Info
Secure WUR frames Date: Authors: January 2018
Broadcast and Unicast Management Protection (BUMP)
Broadcast and Unicast Management Protection (BUMP)
Beacon Protection Date: Authors: July 2018 July 2018
Beacon Protection Date: Authors: May 2018 January 2018
Security for Measurement Requests and Information
Security for Measurement Requests and Information
A Review of the Site Reporting Protocol in IEEE802.11k Draft 0.2
Security for Measurement Requests and Information
doc.: IEEE /454r0 Bob Beach Symbol Technologies
CID#89-Directed Multicast Service (DMS)
Rekeying Protocol Fix Date: Authors: Month Year
Mesh Security Proposal
Beacon Protection Date: Authors: July 2018 July 2018
Clause 7 Comment Resolutions
Beacon Protection Date: Authors: May 2018 January 2018
Reducing Overhead in Active Scanning
Encrypting Management Frames
Presentation transcript:

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 2 Problem statement For the purpose of optimizing O&M and radio performance, k, Introduces many new MAC management action frames Adds couple of new IEs to several existing frames Those new 11k contents exchanged over the air currently do not provide any security (source integrity, encryption) It is thinkable that this may become a security threat to 11k enabled WLAN in the future, Threat 1: No security, 11k may repeat another WEP experience Threat 2: Resolution of 11k security issue delays 11k as a whole Threat 3: 11k solution too complex to implement and/or not aligned with 11i hardware changes Requirement to create a mechanism that (optionally) provides security of the new TGk information contents

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 3 Some thoughts… We anticipate there is a potential security problem if 11k specification does not provide any source integrity and encryption But it is unclear if there is a real danger and if yes, to which extent it would jeopardize system operation 11k security will need to operate in the general framework given by WPA and 11i No need to have a tighter security concept in 11k than in WPA and 11i 11k security must not preclude operation of WPA or 11i security

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 4 Options to solve the problem 1. Do nothing (like 11h, and let some other group address this issue when/if it becomes problem) 2. Try to address the 11k security issue: /1003r2 Nokia, 01/ /0264r2 Intel, 03/04 3. Simplify the security issues using elements from the above two proposals InterDigital believes the third option is possible.

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 5 InterDigital’s perception 11k should provide security more for future-proofness than for any actual perceived threat from disclosing or forging radio resource measurement information For 11k, providing source/message integrity protection is the most important security mechanism and should be required: Source integrity comes at relatively low cost, compute and append TKIP MIC Offers the most basic of all protection mechanisms, “if someone tampered with the frame contents, then discard” Encryption should be optional for all frames using Nokia or Intel proposal Legacy or not-yet-authenticated STAs can still read unencrypted information on broadcast frames and will ignore the TKIP MIC Nokia proposal for encryption is more flexible but seems to be misaligned with 11i and the 11i per-frame encryption engine Intel proposal is straightforward (works like for data frames in 11i, so encryption engine the same), but it may not address all scenarios

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 6 Simplifying Assumptions IEEE802.11i is completed as per current draft 10.0 and provides the mechanisms (but not to forget WPA…) Good keys are available and managed under IEEE802.11i Group key (common key) Session keys (STA-specific) A STA does not know any key before it gets authenticated Any authenticated STA can be trusted, therefore, group keys are useful and used for all broadcast/multicast 11k security is an optional feature Must be implemented in all TGk STAs, but can be enabled or disabled based on local BSS policy

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 7 Simplified Proposal for TGk Security 1. Require TKIP MIC in all action frames: Transmitting STA computes/encrypts/appends TKIP MIC to allow receiving STA to authenticate both message and sender before acting on contents of received frame. TKIP MIC mechanism is modified for use with group key(s) for broadcast/multicast frames. 2. Use frame-based encryption as option for all action frames: New security header bit indicates encrypted/unencrypted. All frame formats include security header and TKIP MIC. Frames which carry useful information for STAs not yet associated should not be encrypted, e.g. Beacons, Probe Responses, Site Report, new System Information, etc. The transmitter of the action frame decides when to encrypt. The receiver of the action frame uses TKIP MIC to decides whether to respond or take any action.

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 8 Extend TKIP MIC to Broadcast/Multicast Need to accept limitations of defined 11i mechanisms: 11i : “Data origin authenticity is only applicable to unicast data frames. The protocols do not guarantee data origin authenticity for broadcast/multicast data frames, as this cannot be accomplished using symmetric keys, and public key methods are too computationally expensive.” 11i : “It should be noted that a MIC alone cannot provide complete forgery protection, as it cannot defend against replay attacks. TKIP provides replay detection by TSC sequencing and ICV validation. Furthermore, if TKIP is utilized with a group key, an “insider” STA can masquerade as any other STA belonging to the group.” Run 11i encryption engine on frame using group key to compute and encrypt TKIP MIC for every broadcast/multicast action frame. Encryption engine also produces encrypted frame using group key. The encrypted frame body is discarded when transmitting unencrypted action frame with TKIP MIC.

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 9 Benefits of Proposal Avoids discussions/disagreements concerning mandatory data encryption: Do not need to poll/vote on encryption of each action frame type or IE and conditions in which encryption should be used. Do not need to “impose” encryption on operators or users. Relies on integrity of existing security protocols: Uses 802.x for strong authentication and key distribution at association time, STA is trusted thereafter. Uses defined 11i mechanisms with extension for TKIP MIC with group key for broadcast/multicast. Relatively easy to draft text: All TGK action frames and frame formats treated identically. Procedures section describes intended use of data encryption but includes no requirement “shalls”.

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 10 Proposal for a way forward Strawpoll to agree on two security decisions: Require security header and TKIP MIC on all 11k action frames Security header shall contain Encrypted/Clear bit to permit optional encryption of frame body for all 11k action frames Drafting group to produce normative text this week. Vote on normative text on Thursday, if possible. Extending these 11k decisions to 11h to be discussed for next meeting.

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 11 Security Question #1 Should TGk require a security header and TKIP MIC on all 11k action frames ? YES _______ NO _______ ABSTAIN _______

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 12 Security Question #2 Should the TGk security header contain an Encrypted/Clear bit to permit optional encryption of frame body for all 11k action frames? YES _______ NO _______ ABSTAIN _______

doc: IEEE /552r0May 2004 Submission Joe Kwak, InterDigital 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.