Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Published byPolly Copeland Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,"— Presentation transcript:

1 doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu, China +86-28 85342869 feng.chengyan@zte.com.cn Dezhi ZhangZTE CorporationE3048,Bibo Rd,Pudong,shanghai, China +86- 13816335629 zhang.dezhi2@zte.com. cn Li ZhuZTE CorporationE3048,Bibo Rd,Pudong,shanghai, China +86-21- 68896274 zhu.li8@zte.com.cn Lin WangZTE CorporationEast HuaYuan Road, Haidian District, Beijing, China +86-10- 82963667 wang.lin45@zte.com.cn Fast Security Setup Nov 2011 ZTE CorporationSlide 1 Authors:

2 doc.: IEEE 802.11-11/1426r02 Submission Abstract This document proposes an approach for accelerating the security setup for FILS. Nov 2011 ZTE CorporationSlide 2

3 doc.: IEEE 802.11-11/1426r02 Submission Conformance w/ Tgai PAR & 5C Nov 2011 ZTE CorporationSlide 3 Conformance QuestionResponse Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11? No Does the proposal change the MAC SAP interface?No Does the proposal require or introduce a change to the 802.1 architecture?No Does the proposal introduce a change in the channel access mechanism?No Does the proposal introduce a change in the PHY?No Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3,4

4 doc.: IEEE 802.11-11/1426r02 Submission Background 11/1160r4 has proposed that –Use of optimized full EAP in 11/1047r6 when EAP-RP context is not setup, or has expired; –Otherwise use EAP-RP based fast authentication in 11/1160r4. Our comments: –It is a good idea to combine full EAP authentication with EAP re- authentication; –It could cover both initial security setup case and re-authentication case; –It could provide fast security setup effectively. Nov 2011 ZTE CorporationSlide 4

5 doc.: IEEE 802.11-11/1426r02 Submission Our Concern: 1 EAP method authentication procedure is out of scope of IEEE 802.11. In the full EAP procedure in 11/1160r4, message 3, 4, 7 and 9 are EAP method specific. Why are they introduced in IEEE 802.11ai? FILS procedure should be independent with EAP method specific procedure. Nov 2011 ZTE CorporationSlide 5

6 doc.: IEEE 802.11-11/1426r02 Submission If DHCP lasts a long time, STA doesn’t receive the Association Response message in a pre-defined time, how does STA do ? –STA can’t know what’s the problem is. It doesn’t know if EAP authentication is successful or not, if DHCP procedure is successful or not. –STA can only have to retransmit Association Request message, also carrying EAP related message. Our Concern: 2 Nov 2011 ZTE CorporationSlide 6 DHCP procedure lasts too long!

7 doc.: IEEE 802.11-11/1426r02 Submission State Machine: Only after receiving the successful message 15 (Association Rsp) STA could transform from NO Authentication Context to FULL-EAP-Session. But actually, after step 12, authentication has finished successfully. No need to wait for step 15, especially there is something wrong with DHCP procedure and too much time is wasted. Our Concern: 2 (Cont.) Nov 2011 ZTE Corporation Slide 7 State Machine in 11/1160r4 EAP authentication shall not be performed with DHCP procedure concurrently!

8 doc.: IEEE 802.11-11/1426r02 Submission Proposal Introduction EAP-based authentication is used. The specific method should be an implementation issue and is out of 802.11ai scope. The 4-way handshake procedure is reduced to 1 round. –The key agreement procedure follows EAP authentication. EAP authentication procedure is performed separately with DHCP procedure. –After successful EAP authentication, STA can change to FULL EAP session state. No need to wait for DHCP message. Nov 2011 ZTE CorporationSlide 8

9 doc.: IEEE 802.11-11/1426r02 Submission 4-way/Group Key handshake messages reduction Nov 2011 Slide 9 STAAP EAPOL-KEY(ANonce) EAPOL-KEY(SNonce, MIC1) Generate ANonce Generate SNonce, derive PTK, EAPOL-KEY(ANonce, MIC2) derive PTK, verify MIC1 EAPOL-KEY(MIC3) verify MIC2 STAAP Auth(ANonce, GTK[KEK], MIC1) Association Req (SNonce, MIC2) Generate ANonce and GTK, Derive PTK derive PTK, verify MIC1 verify MIC2 Generate SNonce Auth(SNonce) …. ZTE EAPOL-KEY(GNonce, GTK[KEK], MIC4) Generate GTK and GNonce EAPOL-KEY(MIC5) Decrypt GTK ZTE Corporation

10 doc.: IEEE 802.11-11/1426r02 Submission Original 4-way handshake: –1 st message: AP sends ANonce to STA; –2 nd message: STA generates SNonce, derives PTK, and sends SNonce and MIC1 to AP; –3 rd message: AP derives PTK, verifies MIC1 and sends MIC2 to STA; –4 th message: It serves no cryptographic purpose. It serves as an acknowledgment to Message 3. Group Key handshake: 2 messages are used to transfer GTK Proposed key agreement procedure: –ANonce is transferred to AP in advance: the 1 st message could be removed; –Only 2 messages are used to verify keys; –Group key handshake could be carried out in key agreement procedure concurrently: the 4 th message could be avoided. 4-way/Group Key handshake messages reduction Nov 2011 ZTE CorporationSlide 10

11 doc.: IEEE 802.11-11/1426r02 Submission Proposed Fast Security Setup Procedure Nov 2011 ZTE CorporationSlide 11

12 doc.: IEEE 802.11-11/1426r02 Submission State transition diagram Jan 2012 ZTE CorporationSlide 12 State 3 is skipped!. When STA receives Authentication message, STA can enter State 2 (Authenticated and unassociated).

13 doc.: IEEE 802.11-11/1426r02 Submission Conclusions EAP-based authentication is unchanged and the specific EAP method is out of scope as 802.11 has defined. DHCP procedure is independent of EAP authentication. –After successful EAP authentication, STA can change to FULL EAP session state. No need to wait for DHCP message. Key agreement procedure is independent of EAP authentication. –Key verification is performed after a successful EAP authentication. The 4-way handshake procedure is reduced to 1 round. Group key handshake is performed with key verification concurrently. Nov 2011 ZTE CorporationSlide 13

14 doc.: IEEE 802.11-11/1426r02 Submission Nov 2011 ZTE CorporationSlide 14 Response to Questions

15 doc.: IEEE 802.11-11/1426r02 Submission Message 1 could be Authentication message. It could be triggered by receiving Beacon or Probe Response. Question 1: How to trigger Message 1? Nov 2011 ZTE CorporationSlide 15

16 doc.: IEEE 802.11-11/1426r02 Submission In the current 802.11 RSNA, ANONCE and SNONCE is sent to STA without encryption protection. There is no risk. So there is no requirement for nonce encryption. Either current RSNA or 1426, one of the two nonces has no integrity protection. If anyone of the two nonces is tampered, the keys generated by AP and STA respectively would be different, so the key verification would be failed. Even if SNONCE is sent to AP before authentication, it is used only after the successful authentication. Question 2: SNONCE is sent to AP before EAP authentication. Is there any security problem? Nov 2011 ZTE CorporationSlide 16

17 doc.: IEEE 802.11-11/1426r02 Submission Question 3: Key verification is reduced from 2 rounds to 1 round, and is triggered by AP. Is there any security problem, e.g., MITM attack ? Nov 2011 ZTE CorporationSlide 17 StepsCurrent MessageNew MessageProcedure upon receiving the message Step-1AP sends ANonce to STA in EAPOL-Key message STA sends SNonce to AP in the Association Request. [Current] STA calculates PTK using ANonce & SNonce [New] AP calculates PTK using ANonce & SNonce Step-2STA sends SNonce to AP in EAPOL-Key message (protected using MIC1) AP sends ANonce to STA in Auth as an IE of the 1 st key agreement message (protected using MIC1) [Current] AP calculates PTK using ANonce & SNonce [New] STA calculates PTK using ANonce & SNonce; STA installs the key Step-3AP verifies MIC1 and sends Key-Install information and MIC2 to STA in EAPOL-Key message (protected using MIC2) STA verifies MIC1 and sends Association Req as an IE of the 2 nd key agreement message (protected using MIC2), AP verifies MIC2 [Current procedure]: STA installs the key. Also, STA sends EAPOL-Key message to AP confirming temporal key is installed [New procedure] AP installs the key. Step-4STA verifies MIC2 and sends confirmation of key- install from STA to AP in EAPOL-Key (protected using MIC3) Not sent (serves no cryptographic purpose) [Current procedure] AP installs the keys

18 doc.: IEEE 802.11-11/1426r02 Submission If there is a MITM attack, the key agreement message 1 and message 2 can not be successfully verified. As the PTK includes the IEEE 802 MAC addresses of both STA and AP, MAC address tampering would result in key asynchronization between STA and AP, thus MIC verification would fail. Question 3: Key verification is reduced from 2 rounds to 1 round, and is triggered by AP. Is there any security problem, e.g., MITM attack ? (Cont.) Nov 2011 ZTE CorporationSlide 18

19 doc.: IEEE 802.11-11/1426r02 Submission Question 4: How to allocate an IPv6 address? Nov 2011 ZTE CorporationSlide 19

20 doc.: IEEE 802.11-11/1426r02 Submission Question 4: How to allocate an IPv6 address? (Cont.) Nov 2011 ZTE CorporationSlide 20

21 doc.: IEEE 802.11-11/1426r02 Submission Thanks! Nov 2011 Slide 21ZTE Corporation

Download ppt "Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,"

Similar presentations

Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-11/1160r1 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA +1

Doc.: IEEE /1160r1 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA +1
Doc.: IEEE 802.11-11/1436r0 Submission NameAffiliationsAddressPhoneemail Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE 802.11-11/0780r1 Submission NameAffiliationsAddressPhoneemail Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.

Doc.: IEEE /0780r1 Submission NameAffiliationsAddressPhone Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.
Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: IEEE 802.11-12/0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: 2012-05-04 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
TGai FILS Authentication Protocol

TGai FILS Authentication Protocol
Doc.: IEEE 802.11-11/1498-01-00ai Submission NameAffiliationsAddressPhoneemail Phillip BarberHuawei Technologies Co., Ltd. 1700 Alma Rd, Ste 500 Plano,

Doc.: IEEE / ai Submission NameAffiliationsAddressPhone Phillip BarberHuawei Technologies Co., Ltd Alma Rd, Ste 500 Plano,
Submission doc.: IEEE 11-12-0406-03-00ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for 802.11ai Passive Scanning.

Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE 802.11-11/0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: 2011-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1

Doc.: IEEE /0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1
Doc.: IEEE 802.11-12/933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: 2012-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/1042r3 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /1042r3 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE 802.11-12/1042 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,

Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE 802.11-12/0249r0 Submission March 2012 Slide 1Lin Cai et al,Huawei. Differentiated Association Service Provisioning in WiFi Networks Date: 03/02/2012.

Doc.: IEEE /0249r0 Submission March 2012 Slide 1Lin Cai et al,Huawei. Differentiated Association Service Provisioning in WiFi Networks Date: 03/02/2012.
Doc.: IEEE 802.11-12/0039r0 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.

Doc.: IEEE /0039r0 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.
Submission doc.: IEEE 802.11-11/1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: 2011-11-02 Authors:

Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: Authors:
Doc.: IEEE 802.11-12/0257r1 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /0257r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE 802.11-12/0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: 2012-01-12 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: Authors: NameAffiliationsAddressPhone .

Similar presentations

Ads by Google