Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standardizing for Change

Published byTiffany Lindsey Modified over 5 years ago

Similar presentations

Presentation on theme: "Standardizing for Change"— Presentation transcript:

1 Standardizing for Change
May 2000 Extensible Security Standardizing for Change Bob O’Hara Albert Young Dan Nessett Bofu Chen Bruce Kendall Bob O’Hara, et al

2 May 2000 Security Environment The choice of “best” security algorithms for authentication and privacy are not static over time Affected by Government regulation Newly discovered attacks Advances in mathematics Advances in processing capabilities Newly discovered faults Uninformed opinions of users Bob O’Hara, et al

3 Standardization Environment
May 2000 Standardization Environment Define solution(s) based on current conditions and best estimates of future Solution is fixed and generally inflexible Difficult to change Requires a group (like us) to meet and accomplish the task Generally, will not take less than months to complete a change Bob O’Hara, et al

4 Standardize for Change
May 2000 Standardize for Change Standardize mechanism(s) that are not rigid Based on negotiation, rather than fixed requirements in the standard Allow for ongoing adaptability and innovation Provide processes that encourage/enforce exchange of information Provide one (or two) starting points using the new mechanism Bob O’Hara, et al

5 May 2000 Three Alternatives Use the existing authentication algorithm number field Redefine the authentication algorithm number field Extend the authentication frame format to add an information element Bob O’Hara, et al

6 Use the Authentication Algorithm Field
May 2000 Use the Authentication Algorithm Field Define a registration process that allows anyone to petition the IEEE for a new value to be used in this field Exactly the same as the process used for OUI and Ethertype registration See and Require full disclosure of information to enable multi-vendor interoperability Bob O’Hara, et al

7 Redefine the Authentication Algorithm Number Field
May 2000 Redefine the Authentication Algorithm Number Field Privacy Algorithm Authentication Algorithm Change the field to be the Security Algorithms field Define two new subfields Privacy Algorithm Number, 8 bits Authentication Algorithm Number, 8 bits Define privacy algorithm to be 40-bit WEP only when authentication is not open system Bob O’Hara, et al

8 Use New Information Element
May 2000 Use New Information Element Define a single new value for the Authentication Algorithm field (say 2) that indicates that the new element is present, following the challenge text In the first Authentication frame Or in every Authentication frame The new Information Element several fields Identify both the authentication algorithm and privacy algorithm, independently Include key lengths for both privacy and authentication Bob O’Hara, et al

9 Authentication and Privacy Information Element
May 2000 Authentication and Privacy Information Element Field Length (octets) Element ID 1 Length Authentication Algorithm 2 Authentication Key Length Registering OUI-A 3 Privacy Algorithm Privacy Key Length Registering OUI-P Bob O’Hara, et al

10 May 2000 Merits of Flexibility Vendors can adapt quickly to changes in the security environment The standard does not need to be changed for this reason in the future The market can select the “correct” algorithms Encourages both competition and interoperability within the scope of the standard Bob O’Hara, et al

11 Relative Merits of Alternatives
May 2000 Relative Merits of Alternatives Using only the Authentication Algorithm field No change is needed to the Authentication frame format Minimizes likelihood of interoperability problems with existing APs Unless AP performs only a single test to differentiate between the two current allowable values Does not easily provide a mechanism for selecting privacy algorithm or key length, without overloading the definition of this field Bob O’Hara, et al

12 Relative Merits of Alternatives
May 2000 Relative Merits of Alternatives Redefining the authentication algorithm number field No change is needed to the Authentication frame format Minimizes likelihood of interoperability problems with existing APs Unless AP performs only a single test to differentiate between the two current allowable values Adds capability to select both privacy and authentication algorithms in the authentication exchange Bob O’Hara, et al

13 Relative Merits of Alternatives
May 2000 Relative Merits of Alternatives Using a new information element Changes basic format of Authentication frame Adds new information element to first (or each) Authentication frame Likelihood of interoperability problem is slightly greater than with previous methods Allows independence of choice for both authentication and privacy algorithms Provides significantly greater identifier space Algorithm values are assigned independently to each OUI Provides for the possibility that half of each identifier space can be reserved for “experimental” values that need not be registered Bob O’Hara, et al

14 May 2000 Recommendation Define the Authentication and Privacy information element, its fields, and its usage Define a registration procedure Registrant must have an IEEE-assigned OUI Complete algorithm and handshake protocol details must be provided, including external references (if any) In exchange for providing registration services, IEEE gets right to publish details (preferably on web site) Include a pointer to the registration web site in the standard Bob O’Hara, et al

15 May 2000 Procedural Stuff Write a proposal to IEEE Registration Authority Committee What is to be registered? Why should it be registered? What special procedures are needed? Next RAC meeting is at July 802 plenary Work with IEEE to implement the procedures Bob O’Hara, et al

Download ppt "Standardizing for Change"

Similar presentations

Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.

Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
IETF SFC: Service Chain Header draft-zhang-sfc-sch-01

IETF SFC: Service Chain Header draft-zhang-sfc-sch-01
Doc.: IEEE 802.11-03/552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia

Doc.: IEEE /552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia
Advertising Generic Information in IS-IS

Advertising Generic Information in IS-IS
802.11az Negotiation Date: Authors: Jan 2017 Month Year

802.11az Negotiation Date: Authors: Jan 2017 Month Year
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Security Enhancement to FTM

Security Enhancement to FTM
Service Discovery Proposal

Service Discovery Proposal
WEP & WPA Mandy Kershishnik.

WEP & WPA Mandy Kershishnik.
Data Function Frames Date: Authors: Jan 2009 Month Year

Data Function Frames Date: Authors: Jan 2009 Month Year
Time Features Date: Authors: May 2009 Month Year

Time Features Date: Authors: May 2009 Month Year
White Space Map Notification

White Space Map Notification
Service discovery architecture for TGaq

Service discovery architecture for TGaq
Improve Scanning for Identifying Transmitted BSSID

Improve Scanning for Identifying Transmitted BSSID
doc.: IEEE xxx Bob Beach Symbol Technologies

doc.: IEEE xxx Bob Beach Symbol Technologies
WUR frame format follow-up

WUR frame format follow-up
Wake Up Frame to Indicate Group Addressed Frames Transmission

Wake Up Frame to Indicate Group Addressed Frames Transmission
Using Upper Layer Message IE in TGai

Using Upper Layer Message IE in TGai
Multiple Concurrent Associations as a Means of Doing Fast Roaming

Multiple Concurrent Associations as a Means of Doing Fast Roaming
Enhancements to Mesh Discovery

Enhancements to Mesh Discovery

Similar presentations

Ads by Google