Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discussions on FILS Authentication

Published byJocelyn Byrd Modified over 5 years ago

Similar presentations

Presentation on theme: "Discussions on FILS Authentication"— Presentation transcript:

1 Discussions on FILS Authentication
Month Year doc.: IEEE yy/xxxxr0 May, 2013 Discussions on FILS Authentication Date: Authors: Lei Wang John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 May, 2013 Abstract This document provides further discussions regarding FILS Authentication, for a comment submitted as a response to WG Comment Collection 8 (CC8), on the question "Please provide comments on Draft P802.11ai D0.5". Lei Wang John Doe, Some Company

3 Conformance w/ TGai PAR & 5C
Month Year doc.: IEEE yy/xxxxr0 May, 2013 Conformance w/ TGai PAR & 5C Conformance Question Response Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in ? No Does the proposal change the MAC SAP interface? ?? Does the proposal require or introduce a change to the architecture? Does the proposal introduce a change in the channel access mechanism? Does the proposal introduce a change in the PHY? Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3, 4 Lei Wang John Doe, Some Company

4 Re-Cap: FILS Authentication
May, 2013 Re-Cap: FILS Authentication Three FILS Authentication Methods in 11ai/D0.5 EAP-RP with no PFS EAP-RP with PFS Non-TTP with PFS FILS Authentication Operations Using Authentication frames and Association frames with newly introduced FILS authentication information content items; Piggybacking IP address assignment in FILS association frames; Designed to effectively reduce the authentication time and IP address setup time for STAs during initial link setup. Lei Wang

5 FILS Authentication with TTP
May, 2013 FILS Authentication with TTP Authentication with TTP (Trusted Third Party) AP and STA perform mutual authentication using a mutually-trusted third party, e.g., AAA server; The TTP is known to both AP and STA; Current applications/adoption/common use cases: 3GPP - WLAN interworking: TS23.234, TS Secure Authentication for the Passpoint program from the Wi-Fi Alliance to enable seamless and secure Wi-Fi access in hotspots (2012) Next Generation Hotspot (NGH) Program of the Wireless Broadband Alliance: hotspot Two Schemes of FILS Authentication with TTP EAP-RP without PFS (Perfect Forward Secrecy) EAP-RP with PFS  Both are based on EAP-RP Lei Wang

6 Discussions about EAP-RP
May, 2013 Discussions about EAP-RP EAP Extensions for the EAP Re-authentication Protocol (ERP) IETF RFC 5295/6696 Applying to the cases where STA and the trusted third party already share a valid rRK (re-authentication Root Key) Based on an EMSK (512 bits) derived out of a previous full EAP authentication process. Do all of the EAP methods generate an EMSK necessary for the subsequent process EAP-RP as a result of successful full EAP authentication process? What happens to the EAP-RP session when the lifetime of the full-EAP Master key (MK) expires? What happens to EAP-RP Re-Authentication when there are several AAA servers in the network (typical deployment)? Allowing single-roundtrip re-authentication with an authentication server following an initial full EAP authentication Lei Wang

7 Applying EAP-RP Requirements for becoming EAP-RP capable
Month Year doc.: IEEE yy/xxxxr0 May, 2013 Applying EAP-RP Requirements for becoming EAP-RP capable At device/UE side: Requires STA to support EAP extensions, including: EAP-Initiate, EAP-Finish At network / infrastructure side: Requires AP and AS to support EAP extensions, including: EAP- Initiate, EAP-Finish Current EAP-RP Capable Devices / network equipment Could not find any through public search. Current EAP-RP Applications and Standards adopted by 3GPP2 in the following UMB specification published in December of 2007: 0_v1.0_ pdf Any networks, any trials, any deployment announcements: Lei Wang John Doe, Some Company

8 Concerns with FILS Authentication with TTP
May, 2013 Concerns with FILS Authentication with TTP FILS Authentication with TTP: only based on EAP-RP EAP-RP is still pending to be adopted in devices/networks; EAP-RP applies to the STAs with valid security associations with a TTP. For STAs with pre-established security association with a TTP Direct dependency on EAP-RP in both adoption time and scope Adoption time: only when or after EAP-RP is adopted How about the cases where people want to update AP/STAs to enable some quick improvement on the initial link setup time; but may not be ready to upgrade the network infrastructures to enable EAP-RP? Adoption scope: only where EAP-RP is adopted How about the applications / use cases where EAP-RP is not adopted? What if EAP-RP won’t be widely adopted? For STAs without pre-established security association with TTP No help from the current FILS authentication schemes; Such STAs exist; Should 11ai consider improving initial link setup time for such STAs? Lei Wang

9 Discussions on FILS Authentication with TTP
May, 2013 Discussions on FILS Authentication with TTP Should 11ai consider any alternative / additional schemes? To fill in the potential gaps in the adoption time between FILS and EAP-RP; To cover the use cases where EAP-RP is not in use, e.g., in networks that are not EAP-RP capable; To cover the STAs to which EAP-RP is not applicable, e.g., the STAs without valid pre-established security associations with TTP; To allow solutions which have less impact on the requirements for device and infrastructure. Lei Wang

10 Discussions on FILS Authentication with TTP –con’t
May, 2013 Discussions on FILS Authentication with TTP –con’t If the answer is yes, then: For the STAs with valid pre-established security associations with TTP What’s the performance expectation? Can we still keep the same number of message exchanges as the current EAP-RP based FILS authentication schemes? For STAs without valid pre-established security associations with TTP Use Full EAP, any room for optimization? Any alternatives to using Full EAP? Lei Wang

11 May, 2013 Straw Polls Straw-Poll-1: Do you support to have further discussions in TGai to address the concerns listed in Slide 8 of this document about FILS authentication with TTP? Result Yes No Abstain_______________ Lei Wang

12 References: IEEE Std 802.11™-2012 Draft-P802.11ai_D0.5 May, 2013
Lei Wang

Download ppt "Discussions on FILS Authentication"

Similar presentations

Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-11/0119r00 Submission January 2011 Marc Emmelmann, Fraunhofer FokusSlide 1 Requirements for FILS Submissions coming from PAR & 5C Date:

Doc.: IEEE /0119r00 Submission January 2011 Marc Emmelmann, Fraunhofer FokusSlide 1 Requirements for FILS Submissions coming from PAR & 5C Date:
Submission doc.: IEEE 11-12-0406-03-00ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for 802.11ai Passive Scanning.

Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE 802.11-12/1042 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,

Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Submission doc.: IEEE 11-12-0406-00-00ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for 802.11ai Passive Scanning Improvement.

Submission doc.: IEEE ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for ai Passive Scanning Improvement.
Doc.: IEEE 802. 11-12/0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date: 2012-04-21.

Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Submission doc.: IEEE 802.11-12/1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: 2012-09-17 Authors:

Submission doc.: IEEE /1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: Authors:
Submission doc.: IEEE 11-12-1130-03-00ai September 2012 Lei Wang, InterDigital CommunicationsSlide 1 Ad Hoc Discussions of 802.11ai Passive Scanning during.

Submission doc.: IEEE ai September 2012 Lei Wang, InterDigital CommunicationsSlide 1 Ad Hoc Discussions of ai Passive Scanning during.
Submission doc.: IEEE 11-12-0519-01-00ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for 802.11ai AP/STA Initiated FILS Optimizations.

Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc.: IEEE 802.11-12/0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: 2012-03-02 Slide 1 March 2012.

Doc.: IEEE /0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: Slide 1 March 2012.
Submission doc.: IEEE 11-12-0669-00-00ai May 2012 InterDigital Slide 1 Passive Scanning Improvement Ad Hoc Report Date: 2012-05-14 Authors:

Submission doc.: IEEE ai May 2012 InterDigital Slide 1 Passive Scanning Improvement Ad Hoc Report Date: Authors:
Doc.: IEEE 802.11-12/0269r1 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,

Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Higher Layer Packet Container Proposal Presentation

Higher Layer Packet Container Proposal Presentation
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Access Control Mechanism for FILS

Access Control Mechanism for FILS
Omission of Probe Request

Omission of Probe Request
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
AP discovery with FILS beacon

AP discovery with FILS beacon
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
TGai Guideline for Submissions to TGai Template Slides

TGai Guideline for Submissions to TGai Template Slides

Similar presentations

Ads by Google