Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 2012 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Moving KMP Forward Date Submitted: November.

Published byBenedict Baldwin Modified over 5 years ago

Similar presentations

Presentation on theme: "November 2012 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Moving KMP Forward Date Submitted: November."— Presentation transcript:

1 November 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Moving KMP Forward Date Submitted: November 21, 2012 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) , Re: Key Management over 4e Multipurpose Frames Abstract: Discussion of KMP transport Purpose: To refine our understanding of the transport mechism Notice: This document has been prepared to assist the IEEE P It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P Slide 1 Robert Moskowitz, Verizon Page 1

2 Moving KMP Forward Robert Moskowitz Palm Springs, CA November 21, 2012
Slide 2 Robert Moskowitz, Verizon Page 2

3 Abstract Agreements to date Open items Next steps November 2012
Slide 3 Robert Moskowitz, Verizon Page 3

4 Agreements to date System View KMP encapsulation data format
November 2012 Agreements to date System View KMP encapsulation data format State Machines general content Plus PIBs to control processes General statements on Security Associations KMP guidelines general format Slide 4 Robert Moskowitz, Verizon Page 4

5 Information Element Shim
November 2012 System View DATA higher layer Other IE processes KMP Key Request Keys Data Traffic Information Element Shim Data MCPS IE frames MAC Services PHY Services Slide 5 Robert Moskowitz, Verizon Page 5

6 KMP Transport Use a DATA Frame IE for KMP encapsulation
November 2012 KMP Transport Use a DATA Frame IE for KMP encapsulation IE with max size of 2047 IE max size of 255 Multiple IEs per frame an option Slide 6 Robert Moskowitz, Verizon Page 6

7 KMP Transport MAC details
November 2012 KMP Transport MAC details Unauthenticated PDUs always use long addresses e.g. KMP rekeying within authenticated PDUs MAY use short addresses KMP payload MAY be fragmented over multiple IEs/frames Use Forced ACK for fragmentation chaining support Slide 7 Robert Moskowitz, Verizon Page 7

8 KMP Information Element
November 2012 KMP Information Element Frame format MAC specific information ID/Length = 0xa/max2047 = 0x03/max255 Content Control Field – 1 byte Multipurpose field allows for extending to other functions like L2R and EthType support KMP fragment Slide 8 Robert Moskowitz, Verizon Page 8

9 KMP IE Content Octets: 1 Octets: 1-2046 Bits: 1 7 KMP Fragment
November 2012 KMP IE Content Octets: 1 Octets: Bits: 1 7 KMP Fragment Chaining flag 0 = last/only one 1 = yes, chaining First packet: Multipurpose ID Other packets: Chain count Multipurpose ID: 98 = KMP Chaining count: 2-96 2 = 2nd fragment 3 = 3rd fragment 96 = 96th fragment (last possible) Slide 9 Robert Moskowitz, Verizon Page 9

10 KMP IE Content KMP fragment KMP ID – 1 byte 802.1X = 1 HIP = 2
November 2012 KMP IE Content KMP fragment KMP ID – 1 byte 802.1X = 1 HIP = 2 IKEv2 = 3 PANA = 4 SAE, etc. KMP payload Slide 10 Robert Moskowitz, Verizon Page 10

11 KMP Content Examples Chaining Flag, MultiID/Count, KMP fragment
November 2012 KMP Content Examples Chaining Flag, MultiID/Count, KMP fragment 0,98,2,<KMP payload> - Single frame for HIP 1,98,2,<KMP payload fragment> - 1st frame for HIP and more to come 1,2,2,<KMP payload fragment> - 2nd frame for HIP and more to come 0,3,2,<KMP payload fragment> - 3rd (and last) frame for HIP Note that 96 fragments provides for 8KB Assuming 127 MPDU Slide 11 Robert Moskowitz, Verizon Page 11

12 KMP State Machines Two State Machines KMP Outbound Frame Processing
November 2012 KMP State Machines Two State Machines KMP Outbound Frame Processing KMP Inbound Frame Processing Slide 12 Robert Moskowitz, Verizon Page 12

13 Outbound Frame Processing
November 2012 Outbound Frame Processing Fragment MPDU-MHR -IE-KMP >= 0 Send Failure < 0 Success Send frag Failure Success Send middle frags Failure Success last - 1 Send last frag Failure Per Dest addr Success Success Slide 13 Robert Moskowitz, Verizon Page 13

14 KMP Outbound frame processing
November 2012 KMP Outbound frame processing Fragmentation support KMP payload divided to fit MPDU Fragment sent with Forced ACK Slide 14 Robert Moskowitz, Verizon Page 14

15 Inbound Frame Processing
November 2012 Inbound Frame Processing Yes Dup to prior Src Addr, Seq, IE Drop No Error 1 98 Start KMP assembly Chaining flag Multi-purpose 2 to 95 Error 98 Complete KMP Multi-purpose Append KMP 2 to 96 Per Src addr Append to list and complete Slide 15 Robert Moskowitz, Verizon Page 15

16 KMP Inbound frame processing
November 2012 KMP Inbound frame processing Determine packet type Time out OK on Incomplete KMP Fragmentation support Duplicates possible due to lost ACK Requires KMP buffer & coordinators with N buffers Deliver payload to KMP on completion Slide 16 Robert Moskowitz, Verizon Page 16

17 KMP Transport Mechanism
November 2012 KMP Transport Mechanism State machine to handle triggers to/from KMP higher layer Pass through for KMP payloads Triggers from MAC events to KMP Security Enabled to start KMP Frame Counter watch to trigger rekey Slide 17 Robert Moskowitz, Verizon Page 17

18 KMP Transport PIBs Security enabled trigger MacSecurityEnabled
November 2012 KMP Transport PIBs Security enabled trigger MacSecurityEnabled Set by 'Higher Layer' after keys in place MacSecurityRequired Set by 'Higher Layer' to trigger KMP start MacSecurityKeyed True = KMP successful Sets MacSecurityRekey to false False = No KMP key Same as MacSecurityEnabled? Slide 18 Robert Moskowitz, Verizon Page 18

19 KMP Transport PIBs Security enabled trigger MacSecurityRekey
November 2012 KMP Transport PIBs Security enabled trigger MacSecurityRekey True is set whenMacFrameCounter = 0xffffffff – n Triggers rekey on next MLME Data Send Since many secured COMMAND frames could be sent prior to data, n MUST be much greater than 1. e.g. 100 Slide 19 Robert Moskowitz, Verizon Page 19

20 More on KMP Transport PIBs
November 2012 More on KMP Transport PIBs macFrameCounter = 0xffffffff – n Counter for sending, thus sending party triggers rekeying ASSUMPTION: Only coordinators send with group keys and rekey as needed Slide 20 Robert Moskowitz, Verizon Page 20

21 Following slides still need updating
November 2012 Following slides still need updating Slide 21 Robert Moskowitz, Verizon Page 21

22 Security and PAN architecture
November 2012 Security and PAN architecture Pairwise keying is used for unicast traffic 2 sets of Security Associations (SAs) Peer-to-Peer communications will only be unicast traffic due to the hidden node challenge Slide 22 Robert Moskowitz, Verizon Page 22

23 Security and PAN architecture
November 2012 Security and PAN architecture Two basic SA tables Key Table Device table These are maintained by the KMP and have no impact on the operation of the KMP transport mechanism It is up to each KMP to properly maintain the security tables for its use cases Slide 23 Robert Moskowitz, Verizon Page 23

24 KMP Security Associations
November 2012 KMP Security Associations Security Association content What keys? PTK, GTK, etc. Counters, lifetimes, etc. This is the realm of the KMP Slide 24 Robert Moskowitz, Verizon Page 24

25 15.4 Specifics Pre 15.4e device support For 6lowpan PANs
November 2012 15.4 Specifics Pre 15.4e device support For 6lowpan PANs Develop a submission to the IETF using the Dispatch Type in RFC 4944 PDUs with the KMP Dispatch Type a length field will be equivalent to the 15.4e KMP IE A 6lowpan device that supports 15.4e SHOULD also support this pre-15.4e mode of operation Who wants to author this? Slide 25 Robert Moskowitz, Verizon Page 25

26 KMP Guidelines KMP Sections General KMP description Use case(s)
November 2012 KMP Guidelines KMP Sections General KMP description Sub sections as needed, e.g. backend authentication mechanism Use case(s) Profile References to defining documents Parameter specifics, e.g. in HIP, K=0 SA definition E.G. Tie into security PID Slide 26 Robert Moskowitz, Verizon Page 26

27 KMP Guidelines Initial list of KMPs 802.1X
November 2012 KMP Guidelines Initial list of KMPs 802.1X Needs to include an actual key exchange like the i 4-way handshake HIP – R. Moskowitz/J. Haapola IKEv2 – T. Kivinen PANA – Yoshihiro Ohba SAE Slide 27 Robert Moskowitz, Verizon Page 27

28 KMP Guidelines KMP Profiling for 15.9 usage Change in encapsulation
November 2012 KMP Guidelines KMP Profiling for 15.9 usage Change in encapsulation e.g. IKEv2 specified to run over UDP Additions for SA management e.g X does not supply link keys. In usage, this is done via the 4- Way Handshake Special attention to broadcast keying management Others? Slide 28 Robert Moskowitz, Verizon Page 28

29 KMP Guidelines KMP use cases Why this KMP? Practical examples
November 2012 KMP Guidelines KMP use cases Why this KMP? Code size, CPU/battery demand Multi-layer code reuse Practical examples Deployment advice Identity installation and registration When performed Life-cycle management Rekeying Slide 29 Robert Moskowitz, Verizon Page 29

30 November 2012 Open Items Slide 30 Robert Moskowitz, Verizon Page 30

31 Open Items None at this time November 2012 Slide 31
Robert Moskowitz, Verizon Page 31

32 November 2012 Next Steps Slide 32 Robert Moskowitz, Verizon Page 32

33 Next Steps Develop state machine drawings
November 2012 Next Steps Develop state machine drawings Add text to Draft document covering KMP data format State machines Start adding KMP content Set goal of review week of Oct 29 Slide 33 Robert Moskowitz, Verizon Page 33

Download ppt "November 2012 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Moving KMP Forward Date Submitted: November."

Similar presentations

Doc.: IEEE 15-13-0677-02-0009-tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P802.15 Working Group for.

Doc.: IEEE tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE 802.15-xxxxx Submission doc. : IEEE 802. 15-13-0011-00-0008 Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P802.15.

Doc.: IEEE xxxxx Submission doc. : IEEE Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P
Doc.: IEEE15-14-0327-01-0009-Hop-Discuss Submission July 2014 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE Hop-Discuss Submission July 2014 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE15-12-0458-00-0009-Moving-KMP-Forward Submission September 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE Moving-KMP-Forward Submission September 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE15-12-0373-01-0009-KMP-Transport-Joint-802.1 Submission July 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE KMP-Transport-Joint Submission July 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE15-12-0458-05-0009-Moving-KMP-Forward Submission January 2013 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE Moving-KMP-Forward Submission January 2013 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE 802.15-11-0650-00-0kmp Submission September 2011 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE kmp Submission September 2011 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE15-13-0442-00-0009-tg9-technical-decisions Submission July 2013 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE tg9-technical-decisions Submission July 2013 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Robert Moskowitz, Verizon

Robert Moskowitz, Verizon
Project: IEEE 802 EC Privacy Recommendation Study Group

Project: IEEE 802 EC Privacy Recommendation Study Group
March 2012 doc.: IEEE 802.15-15-12-0109-00-0009 March 2012 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title:

March 2012 doc.: IEEE March 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title:
Jan 2014 Tero Kivinen, INSIDE Secure

Jan 2014 Tero Kivinen, INSIDE Secure
Robert Moskowitz, Verizon

Robert Moskowitz, Verizon
Jan 2014 Robert Moskowitz, Verizon

Jan 2014 Robert Moskowitz, Verizon
May 2018 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:

May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
November 2011 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: MAC common concepts and merge strategy.

November 2011 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: MAC common concepts and merge strategy.
May 2013 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Technical Review of KMP transport Date Submitted:

May 2013 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Technical Review of KMP transport Date Submitted:
Robert Moskowitz, Verizon

Robert Moskowitz, Verizon
Submission Title: [Proposals for MAC Issues]

Submission Title: [Proposals for MAC Issues]
<May,2009> doc.: IEEE <doc .....> <July 2009>

<May,2009> doc.: IEEE <doc .....> <July 2009>

Similar presentations

Ads by Google