Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for Extensible Security

Published byStine Stene Modified over 5 years ago

Similar presentations

Presentation on theme: "Proposal for Extensible Security"— Presentation transcript:

1 Proposal for Extensible Security
July 2000 Proposal for Extensible Security Standardizing for Change Bob O’Hara Albert Young Dan Nessett Bofu Chen Bruce Kendall Bob O’Hara, et al, 3Com Corporation

2 Standardize for Change
July 2000 Standardize for Change Standardize a mechanism based on negotiation, rather than fixed requirements in the standard Allow for ongoing adaptability and innovation Provide processes that encourage/enforce exchange of information Provide one (or two) starting points using the new mechanism Bob O’Hara, et al, 3Com Corporation

3 July 2000 Extensible Security Optional enhancement of security for devices Three frames exchanged during negotiation Precedes actual authentication, but is part of authentication frame exchange Authentication fails unless successful security negotiation is completed Bob O’Hara, et al, 3Com Corporation

4 Negotiation Frames Frame 1 (requester to responder)
July 2000 Negotiation Frames Frame 1 (requester to responder) Identity assertion Request for authentication (algorithm = 2) Frame 2 (responder to requester) List of acceptable algorithms Frame 3 (requester to responder) List of accepted algorithms Bob O’Hara, et al, 3Com Corporation

5 Negotiated Algorithms
July 2000 Negotiated Algorithms Key validity period Authentication Privacy Key establishment Message authentication Sub-key derivation Bob O’Hara, et al, 3Com Corporation

6 Security Negotiation Information Element
July 2000 Security Negotiation Information Element Element ID Length Key Validity Period Registering OUI A (2) Registering OUI A (1) Registering OUI A (0) Indicator A Authentication Algorithm Registering OUI P (2) Registering OUI P (1) Registering OUI P (0) Indicator P Privacy Algorithm Registering OUI K (2) Registering OUI K (1) Registering OUI K (0) Indicator K Key Establishment Algorithm Registering OUI M (2) Registering OUI M (1) Registering OUI M (0) Indicator M Message Authentication Algorithm Registering OUI S (2) Registering OUI S (1) Registering OUI S (0) Indicator S Sub-key Derivation Algorithm Bob O’Hara, et al, 3Com Corporation

7 Indicator Format Bit 7: Preferred Bit 6: Deprecated Bit 5: Reserved
July 2000 Indicator Format Bit 7: Preferred Bit 6: Deprecated Bit 5: Reserved Bit 4: Authentication Bit 3: Privacy Bit 2: Key Establishment Bit 1: Message Integrity Bit 0: Sub-key Derivation Bob O’Hara, et al, 3Com Corporation

8 Information Element Details
July 2000 Information Element Details Responder sends Maximum acceptable key validity period All acceptable algorithms, at least one of each type May mark algorithms “preferred” and “deprecated” Requester sends Key validity period no greater than that sent by responder List of accepted algorithms, only one of each type Bob O’Hara, et al, 3Com Corporation

9 July 2000 Success or Failure At each step of the negotiation, success or failure is indicated in the status code field Just as in current authentication exchange Responder can refuse to use negotiated security in frame 2 Requester can refuse the offered algorithms in frame 3 (if one or more of the algorithm types does not have an acceptable choice) Responder can refuse requester’s choices in the first frame of the subsequent authentication handshake (frame 4) Bob O’Hara, et al, 3Com Corporation

10 July 2000 Merits of Flexibility Vendors can adapt quickly to changes in the security environment The standard does not need to be changed for this reason in the future The market can select the “correct” algorithms Encourages both competition and interoperability within the scope of the standard Bob O’Hara, et al, 3Com Corporation

11 Effects of Extensible Security
July 2000 Effects of Extensible Security Inserts the negotiation before authentication exchange First authentication frame stays the same Adds new algorithm number for extensible security Changes basic format of Authentication frame Adds new information element to second and third authentication frames Allows independence of choice for all algorithms Provides significantly greater identifier space Algorithm values are assigned independently to each OUI Bob O’Hara, et al, 3Com Corporation

12 July 2000 Recommendation Adopt the text in document 00/163 to define the Extensible Security algorithm, frame exchanges and Security Negotiation information element Define a registration procedure Registrant must have an IEEE-assigned OUI Complete algorithm and handshake protocol details must be provided, including external references (if any) In exchange for providing registration services, IEEE gets right to publish details (preferably on web site) Include a pointer to the registration web site in the standard Bob O’Hara, et al, 3Com Corporation

13 Registration Requirements
July 2000 Registration Requirements Define a registration process that allows anyone to petition the IEEE for a new value to be used in this field Exactly the same as the process used for OUI and Ethertype registration See and Require full disclosure of information to enable multi-vendor interoperability Bob O’Hara, et al, 3Com Corporation

14 July 2000 Procedural Stuff Write a proposal to IEEE Registration Authority Committee What is to be registered? Why should it be registered? What special procedures are needed? Next RAC meeting is at this plenary Work with IEEE staff to implement the procedures Bob O’Hara, et al, 3Com Corporation

15 Additional Recommendations
July 2000 Additional Recommendations Select one (or no more than two) algorithms for each algorithm type Register the algorithms Publish the registration information (OUI and algorithm number) in the standard Require that the selected algorithms be implemented if the negotiated security option is implemented This provides an immediate base for interoperability Bob O’Hara, et al, 3Com Corporation

16 Work To Be Done Identify algorithms to be included in the standard
July 2000 Work To Be Done Identify algorithms to be included in the standard Add PICS update Is there MIB stuff needed? Bob O’Hara, et al, 3Com Corporation

Download ppt "Proposal for Extensible Security"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
Doc.: IEEE 802.11-04-1180-02-000r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
1 IEEE SCC21 1547 TM Series Standards Development P1547.X Working Group Meeting Date–Date, 200X; City, State P1547.X Standard Title, Scope and Purpose.

1 IEEE SCC TM Series Standards Development P1547.X Working Group Meeting Date–Date, 200X; City, State P1547.X Standard Title, Scope and Purpose.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0690-00-0000 Title: ID Definition Date Submitted: July 14, 2006 Presented at IEEE 802.21 session in San.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: ID Definition Date Submitted: July 14, 2006 Presented at IEEE session in San.
Doc.: IEEE 802.11-12/0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: 2012-07-06 July 2012.

Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Submission November 2010 doc.: IEEE 802.11-10/1237r0 Over the Air Database Access for Mode 2 Capable Devices Slide 1 Santosh Abraham, Qualcomm Incorporated.

Submission November 2010 doc.: IEEE /1237r0 Over the Air Database Access for Mode 2 Capable Devices Slide 1 Santosh Abraham, Qualcomm Incorporated.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
IEEE 802.1AS REV D5.0 Review Comments

IEEE 802.1AS REV D5.0 Review Comments
802.11az Negotiation Date: Authors: Jan 2017 Month Year

802.11az Negotiation Date: Authors: Jan 2017 Month Year
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Open issues with PANA Protocol

Open issues with PANA Protocol
November 2010 doc.: IEEE 802 15-11-0083-004e Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: LB60 comment.

November 2010 doc.: IEEE e Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: LB60 comment.
Phil Hunt, Hannes Tschofenig

Phil Hunt, Hannes Tschofenig
IEEE 802.1AS REV D5.0 Review Comments

IEEE 802.1AS REV D5.0 Review Comments
Standardizing for Change

Standardizing for Change
White Space Map Notification

White Space Map Notification
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Similar presentations

Ads by Google