Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jesse Walker and Emily Qi Intel Corporation

Published byAntero Saaristo Modified over 5 years ago

Similar presentations

Presentation on theme: "Jesse Walker and Emily Qi Intel Corporation"— Presentation transcript:

1 Jesse Walker and Emily Qi Intel Corporation
May 2004 Pre-Keying Jesse Walker and Emily Qi Intel Corporation Jesse Walker and Emily Qi, Intel Corporation

2 Agenda Problem Statement Design Goals Pre-Keying Usage Open Issues Q&A
May 2004 Agenda Problem Statement Design Goals Pre-Keying Usage Open Issues Q&A Straw Poll Jesse Walker and Emily Qi, Intel Corporation

3 May 2004 Problem Statement 802.11r seeks to optimize STA transition time from one AP to another VoIP requires << 50 msec transition times, including security setup 802.11i perceived as too expensive by many market segments 802.11k messages require protection prior to STA transitioning from one AP to another 802.11k measurement frames most useful to identify “best” next AP 802.11i keys not available until after association Jesse Walker and Emily Qi, Intel Corporation

4 Design Goals Make 802.11i keys available before association
Month 2000 doc.: IEEE /xxx May 2004 Design Goals Make i keys available before association “Make before break” architecture Reuse i framework to make keys available Do not redesign i infrastructure Minimize amount of new invention Use an already proven, well-reviewed scheme Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

5 Month 2000 doc.: IEEE /xxx May 2004 Pre-keying Overview Reuse the i Pre-authentication mechanism for keying 802.11i 4-Way Handshake messages are encoded in 802.1X frames Pre-authentication mechanism can be used to forward 802.1X frames between a STA and a new AP via an AP already associated with the STA Introduce two new i messages: Pre-Keying Request, sent from STA to targeted AP to request pre-keying Identifies STA MAC Address, PMKID of PMK to use Pre-Keying Reject, send from targeted AP to STA if request cannot be honored AP may respond to Pre-Keying Request by initiating a 4-Way Handshake over the pre-authentication channel Introduce PTK caching 4-Way Handshake via the Pre-authentication channel populates the PTKSA cache Inactive PTKSAs are timed out Move security policy agreement from Association to 4-Way Handshake Add PTKSA cache timeout value to RSN IE sent AP  STA Misspelled, should be “Summary” Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

6 Ingredients: Pre-Authentication Channel
Month 2000 doc.: IEEE /xxx May 2004 Ingredients: Pre-Authentication Channel STA AP 1 802.lX over 802.lX over DS All frames use Pre-authentication Ethertype (0F-AC) instead of 802.1X Ethertype (88-8E) All frames are 802.1X frames STA  AP 2 Frames have Src Addr = STA’s MAC address, Dest Addr = AP 2’s BSSID AP 2  STA have Src Addr = AP 2’s BSSID, Dest Addr = STA’s MAC address AP 2 Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

7 Ingredients: PMK Caching
Month 2000 doc.: IEEE /xxx May 2004 Ingredients: PMK Caching STA AP STA PMK Cache AP PMK Cache AP’s BSSID, PMKID, PMK AP2’s BSSID, PMKID, PMK STA’s MAC Addr, PMKID, PMK STA2’s MAC Addr, PMKID, PMK If a STA and AP share a cached PMK, they needn’t reauthenticate Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

8 Ingredients: 4-Way Handshake
May 2004 Ingredients: 4-Way Handshake STA AP PMK PMK Pick Random ANonce EAPOL-Key(ANonce) Pick Random SNonce, Derive PTK = EAPOL-PRF(PMK, ANonce | SNonce | AP MAC Addr | STA MAC Addr) EAPOL-Key(Unicast, SNonce, MIC, STA RSN IE) Derive PTK EAPOL-Key(ANonce, MIC, AP RSN IE, GTK) EAPOL-Key(MIC) Install TK, GTK Jesse Walker and Emily Qi, Intel Corporation

9 Month 2000 doc.: IEEE /xxx May 2004 Some Observations 802.11i 4-Way Handshake messages are encoded as 802.1X messages So could be forwarded over pre-authentication channel by simply changing the Ethertype 802.11i does not define how to send 4-Way Handshake messages over the Pre-authentication But it does not preclude this, either 802.11i implicitly ties PTK to association But not explicitly: still works for IBSS case 802.11i 4-Way Handshake is self-protecting Security unaffected by the message path Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

10 Month 2000 doc.: IEEE /xxx May 2004 What’s Missing from i? Minor change to Key Management state machines required to support pre-keying 4-Way Handshake, Group Key Handshake messages may be encapsulated using the Pre-authentication Ethertype Change state machines to track whether keying messages exchanged over normal or over pre-authentication channel STA needs a Request message to kick-start AP Must identify the STA and the PMK used STA needs feedback if AP does not have the required PMK This can’t be secured so is only a hint PTK rules need slight tinkering to permit pre-keying without association APs should not cache PTKs forever PTKs can’t be used across associations RSN IE changes STA needs feedback Re: PTK timeout STA and AP have to negotiate security policy in 4-Way Handshake instead of Reassociate Need to advertise support for pre-keying Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

11 Usage On first contact, STA uses existing 802.11i
Month 2000 doc.: IEEE /xxx May 2004 Usage On first contact, STA uses existing i Discovery  Open System Authentication  Association  802.1X authentication  4-Way Handshake  Data exchange After 4-Way Handshake completes STA may use pre-keying if desired to optimize AP-to-AP transition Discovery  Pre-key  Reassociate  Data exchange If desired, STA may use pre-keyed TK to protect other management messages prior to association 802.11k Protected Action Frames If keys are in place prior to AP-to-AP transition, then they can be used to protect Reassociation Protection of Disassociation, Deauthentication becomes meaningful Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

12 Month 2000 doc.: IEEE /xxx May 2004 Open Issues Identify modifications needed to 802.1X state machines to support pre-keying? Prevent same PTK being used across two associations PTK reuse across association breaks replay protection mechanism What if STA transitions to the new AP before pre-keying completes? What if STA transitions to a different AP before pre-keying completes? How to handle GTK updates? The AP can send GTK updates over the pre-authentication channel if the STA is not associated But what to do is STA moves? Security associations are stateful What to with pre-key request from an “already associated” STA? Other information that can be transferred over the pre-authentication channel? Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

13 Q&A Where do the cached PMKs come from?
Month 2000 doc.: IEEE /xxx May 2004 Q&A Where do the cached PMKs come from? Out of Scope. These can be provisioned by, e.g., pre-authentication, some IETF/IRTF “standard” back-end protocol, e.g. proactive keying, or by a proprietary key provisioning scheme, e.g., Cisco’s What about subnet boundary crossing? Out of Scope. Since it is based on the pre-authentication channel, it is a LAN-only solution. Why not use some other channel? We know of no other candidates. Why reuse the 4-Way Handshake? We don’t want to invent a new protocol. Getting a key establishment scheme right is hard. Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

14 Straw Poll Propose Pre-Keying normative text for 802.11r? Month 2000
doc.: IEEE /xxx May 2004 Straw Poll Propose Pre-Keying normative text for r? Jesse Walker and Emily Qi, Intel Corporation John Doe, His Company

15 May 2004 Feedback? Jesse Walker and Emily Qi, Intel Corporation

Download ppt "Jesse Walker and Emily Qi Intel Corporation"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE 802.11-04-1180-02-000r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Doc.: IEEE 802.11-03/008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
Seamless BSS Transition Protocol

Seamless BSS Transition Protocol
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
Some LB 62 Motions January 13, 2003 January 2004

Some LB 62 Motions January 13, 2003 January 2004
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure

Similar presentations

Ads by Google