Presentation is loading. Please wait.

Presentation is loading. Please wait.

AES Associated Data Optimization

Published byAnka Kojić Modified over 5 years ago

Similar presentations

Presentation on theme: "AES Associated Data Optimization"— Presentation transcript:

1 AES Associated Data Optimization
<month year> doc.: IEEE /xxxr0 November 2001 AES Associated Data Optimization Nancy Cam-Winget, Atheros Jesse Walker, Intel Cam-Winget, Walker <author>, <company>

2 What is Associated Data (AD)?
November 2001 What is Associated Data (AD)? Associated data is data that must be authenticated but not privacy-protected associated data SA DA QoS Traffic Class (e.g. TCID subfield) Cam-Winget, Walker

3 How current AES protects AD
November 2001 How current AES protects AD Tgi v1.5 partitions Associated Data and uses both nonce-stealing and extra block: nonce  SAMAC_Address || QoSTraffic-Class || Replay-Counter || 016 associated-data-block  DAMAC_Address || 080 Motivation for partitioning is due to nonce size (128bit): SAMAC_Address = 6 bytes DAMAC_Address = 6 bytes Replay-Counter = 5 bytes QoSTraffic_Class = 2bytes (uses entire QoS control field) Cam-Winget, Walker

4 Problems with Current AD
November 2001 Problems with Current AD 40bits are split across IV field to accommodate keyID bits  results in an implementation annoyance Not an “official” solution. The “official solutions” associated data problem are nonce-stealing XOR PMAC of associated data into OCB tag Use of non-standard solution will not help Cam-Winget, Walker

5 November 2001 Optimization QoSTraffic-class only TCID subfield (4bits) needs protection Replay Counter 40bits are split across IV field to accommodate keyID bits  implementation annoyance keyID bits need to stay at bit30 and bit31 40bits at 11Mbps has worst case * 5yr+ lifespan 28bits at 11Mbps has worst case * ~14hr lifespan * Worst case = shortest possible rekey period Cam-Winget, Walker

6 Suggested Optimization
November 2001 Suggested Optimization Obviate associated-data-block, use nonce-stealing only: Replay Counter = 28bits (3.5 bytes) 228 = 268,435,456 packets QoStraffic-class = TCID Subfield = 4bits SAMAC_Address = 6bytes DAMAC_Address = 6bytes Nonce  Replay Counter || TCID || SA || DA Cam-Winget, Walker

7 November 2001 Motions Motion to adopt use of nonce-stealing for protecting associated data with the suggested optimizations and remove unstandard use of the extra associated data block. Included draft text updates appropriate clauses to this effect Cam-Winget, Walker

8 Do we really need directional keys?
November 2001 Do we really need directional keys? Save state if bidirectional key is used. In OCB mode, need both encryption and decryption key schedules Can achieve similar results if we borrow Doug Whiting’s idea to partition sequence space counter to be directional (e.g. AP is even, STA is odd) Cam-Winget, Walker

9 November 2001 Motions Motion to specify AES to use bidirectional key and use directional replay counter, where In a BSS, AP  STA uses even sequence numbers, and STA  AP uses odd sequence nuumbers In an IBSS, order STA addresses lexicographically and Addrlarger  Addrsmaller uses even sequence numbers and Addrsmaller  Addrlarger uses odd sequence numbers Cam-Winget, Walker

Download ppt "AES Associated Data Optimization"

Similar presentations

Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE 802.11-01/634r1 Submission November 2001 Ferguson, Housley, WhitingSlide 1 AES Mode Choices OCB vs. Counter Mode with CBC-MAC Niels Ferguson,

Doc.: IEEE /634r1 Submission November 2001 Ferguson, Housley, WhitingSlide 1 AES Mode Choices OCB vs. Counter Mode with CBC-MAC Niels Ferguson,
Doc.: IEEE 802.11-02/322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,

Doc.: IEEE /322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,
Doc.: IEEE 802.11-04/0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Proposed solutions to comments on section 7

Proposed solutions to comments on section 7
WEP2 Enhancements Russ Housley, RSA Labs Doug Whiting, HiFn

WEP2 Enhancements Russ Housley, RSA Labs Doug Whiting, HiFn
Some LB 62 Motions January 13, 2003 January 2004

Some LB 62 Motions January 13, 2003 January 2004
Keying for Fast Roaming

Keying for Fast Roaming
AID Selection Date: Authors: September 2010 Month Year

AID Selection Date: Authors: September 2010 Month Year
TGi Motions for Comment Resolution

TGi Motions for Comment Resolution
BSS Max Idle Period and Sleep Interval

BSS Max Idle Period and Sleep Interval
Motions to Address Some Letter Ballot 52 Comments

Motions to Address Some Letter Ballot 52 Comments
AES Mode Choices OCB vs. Counter Mode with CBC-MAC

AES Mode Choices OCB vs. Counter Mode with CBC-MAC
Non-Automatic Power Saving Delivery

Non-Automatic Power Saving Delivery
Extra MIC for use in Public Access WLAN

Extra MIC for use in Public Access WLAN
Nancy Cam-Winget, Cisco Systems Inc

Nancy Cam-Winget, Cisco Systems Inc
Short Slot Time Option for TGg

Short Slot Time Option for TGg
Clarified CCM Diagrams

Clarified CCM Diagrams
Multicast Replay Detection Fred Stivers, Texas Instruments

Multicast Replay Detection Fred Stivers, Texas Instruments
Proposed Normative Text Changes Concerning QoS IBSS

Proposed Normative Text Changes Concerning QoS IBSS

Similar presentations

Ads by Google