Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pre-Association Negotiation of Management Frame Protection (PANMFP)

Published byGladys Summers Modified over 5 years ago

Similar presentations

Presentation on theme: "Pre-Association Negotiation of Management Frame Protection (PANMFP)"— Presentation transcript:

1 Pre-Association Negotiation of Management Frame Protection (PANMFP)
October 2016 doc.: IEEE /1289r0 January 2017 Pre-Association Negotiation of Management Frame Protection (PANMFP) Date: Authors: Nehru Bhandaru et. al. Adrian Stephens (Intel Corporation)

2 Background Motivation for FTM Security
January 2017 Background Motivation for FTM Security Integrity of measurement and location Requires management and control frame protection Location and ranging privacy Management frame protection Earlier Contributions (See references) FTM Security Enhancements (16/1020r0) Security Requirements (16/1256r1) FTM Security in Associated and Un-associated States (16/1498r1) Group interest in more detail Protection in Un-associated state Mechanism allows any management frame to be protected Using standard MFP after key derivation whether associated or not Slide 2 Nehru Bhandaru et. al.

3 Introduction We believe PANMFP protocol is presented here
January 2017 Introduction We believe Standard Management Frame Protection (MFP) i.e. using AES-xCMP should be leveraged to protect management frames pre and post association Protect FTM/Location Protect additional discovery mechanisms (e.g. Service Discovery) Additional privacy pre-association Possible in Un-associated state with extensions to key negotiation protocol(s) PANMFP protocol is presented here Not discussed in this presentation Control frame protection, but it can leverage MFP Mechanisms to protect against physical layer attacks Slide 3 Nehru Bhandaru et. al.

4 PANMFP Authentication Protocol
January 2017 PANMFP Authentication Protocol non-AP STA AP Beacon(RSNIE(PANMFP)) Auth(1, PANMFP, PMKID(s), DH-S(FCG, FFE) or SNonce, RSNIE, Wrapped Data) Auth(2, PANMFP, PMKID, DH-A(FCG, FFE) or ANonce, Wrapped Data, MIC) Auth(3, PANMFP, MIC) Slide 4 Nehru Bhandaru et. al.

5 PANMFP Authentication Protocol
January 2017 PANMFP Authentication Protocol RSN IE advertises PANMFP AKM PANMFP authentication protocol establishes a PTK Mutual authentication Includes key confirmation Optional support for PFS Use existing elements - FCG, FFE, Wrapped Data, MIC Management frame protection using the PTK Unicast frame protection only Protect robust action frames and de-authentication frame Slide 5 Nehru Bhandaru et. al.

6 PANMFP Authentication Protocol
January 2017 PANMFP Authentication Protocol Authentication Frame 1 PMKID(s) identifying possible PMK(s) from initial Security Association to another AP in ESS can use any AKM for initial SA identified in RSN IE Allow for DH or Nonces to derive PTK Optionally allow Wrapped Data - can carry EAP-rp as in FILS Slide 6 Nehru Bhandaru et. al.

7 PANMFP Authentication Protocol
January 2017 PANMFP Authentication Protocol Authentication Frame 2 PMKID identifying the PMK Optionally allow Wrapped Data - can carry EAP-rp as in FILS MIC protects the frame AP derives PTK before sending the frame DH public values or nonces are integrity protected using PTK (KCK) KCK used with CMAC or HMAC-SHA-xxx where xxx is 384 or 256 as determined by RSNIE Example key derivation(s) PTK without PFS = KDF-Hash-Length(PMK, “PANMFP-PTK”, SNonce||ANonce||BSSID||STA-Addr) PTK with PFS = KDF-Hash-Length(PMK, “PANMFP-PTK”, DH-shared-secret||BSSID||STA-Addr) MIC lengths of 16 or 24 octets as in [1] KCK length is per AKM in the RSNIE KEK not used Slide 7 Nehru Bhandaru et. al.

8 PANMFP Authentication Protocol
January 2017 PANMFP Authentication Protocol Authentication Frame 3 Completes key confirmation with MIC Keys installed on AP after the frame is ACK’d Keys installed on non-AP STA after the frame ACK is received Slide 8 Nehru Bhandaru et. al.

9 Expected changes to 802.11 Spec
January 2017 Expected changes to Spec AKM selector for PANMFP AKM (Table 9-133) Algorithm Assigned Number for PANMFP PANMFP Key derivation and hierarchy ( x) PANMFP Authentication Protocol (12.x) frame generation and processing on STA and AP Frame filtering Robust action frames are class 2 when SA established by PANMFP is present FTM negotiation Advertise secure FTM capabilities (Extended Capabilities IE) Negotiate secure FTM use (FTM parameters) Secure FTM relies on PANMFP and standard MFP FTM Security Considerations Slide 9 Nehru Bhandaru et. al.

10 Questions & Discussion
January 2017 Questions & Discussion Can we use SAE No, since SAE derives PMK only What about FILS Used for initial authentication only Key confirmation part of association Wrapped data can be used to execute EAP-rp protocol to derive PMK What about FBT PMK-r1 can be used as PMK in PANMFP How is PMK distributed No new mechanisms for PMK distribution. Can we work with no PMK Possibly, similar to OWE Changes to state machine Not required, but filtering rules change Slide 10 Nehru Bhandaru et. al.

11 Questions & Discussion
January 2017 Questions & Discussion Do we need replay protection for negotiation No, renegotiate with new Nonces or FFEs Can association follow PANMFP authentication and data frame protection using keys derived via PANMFP No, must re-authenticate, re-associate and establish an RSN SA that is not from PANMFP Can Authentication happen with Public Keys and Certificates instead of a PMK Yes, but not in the scope of this proposal Can the key be negotiated in two messages No, since the first message may not be protected and needs to be confirmed Slide 11 Nehru Bhandaru et. al.

12 Summary FTM/11az needs security
January 2017 Summary FTM/11az needs security FTM frame protection should use standard MFP Presented a pre-association protocol To establish keys to protect FTM and other frames prior to association Independent of FTM Can possibly protect other frames Slide 12 Nehru Bhandaru et. al.

13 January 2017 Straw Poll The authentication method described here should be used for negotiating pre-association security (Keys, SA) used to secure FTM Agree: Disagree: Abstain: Slide 13 Nehru Bhandaru et. al.

14 January 2017 References [1] IEEE Std REVmc_D8.0, IEEE Standard for Information Technology – Telecommunications and information exchange between systems, local and metropolitan area networks – Specific requirements, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications [2] “Proposed az Functional Requirements”, IEEE /424r3 [3] IEEE /1020r0, Q. Wang, et. al., “Security Enhancement to FTM”, July 2016 [4] IEEE / az, Qi Wang et. al., Functional Requirement for Secure Ranging [5] IEEE / az, Qi Wang et. al., FTM Security in Associated and Un-sssociated States Slide 14 Nehru Bhandaru et. al.

Download ppt "Pre-Association Negotiation of Management Frame Protection (PANMFP)"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Submission doc.: IEEE 802.11-12/0789r3 NameAffiliationsAddressPhoneemail George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,

Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Wireless Network Security CSIS 5857: Encoding and Encryption.

Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-12/0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: 2012-07-06 July 2012.

Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE 802.11-12/0269r1 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,

Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
PHY Security FRD and SRD Text

PHY Security FRD and SRD Text
History and Implementation of the IEEE 802 Security Architecture

History and Implementation of the IEEE 802 Security Architecture
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
TGaq Transaction Protocol

TGaq Transaction Protocol
Security Enhancement to FTM

Security Enhancement to FTM
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
Some LB 62 Motions January 13, 2003 January 2004

Some LB 62 Motions January 13, 2003 January 2004

Similar presentations

Ads by Google