Presentation is loading. Please wait.

Presentation is loading. Please wait.

FILS Handling of Large Objects

Published byゆあ いさし Modified over 5 years ago

Similar presentations

Presentation on theme: "FILS Handling of Large Objects"— Presentation transcript:

1 FILS Handling of Large Objects
April 2009 doc.: IEEE /1243r1-draft February 5, 2013 FILS Handling of Large Objects Date: Authors: Name Company Address Phone René Struik Struik Security Consultancy Toronto ON, Canada USA: +1 (415) Toronto: +1 (647) Skype: rstruik René Struik (Struik Security Consultancy) Rich Kennedy, Research In Motion

2 Review Comments on 802.11ai – D0.2 Generalized Problem Statement
February 5, 2013 Review Comments on ai – D0.2 Ref: 13/0036r09 (tgai-draft-review-combined-comments) CID #242 (David Goodall, 13/0016r0): Comment ( ): An X.509v3 certificate may be longer than 253 bytes and therefore requires fragmentation across multiple elements. A certificate chain may require additional fragmentation. Proposed change: 11ai will need to provide a mechanism for fragmenting certificates and certificate chains. It may be possible to adopt a mechanism from 11af etc. Generalized Problem Statement What to handle large objects that fit within a single frame? How to fragment FILS frames, if these become too long due to large objects?

3 Outline Constructs from 802.11-2012
February 5, 2013 Outline Constructs from Frame fragmentation/defragmentation Management frame body components Protocol recap Certificate-based protocol Protocol including “piggy-backed info” Application to FILS protocol Handling of large objects Handling of “foreign” objects (e.g., higher-layer “piggy-backed data” along key confirmation flows)

4 Frame Fragmentation (802.11-2012)
February 5, 2013 Frame Fragmentation ( ) Conceptual Channel Channel w/Fragmentation Notes: Headers contain Sequence Control Field that indicates fragment# (4-bits) and sequence # (12-bits) Originator (A) partitions frame body and sends individual segments in separate frames, in order Recipient (B) reconstructs original (conceptual) frame from received segments, in order When secure channel used, each segment is individually secured (by originator) or unsecured (by recipient) Duplicate segments and segments received after time-out are acknowledged allows fragmentation/defragmentation with individually addressed MSDUs and MMPDUs HDR Body2 FCS A B HDR1 Body1 FCS1 HDR3 Body3 FCS3 HDR2 FCS2

5 Management Frame Body Components (802.11-2012)
February 5, 2013 Management Frame Body Components ( ) Information Elements (8.4.2): Named objects with format (Type, Length, Value), where Type: Element-ID (1-octet field); Length: Octet-length of Value field (1-octet field); Value: Variable field. Non-Information Elements (8.4.1): Specified objects with tailored length and value attributes Notes: Information elements cannot have size larger than 255 octets, whereas non-information elements can. With , Authentication frames ( ) are specified with field elements that are non-IEs, as is the case with some field elements specified with association request frames ( ) and Association Response frames ( ).

6 Protocol Recap February 5, 2013 Notes:
Our exposition is relative to certificate-based public-key protocol (i.e., without online third party), but does leave out details not necessary for current discussion A Random X, Nonce NA {NA, NB,[CertCA(IdA,QA), signA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB {NB, NA,[CertCA(IdB,QB), signB]}KEK2 STA AP René Struik (Struik Security Consultancy)

7 Protocol Recap w/ “Piggy-Backed Info”
February 5, 2013 Protocol Recap w/ “Piggy-Backed Info” Notes: Key confirmation messages can become quite large, due to accumulation of certificates; Signature; “piggy-backed info”. Certificate (chain) verification has to happen after completion of the key computation (thus, forcing a serialized implementation (optionally carrying out computations between A and B in parallel). A Random X, Nonce NA {NA, NB,[CertCA(IdA,QA), signA, TextA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB STA AP {NB, NA,[CertCA(IdB,QB), signB, TextB]}KEK2 René Struik (Struik Security Consultancy)

8 Suggested Protocol Flows
February 5, 2013 Suggested Protocol Flows Notes: Easy fragmentation/defragmentation of Authentication frames (since no frame protection); Fragmentation on Association frames possible (since no frame protection of those frames); All objects that do not fit restrictions of IEs can easily be represented as field elements (in ’s sense). Intra-frame fragmentation of higher-layer TLV objects (13/133r3) can be handled uniformly and aligned with fragmentation/re-assembly Sequence Control Field approach (details in next version) Further “ugly” optimization: Partition certificate that “just does not fit” over 1rst/3rd flow, resp. 2nd/4th flow (thus, not increasing #flows) A Random X, Nonce NA, {NA, NB,[CertCA(IdA,QA), signA, TextA]}KEK2 Key Establishment Key Confirmation B Random Y, Nonce NB STA AP CertCA(IdA,QA) CertCA(IdB,QB) {NB, NA,[CertCA(IdB,QB), signB, TextB]}KEK2 René Struik (Struik Security Consultancy)

Download ppt "FILS Handling of Large Objects"

Similar presentations

Submission doc.: IEEE 11-14/0141r0 January 2014 Jarkko Kneckt (Nokia)Slide 1 Element Fragmentation Date: 2014-01-21 Authors:

Submission doc.: IEEE 11-14/0141r0 January 2014 Jarkko Kneckt (Nokia)Slide 1 Element Fragmentation Date: Authors:
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Submission doc.: IEEE 802.11-11/1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE 802.11-12/1054r0 Submission Sep. 2012 Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: 2012-09-07 Authors:

Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE 802.11-11/1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE 802.11-13/0133r3 Submission NameAffiliationsAddressPhoneemail Hitoshi MORIOKAAllied Telesis R&D Center 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001.

Doc.: IEEE /0133r3 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: 11-13-0201-07 Submission May 13, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date: 2013-05-13.

Doc.: Submission May 13, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date:
Doc.: 11-14-0184-01 Submission January 22, 2014 Rene Struik (Struik Security Consultancy)Slide 1 TGai Motions Date: 2014-01-22 Authors: NameCompanyAddressPhoneemail.

Doc.: Submission January 22, 2014 Rene Struik (Struik Security Consultancy)Slide 1 TGai Motions Date: Authors: NameCompanyAddressPhone .
Doc.: 11-13-0201-05 Submission March 21, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: 2013-03-21 Authors:

Doc.: Submission March 21, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
Doc.: 11-13-0201-06 Submission April 22, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date:

Doc.: Submission April 22, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects, FILS Piggy-Backing Date:
Doc.: 11-13-0201-00 Submission February 5, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: 2013-02-05 Authors:

Doc.: Submission February 5, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
Doc.:IEEE 802.11-13/0318r0 March 2013 A. Asterjadhi, Qualcomm Inc. Short MAC Header Design Date: 2013-03-15 Authors:

Doc.:IEEE /0318r0 March 2013 A. Asterjadhi, Qualcomm Inc. Short MAC Header Design Date: Authors:
Doc.: 11-13-0581-00 Submission May 14, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Piggy-Backing Aspects Date: 2013-05-14 Authors: NameCompanyAddressPhoneemail.

Doc.: Submission May 14, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Piggy-Backing Aspects Date: Authors: NameCompanyAddressPhone .
Submission doc.: IEEE 802.11-16/0336r0 March 2016 Xiaofei Wang (InterDigital)Slide 1 Relay Improvement: Regarding CID 9058 & 9075 Date: 2016-03-11 Authors:

Submission doc.: IEEE /0336r0 March 2016 Xiaofei Wang (InterDigital)Slide 1 Relay Improvement: Regarding CID 9058 & 9075 Date: Authors:
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Higher Layer Packet Container Proposal Presentation

Higher Layer Packet Container Proposal Presentation
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Discussion of Outstanding TGai Security Topics

Discussion of Outstanding TGai Security Topics
Security Enhancement to FTM

Security Enhancement to FTM
MU BAR Frame Format Date: Authors: November 2015 Month Year

MU BAR Frame Format Date: Authors: November 2015 Month Year

Similar presentations

Ads by Google