Presentation is loading. Please wait.

Presentation is loading. Please wait.

Different MKD domain MPs communication method

Published bySurya Yohanes Kusnadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Different MKD domain MPs communication method"— Presentation transcript:

1 Different MKD domain MPs communication method
Month Year doc.: IEEE yy/xxxxr0 July 2008 Different MKD domain MPs communication method Date: Authors: Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 July 2008 Abstract CID#1069,1070 , 505 bring forward the problem that two neighbor MPs authenticated through different MKD node could NOT build a secure link We present a method the distribute the keys for the two neighbor MPs to build up the secure link Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

3 Agenda Problem statement Assumption Solution July 2008 Month Year
doc.: IEEE yy/xxxxr0 July 2008 Agenda Problem statement Assumption Solution Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

4 Problem statement MP ONLY binds with the MKD to do the key management
Month Year doc.: IEEE yy/xxxxr0 July 2008 Problem statement AS Authentication through MKD B wired network MKD A MKD B MP MP MP MP MP MP MP MP ONLY binds with the MKD to do the key management MKD could distribute the keys to MP which should do the initial authentication through the corresponding MKD Multiple MKD may exist in the mesh network Merging & faster startup Distribution of load Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

5 Assumption MKD could communicate with each other through mesh network
Month Year doc.: IEEE yy/xxxxr0 July 2008 Assumption AS wired network MKD A MKD B MP MP MP MP MP MP MP MKD could communicate with each other through mesh network MKDs constitute ONE key management group MKDs share one group key GK Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

6 Possible solution MKD1 MKD2 July 2008
Month Year doc.: IEEE yy/xxxxr0 July 2008 Possible solution MKD1 MKD2 REQ:MeshID || req || LocalNonce || LocalMKDD-ID || PeerMKDD-ID||GKID REQ:MeshID || req || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID||GKID RESP:MeshID || resp || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID || GKID || MIC RESP:MeshID || resp || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID ||GKID|| MIC Add multi-hop communicating protocol between MKDs to do the key distribution May reuse the abbreviated Handshake protocol Result Key Negotiation LDK-MKD||PTK-MKD=PRF-length(GK,min(LocalNonce,PeerNonce)||max(LocalNonce,PeerNonce)|| min(LocalMKDD-ID,PeerMKDD-ID)||max(LocalMKDD-ID,PeerMKDD-ID)…) LDK-MKD as the root key to compute PMK-MA PTK-MKD as the key to protect the communication between MKDs , Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

7 PMK-MA distribution between MPs in different MKD domain
Month Year doc.: IEEE yy/xxxxr0 July 2008 PMK-MA distribution between MPs in different MKD domain MKD1 MKD2 2b PMK Res 2 aPMK Req 2 aPMK Req 2b PMK Res 1 PLM MP1 MP2 3 4-way Handshake Procedure MP invokes the PLM protocol MPs both request the PMK-MA to the corresponding MKD node, when they find they are not in the same MKD domain MKD separately compute the PMK-MA using the same LDK-MKD to distribute the key to MP Both MP could do the normal 4-way handshake to derive PTK after getting the PMK-MA Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

8 The cross domain key management
Month Year doc.: IEEE yy/xxxxr0 July 2008 The cross domain key management GK LDK-MKD PTK-MKD PMK-MA PTK GK, shared BY MKD group LDK-MKD , Link distribution Key shared by MKD Compute the PMK-MA to distribute the keys to authenticated MPs PTK-MKD Shared by MKD, update when LDK-MKD updates PMK-MA Pair-wise Master Key, shared by authenticated MPs PTK Pair-wise Transient Key Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

9 Conclusion The management of GK shared by MKDs
Month Year doc.: IEEE yy/xxxxr0 July 2008 Conclusion The management of GK shared by MKDs Not be suitable to define the GK management in The communicating protocol between MKDs Need to be defined more clearly need to design the state machine Change to the PMK-MA negotiating procedure Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

10 References IEEE 802.11s D2.0 July 2008 Month Year
doc.: IEEE yy/xxxxr0 July 2008 References IEEE s D2.0 Changdong Fan, Amy Zhang, Huawei John Doe, Some Company

Download ppt "Different MKD domain MPs communication method"

Similar presentations

Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:

Doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: Authors:
Doc.: IEEE 802.11-08-0317r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: IEEE 802.11-08/0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: 2008-05-13 Authors:

Doc.: IEEE /0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: Authors:
Doc.: IEEE 802.11-08-0317r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Protocol Coexistence Issue in MSA Subsequent Authentication

Protocol Coexistence Issue in MSA Subsequent Authentication
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Relationship between peer link and physical link

Relationship between peer link and physical link
ESS Mesh Deployment Usage Model

ESS Mesh Deployment Usage Model
EAP based Message Flow Optimization for FILS

EAP based Message Flow Optimization for FILS
Overview of Key Holder Security Association Teardown Mechanism

Overview of Key Holder Security Association Teardown Mechanism
Authentication and Key Management of MP with multiple radios

Authentication and Key Management of MP with multiple radios
January 15th Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]

January 15th Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]
WLAN Mesh in CAPWAP Architecture

WLAN Mesh in CAPWAP Architecture
Mesh Security Proposal

Mesh Security Proposal
Technical Requirements for IEEE ESS Mesh Networks

Technical Requirements for IEEE ESS Mesh Networks
<month year> <doc.: IEEE doc> January 2013

<month year> <doc.: IEEE doc> January 2013
Using Upper Layer Message IE in TGai

Using Upper Layer Message IE in TGai
Use of EAPOL-Key messages during pre-auth

Use of EAPOL-Key messages during pre-auth
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

Similar presentations

Ads by Google