Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIP DEX for Fast Initial Authentication in

Published byStanislav Moravec Modified over 5 years ago

Similar presentations

Presentation on theme: "HIP DEX for Fast Initial Authentication in"— Presentation transcript:

1 HIP DEX for Fast Initial Authentication in 802.11
Konstantinos Georgantas, HIIT Page 1 May 2011 doc.: IEEE /xxxxr0 May 2011 doc.: IEEE /xxxxr0 May 2011 HIP DEX for Fast Initial Authentication in Date: Authors: Name Company Address Phone Konstantinos Georgantas Helsinki Institute for Information Technology Robert Moskowitz Verizon Business 15210 Sutherland, Oak Park, MI 48237, USA Slide 1 Konstantinos Georgantas, HIIT Page 1 Konstantinos Georgantas, HIIT

2 Abstract Konstantinos Georgantas, HIIT Page 2
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Abstract This document presents the use of a HIP Diet EXchange (DEX) based architecture which intends to provide the necessary IP layer elevated security mechanisms in order to face the challenge of fast authentication in WLANs. HIP introduces a radically new way of authenticating hosts in WLANs in only two message exchanges and therefore saves time during authentication Slide 2 Konstantinos Georgantas, HIIT Page 2 Konstantinos Georgantas, HIIT

3 Agenda Konstantinos Georgantas, HIIT Page 3
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Agenda Problem statement Solution overview Network architecture HIP DEX adjustments Protocol operation Open work items Conclusions Slide 3 Konstantinos Georgantas, HIIT Page 3 Konstantinos Georgantas, HIIT

4 Problem Statement Konstantinos Georgantas, HIIT Page 4
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Problem Statement Why Fast Initial Authentication? Moving users with high velocity between APs Big amount of users entering an AP Smaller and smaller cell areas Ultimate goal: Can we go with a single roundtrip? Slide 4 Konstantinos Georgantas, HIIT Page 4 Konstantinos Georgantas, HIIT

5 Solution Overview (1/3) Konstantinos Georgantas, HIIT Page 5
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Solution Overview (1/3) Maybe not a single roundtrip but what about 2 roundtrips? “Lightweight Authentication and Key Management on Wireless Networks” by Konstantinos Georgantas and Andrei Gurtov submitted in IEEE GLOBECOM 2011 Introduce a new network hierarchy Move the authenticator – HIP responder one level above Authentication only when ESS transition occurs Let the APs act as relays Introduce port based Net Access Control allowing HIP only traffic until the Initiator is authenticated Slide 5 Konstantinos Georgantas, HIIT Page 5 Konstantinos Georgantas, HIIT

6 Solution Overview (2/3) Konstantinos Georgantas, HIIT Page 6
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Solution Overview (2/3) Let HIP datagrams run over Authentication frames HIP UPDATE can act as a rekeying mechanism EAP can also run on HIP! Slide 6 Konstantinos Georgantas, HIIT Page 6 Konstantinos Georgantas, HIIT

7 Solution Overview (3/3) Konstantinos Georgantas, HIIT Page 7
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Solution Overview (3/3) Proposed operation Slide 7 Konstantinos Georgantas, HIIT Page 7 Konstantinos Georgantas, HIIT

8 Reference Papers Konstantinos Georgantas, HIIT Page 8
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Reference Papers Some papers to review D. Kuptsov, A. Khurri, A. Gurtov, Distributed authentication architecture in Wireless LANs, in Proc. of the 10th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'09), June 2009. J. Korhonen, A. Mäkelä, T. Rinta-aho, HIP Based Network Access Protocol in Operator Network Deployments Slide 8 Konstantinos Georgantas, HIIT Page 8 Konstantinos Georgantas, HIIT

9 Open Work Items Konstantinos Georgantas, HIIT Page 9
doc.: IEEE /xxxxr0 May 2011 May 2011 doc.: IEEE /xxxxr0 May 2011 Open Work Items STA validation of AP Include a CERT parameter in R1 that contains an X.509 cert for the AP Assumption is the STA can validate the cert without any 'upstream' assistance, or delay validation until IP connectivity is provided Timing concerns for AUTHENTICATION RESPONSE does not specify a response time window, but does WiFi certification? If so do we need NULL keepalives or loosening of timings when AUTHENTICATION used for KMP? Slide 9 Konstantinos Georgantas, HIIT Page 9 Konstantinos Georgantas, HIIT

10 Conclusions Thank you! Konstantinos Georgantas, HIIT Page 1010
May 2011 doc.: IEEE /xxxxr0 May 2011 doc.: IEEE /xxxxr0 May 2011 Conclusions Seamless intra-domain handovers (BSS transitions) Only 2 roundtrips (instead of 11) for inter-domain handovers (ESS transitions) But there are still some security considerations under review Thank you! Slide 10 Konstantinos Georgantas, HIIT Page 10 Konstantinos Georgantas, HIIT

Download ppt "HIP DEX for Fast Initial Authentication in"

Similar presentations

Doc.: IEEE 802.11-12/0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in 802.11 Date: 2012-01-16.

Doc.: IEEE /0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in Date:
Doc.: IEEE 802.11-11/0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: 2011-05-10 Authors: NameCompanyAddressPhoneemail.

Doc.: IEEE /0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE 15-15-0427-00-007a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P802.15 Working Group for.

Doc.: IEEE a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE 802.11-11/1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: 2011-05-10 Authors: NameCompanyAddressPhoneemail.

Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE 802.15-15-12- 0162-00-0009 Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P802.15 Working Group.

Doc.: IEEE Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P Working Group.
21-06-0727-01-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0727-01-0000 Title: Proposal for IEEE 802.21 Study Group on Security Signaling Optimization.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.
Doc.: IEEE15-12-0231-00-0009-HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE 802.11-13/484r0 Submission NameAffiliationsAddressPhoneemail George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.

Doc.: IEEE /484r0 Submission NameAffiliationsAddressPhone George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Submission doc.: IEEE 802.11-10/1146r0 Hitoshi Morioka, ROOT INC. Jun 2010 Feasibility Study of FIA Date: 2010-09-15 Authors: NameCompanyAddressPhoneemail.

Submission doc.: IEEE /1146r0 Hitoshi Morioka, ROOT INC. Jun 2010 Feasibility Study of FIA Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.

Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
doc.: IEEE /xxx Jon Edney, Nokia

doc.: IEEE /xxx Jon Edney, Nokia
Discussions on FILS Authentication

Discussions on FILS Authentication
FILS presentation on High Level Security Requirements

FILS presentation on High Level Security Requirements
AP Discovery Information Broadcasting

AP Discovery Information Broadcasting
Fast Authentication in TGai

Fast Authentication in TGai

Similar presentations

Ads by Google