Presentation is loading. Please wait.

Presentation is loading. Please wait.

Potential L2 security options for UL BCS

Published byEdwina Nichols Modified over 5 years ago

Similar presentations

Presentation on theme: "Potential L2 security options for UL BCS"— Presentation transcript:

1 Potential L2 security options for UL BCS
Month Year doc.: IEEE yy/xxxxr0 July 2018 Potential L2 security options for UL BCS Date: Authors: Bahar Sadeghi, Intel John Doe, Some Company

2 Abstract A full security threat analysis is in scope of TG.
July 2018 Abstract A full security threat analysis is in scope of TG. Depending on the result of the threat analysis, the TG may make the following conclusions: No L2 security needed L2 data encryption needed (Confidentiality) Verification of sender/destination address needed (Integrity) The following slides outline possible solutions. Note: the goal of this presentation is solely to provide potential solutions to facilitate the PAR and CSD development. The solution will be developed in TG. Note: replay attacks addressed in previous contribution Bahar Sadeghi, Intel

3 UL Options Server Router AP STA
July 2018 UL Options Server Router AP STA Data Data Data Server Address Assumption: E2E security (confidentiality and/or integrity) is in place. However, there may be DOS attacks, severity and level of risk for DOS attacks need to be understood, depending on that one of these options may be considered Option 1: Server address & STA identity signed by CA Option 2: L2 authentication Option 3: L2 encryption Option 4: Option 1 + Option 3 Bahar Sadeghi, Intel

4 Option 1: Server address is signed by CA
July 2018 Option 1: Server address is signed by CA Server Router AP STA Data Data Data Server Address Digital signature STA is pre-installed with the Server address & CA certificate With each packet transmission, STA includes the Server address signed by the CA AP verifies the STA identity/server address using the certificate before forwarding the data Bahar Sadeghi, Intel

5 Option 2: L2 authentication
July 2018 Option 2: L2 authentication Private Key Server Router AP STA Data Data Data Server Address Public Key STA is pre-installed with the Server address STA generates public/private key and signs the data (and server address) With each packet transmission, STA includes the public key AP verifies the STA using the public key before forwarding the packet. Note: mechanisms for verification of the public key by AP required Note: both STA & AP may use a shared secret key Bahar Sadeghi, Intel

6 Option 3: L2 encryption Server Router AP STA
July 2018 Option 3: L2 encryption Private Key Public Key Server Router AP STA Data Data Data encrypted Server Address STA is pre-installed with the Server address & a public key AP is pre-installed with a private key STA encrypts data (and server address) using the public key AP verifies the payload (and address) using the private key before forwarding the packet. Note: both STA & AP may use a shared key Note: If key update is needed STA may receive updated public key distributed by AP Bahar Sadeghi, Intel

7 Option 4: Server address signed by CA and L2 encryption
July 2018 Option 4: Server address signed by CA and L2 encryption Private Key Public Key Server Router AP STA Data Data Data Server Address encrypted Digital signature AP is pre-installed with the CA certificate STA is pre-installed with the Server address & CA certificate STA & AP use a shared key or a pre-installed private/public key pair. Data transmissions are signed by private key AP uses shared/private key to decrypt the packet and verifies the STA identity, and the destination address using the certificate Bahar Sadeghi, Intel

8 July 2018 Summary One possible solution has been shown for different security requirements that may emerge from the security threat analysis to be conducted by TG. By use of digital signature by CA, the AP can Verify the identity of the STA Verify the destination (IP) address of the data is not corrupted Decide based on the signature / identity of the STA, whether to forward the packet Decide based on the server (IP) address if the packet should be forwarded Bahar Sadeghi, Intel

Download ppt "Potential L2 security options for UL BCS"

Similar presentations

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send email that is authenticated and/or encrypted. Authentication confirms the identity.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan, 2006-2013.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Network Security Celia Li Computer Science and Engineering York University.

Network Security Celia Li Computer Science and Engineering York University.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Distributing a Symmetric FMIPv6 Handover Key using SEND

Distributing a Symmetric FMIPv6 Handover Key using SEND
Security for location determination at a Public Domain

Security for location determination at a Public Domain
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Teleconference Agenda

Teleconference Agenda
On AP Power Saving Usage Model

On AP Power Saving Usage Model
Module 8: Securing Network Traffic by Using IPSec and Certificates

Module 8: Securing Network Traffic by Using IPSec and Certificates
Discussions on FILS Authentication

Discussions on FILS Authentication
Security for location determination at a Public Domain

Security for location determination at a Public Domain
Using SSL – Secure Socket Layer

Using SSL – Secure Socket Layer

Similar presentations

Ads by Google