Download presentation
Presentation is loading. Please wait.
1
11ay Fast Association Authentication
Month Year doc.: IEEE yy/xxxxr0 11ay Fast Association Authentication Date: Authors: Name Affiliations Address Phone Robert Sun; Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata, Ontario K2K 3J1 Yan Xin Osama Aboul-Magd Edward Au Rob Sun etc, Huawei. John Doe, Some Company
2
Problem Statements Auth Server PCP/AP DMG STA Beacon/Announce/Probe Req-Resp (11ad) defines the Security Association operations in PBSS The Association and Authentication are lock step procedures in order to satisfy the RSNA trust model. However it takes substantial time in completion of the authentication and association following the steps as specified in [1] How to optimize it? Authentication Request Not Used for DMG Authentication Response State 2 State 2 Association Request Association Response + RSN IE EAPol Start EAPol Req ID EAPol Resp ID Radius Req EAP Authentication Method EAPol Success EAPol Success State 3 State 3 PBSS 4 Way Handshake State 4 State 4
3
11ad Authentication State Machine (10.3.2)
DMG STA association and authentication goes through State 2->3->4 with IEEE 802.1x RSNA AKM. Short cut state transition (State 2 ->State 4) is serving the fast re-authentication and enable the PBSS 4 way handshake Problem: 11ad didn’t specify the PBSS 4 way handshake in a way that really enables the short cut state transition. In another words, as per 11ad the PBSS 4 way handshake can only take place after state 3. Observations: - The short cut state transition will be beneficial in making speedy association/authentication
4
Design Principle Keep 11ad Authentication/Association scheme intact
Section Section Reuse the RSNA compliant 802.1x authentication/association state machine No one-shoe-fits-all 11ay association/authentication solution. Some Use Cases (UC#1, #2) have different pre-shared credentials than others (UC#4,5) and required different authentication schemes to meet the timing requirements. Other cases can still keep using the legacy 11ad authentication/association procedure.
5
Solution: RSNA-based Authentication
PCP/AP DMG STA DMG Beacon/Announce/Probe Req-Resp (RSN 11ay FAA Capability bit+ Authentication IE […||Anonce]) State 2 State 2 (re)Association Req ( +Authentication IE [Snonce +MIC]) DMG STA constructs PTK PCP/AP constructs PTK (re)Association Resp (+Authentication IE [MIC]) State 3/4 State 3/4
6
11ay Fast Association/Authentication Protocol Analysis
If dot11RSNAEnabled is true, and if the RSNA is based on IEEE 802.1X AKM in PBSS. No TTP (Trust Third Party) Auth Server ( i.e UC#1, UC#2, UC#3) required. No other DMG STA in the proximity (UC#1 or UC#2) Least concern for eavesdropping or MITM attack. Both PCP/AP and DMG STA shares the common Shared Secret (K) cryptographically secure (NIST SP800-97) K is the Authentication Key ( at least 128bits) The 1st message of 4 way handshake is now piggybacked over DMG beacon from PCP/AP 11ay FAA (Fast Association/Authentication Capability Bit and Authentication IE could be appended to the DMG Beacon, or Announcement or Probe Response Frames. The 4th message of 4 way handshake is omitted in order to save flight time which traditionally is deployed for key confirmation purpose. The removal is not a concern if “No other DMG STA is proximity” 11ad PBSS 4 way handshake messages are piggybacked with optional MBO parameters for MBO operations. The 11ay FAA may support it by appending the MBO IEs.
7
Solution: RSNA-based Authentication with Key ID initiating from PCP/AP
In UC #1, A PCP/AP (toll gate) has to maintain up to thousands of pre-shared secrets (K) in order to support the massive pass through STAs. The K has to be differed from STA to STA in order to prevent the key forgery attack. Key ID is used for STA to indicate to PCP/AP which Key it starts to authenticate. The Key ID will be input into the MIC to prevent the replay attack. The Key ID could be indicated by either PCP/AP or DMG STA, However it’s more practical for PCP/AP to store massive keys in database. The Key ID format could be as specified in RFC 4880 Note: This Key ID is different than the GCMP MPDU Key ID octet ( ) PCP/AP DMG STA DMG Beacon/Announce/Probe Req-Resp (RSN 11ay FAA Capability bit +Authentication IE [Key ID|| ANonce]]) State 2 State 2 (re)Association Req ( +Authentication IE [… Key ID, SNonce +MIC]) DMG STA constructs PTK PCP/AP constructs PTK (re)Association Rsp (+Authentication IE [MIC]) State 4 State 4
8
Solution: RSNA-based Authentication with Key ID initiating from DMG STA
PCP/AP DMG STA Authentication with Key ID initiating from DMG STA In the Case of DMG STA has the storage of the Keys database (Out of scope of IEEE ) DMG STA attach its Key ID in the Association Req frame as the Extended IE to indicate PCP/AP which key it’s intended to use for this particular session. DMG Beacon/Announce/Probe Req-Resp (RSN 11ay FAA Capability bit + Authentication IE( ANonce)) State 2 State 2 (re)Association Req ( +Authentication IE [Key ID, SNonce +MIC]) DMG STA constructs PTK PCP/AP constructs PTK (re)Association Rsp (+Authentication IE [Key ID,MIC]) State 4 State 4
9
11ay Key Hierarchy (W/O Key ID)
K (PMK) KDF-X( K, “11ay Key Generation”, Min(MAC_s, MAC_a)||Max(MAC_s, MAC_a) ||Min(SNonce, ANonce)|| Max(SNonce, ANonce)) PTK Key confirmation key L(PTK,0,B) KCK Key encryption key L(PTK,B, B) KEK2 Temporal Key L(PTK,B or 2*B,TK_bits) TK Note: B should be at least 128bits
10
11ay Key Hierarchy (W/ Key ID)
K (PMK) Note 2 KDF-X( K, “11ay Key Generation”, Key ID|| Min(MAC_s, MAC_a)||Max(MAC_s, MAC_a) ||Min(SNonce,ANonce)|| Max(SNonce, ANonce)) PTK Key confirmation key L(PTK,0,B) KCK Key encryption key L(PTK,B, B) KEK2 Temporal Key L(PTK,B or 2*B, TK_bits) TK Note 1 Note 1: B should be at least 128bits Note 2: Key ID is getting involved into the key generation
11
11ay Key Usage and Management
Key Management K is used to derive KCK (>=128bits), KEK(>=128bits) and TK (>=128bits) The Cipher Suites are GCMP (OUI: 00-0F-AC:8) Key ID is specially designed for the scenarios where no TTP server and both devices are in very close proximity (less threat from eavesdropping or man in the middle) Key ID is to identify the Key from pre-shared Key database to prevent the forgery attack The Key management should be following PTKSA life cycle management (10.3.5) The 11ay re-association operation could repeat the same protocol in order to resume the upper layer sessions without breakout.
12
NEW RSN Capabilities field for 11ay Fast Association/Authentication
FAA Capability (Subclause ) - Define the 11ay FAA Capability Bit for indication: 0 is not using 11ay FAA 1 is using 11ay FAA - If the 11ay FAA Capability bit is 1, an Authentication IE is attached thereafter
13
New: 11AY Authentication IE Format
Element ID 11ay PBSS Auth Options Length Key ID Nonce's MIC Octets: 1 1 1 0 or 16 0 or 8 0 or 16 PCP/AP as Key ID initiator 1 DMG STA as key ID initiator B0 B2 B4 B5 B6 B7 Association Authentication type Handshake # Key ID Usage Key ID initiator Reserved B3 B2 B3 B0 B1 00 Message #1 (Within the DMG Beacon or other frames) 01 Message #2 ( Within the (re) Association Request Frame) 10 Message #3 (Within the (re) Association Response Frame) 11 Message #4 (Not used if B0::B1= 01 and 10) 00 Reserved 01 11ay PBSS Fast Association/Authentication with PSK 10 11ay PBSS Fast re-association/ re-authentication with PSK 11 11ay association/authentication using other frames than association/authentication frames
14
References [1]Rob Sun, et al, Performance of EAP authentication and authorization
15
SP/Motion Do you agree to insert the following text into the SFD?
Mar 2016 SP/Motion Do you agree to insert the following text into the SFD? “An EDMG STA may include the Authentication IE within management frames during discovery and association phase to parallelize the pre-shared key based authentication and key generation, to speed up the process of authentication and association” Yes: No: Abstain: Huawei
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.