Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extended Usage of STKSA

Published byOla Endresen Modified over 4 years ago

Similar presentations

Presentation on theme: "Extended Usage of STKSA"— Presentation transcript:

1 Extended Usage of STKSA
2019/9/18 doc.: IEEE yy/xxxxr0 May 2008 Extended Usage of STKSA Date: Authors: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Hu Junling Sihoon Yang, LG Electronics

2 2019/9/18 doc.: IEEE yy/xxxxr0 May 2008 Abstract In this submission, STKSA is extended to be used on the AP path to decrease the AP’s processing burden and to enhance the end-to-end security. Hu Junling Sihoon Yang, LG Electronics

3 Use Case 1 (see contribution 11-07-2916(LG) also)
2019/9/18 doc.: IEEE yy/xxxxr0 May 2008 Use Case 1 (see contribution (LG) also) Two QSTAs are assoicated with an AP which does not support Security. The two QSTAs want to exchange security data, but the AP path is not secure. DL can be used just for secure transmitting. The STKSA can be setup manually or through other certain simple approach such as WPS extension. AP Not secure Secure Initiator STA Peer STA SMK is entered into STAs manually before DLS starting. Hu Junling Sihoon Yang, LG Electronics

4 Use Case 1 (see contribution 11-07-2916 also)
2019/9/18 doc.: IEEE yy/xxxxr0 May 2008 Use Case 1 (see contribution also) Even peer STA moves away and AP path is used, STKSA can be kept in AP path. The STAs still use STK to protect the data, but the protected data is encapsulated in tunnel. AP Path secure tunnel AP Secure Initiator STA Peer STA Hu Junling Sihoon Yang, LG Electronics

5 May 2008 Use case 2 Two QSTAs are assoicated with an AP which supports Security. The AP need to decrypts the data frame and encrypts it again when the AP transmits the data frames from one STA to the other. STA1 initiates DLS with STA2 because of bad QoS and the DLS is succeeded. AP encrypts the data by PTK2. AP decrypts the data by PTK1. AP AP transmits the data frames protected by PTK2 to STA2. STA1 sends data frames protected by PTK1 to AP. Direct Link STA1 STA2 Hu Junling

6 Data frame protected by STK
May 2008 Use case 2 Now, the STA2 moves, the direct link can not be used, so the data path is switched to AP path. STK is still used for protect the data between STAs and AP. The AP does not decrypt the data and encrypt it again before transmitting it to peer STA since the data frame is protected by STK, so the burden of the AP is decreased. AP path AP Data frame protected by STK Direct Link STA1 STA2 Hu Junling

7 May 2008 Use case 3 Two QSTAs are assoicated with an AP which support Security. STKSA can be used only for decreasing the burden of AP when the DL cann’t be setup successfully due to STA1 is too far away from STA2 or other reasons. The STKSA is created through AP path entirely. Date frames between STA and AP are protected by STK and AP do nothing for the data when the AP transmit it. Create STKSA AP Data frame, protected by STK STA2 Direct Link can not be setup STA1 Hu Junling

8 Summary In use case1, STK is used to end-to-end security.
May 2008 Summary In use case1, STK is used to end-to-end security. In use case2 and 3, STK is used to decrease the AP’s processing burden and to enhance the security when AP is not trusted. Direct link is used to decrease the air interface duplicated transmission, STK is used to decrease the decryption/encryption processing in AP, if both are used, throughput can be highly improved. Hu Junling

9 Solution 1 (for use case 2 and 3)
May 2008 Solution 1 (for use case 2 and 3) For use case 2, a reserved bit in KeyID octet can be used to indicate that the frame is protected by station to station keys. Rsvd 5 bits (b0-b4) Ext IV (b5) Key ID (b6b7) Rsvd 4 bits (b0-b3) STSL Key Ind (b4) Ext IV (b5) Key ID (b6b7) 0: Normal 1: Protected by STK WPA defined that KeyID value 0 is used for PTK and values 1 to 3 are used for GTK, but WPA also suggest that value 3 is reserved. So we can define the value 3 of KeyID for station to station keys. Rsvd 5 bits (b0-b4) Ext IV (b5) Key ID (b6b7) 00: PTK 01, 10: GTK 11: STK Hu Junling

10 Solution 2 (for use case 1)
May 2008 Solution 2 (for use case 1) For use case 1 (AP does not support Security), some new TDLS Packet Type values will be added into table z1 for tunneled frame in 11z draft 1.0. 4-way handshake can be implemented through AP path in tunnel or through direct link path. Since the AP does not support security, the SMK was setup manually or by other approachs which are out of the scope. TDLS Packet Type Value Meaning TDLS Setup Request 1 TDLS Setup Response 2 TDLS Setup Confirm 3 TDLS Teardown Request 4 TDLS Teardown Response 5 TDLS DL Path Switch Request 6 TDLS DL Path Switch Response 7 TDLS AP Path Switch Request 8 TDLS AP Path Switch Response 9 Peer Traffic Indication 10 Tunneled EAPOL request 11-14 Tunneled 4-way handshake message 1 to 4 15 – 254 reserved 255 Tunneled security data frame protected by STK New Table Z2 Hu Junling

11 May 2008 Straw poll Do you think it is a practical method using STK to protect data frames in both direct path and AP path in the use case 1? Yes/No/Abstain: Do you think it is a effective method using STK to protect data frames in AP path to decrease the burden of the AP in use case 2 and 3? Use case 2: Yes/No/Abstain: Use case 3: Yes/No/Abstain: Hu Junling

12 May 2008 Thanks! Hu Junling

Download ppt "Extended Usage of STKSA"

Similar presentations

Doc.: IEEE 802.19-08/0021r2 Submission July 2008 Jing Zhu, Intel CorporationSlide 1 IEEE 802 Air-Interface Support for Co- Located Coexistence Notice:

Doc.: IEEE /0021r2 Submission July 2008 Jing Zhu, Intel CorporationSlide 1 IEEE 802 Air-Interface Support for Co- Located Coexistence Notice:
Doc.: IEEE 802.19-12/0129r2 Submission July 2012 Mika Kasslin, NokiaSlide 1 How to accommodate different CE-CM interaction approaches in IEEE 802.19.1?

Doc.: IEEE /0129r2 Submission July 2012 Mika Kasslin, NokiaSlide 1 How to accommodate different CE-CM interaction approaches in IEEE ?
Submission doc.: IEEE 802.19-15/XXXXr0 Month Year John Doe, Some CompanySlide 1 Insert Presentation Title Here Date: YYYY-MM-DD Authors: Notice: This document.

Submission doc.: IEEE /XXXXr0 Month Year John Doe, Some CompanySlide 1 Insert Presentation Title Here Date: YYYY-MM-DD Authors: Notice: This document.
Doc.: IEEE 802.11-07/2797r00 Submission Oct 2007 Jiyoung et al. Path Selection and Path Switch Mechanism Notice: This document has been prepared to assist.

Doc.: IEEE /2797r00 Submission Oct 2007 Jiyoung et al. Path Selection and Path Switch Mechanism Notice: This document has been prepared to assist.
Submission doc.: IEEE 802.19-15/0073r0 September 2015 Alaa Mourad, BMW GroupSlide 1 Wireless Coexistence in the Automotive Environment – Interest group.

Submission doc.: IEEE /0073r0 September 2015 Alaa Mourad, BMW GroupSlide 1 Wireless Coexistence in the Automotive Environment – Interest group.
Doc.: IEEE 802.11-09/0072r0 Submission January 2009 Slide 1 Proxy ARP Issue for Direct Link Setup Notice: This document has been prepared to assist IEEE.

Doc.: IEEE /0072r0 Submission January 2009 Slide 1 Proxy ARP Issue for Direct Link Setup Notice: This document has been prepared to assist IEEE.
Doc.: IEEE 802.11-07/2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: 2007-12-07 Authors:

Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
Peer Power Save Mode Date: Authors: March 2008 March 2008

Peer Power Save Mode Date: Authors: March 2008 March 2008
STAKey Design Flaws Date: Jesse, Shlomo, Suman

STAKey Design Flaws Date: Jesse, Shlomo, Suman
Use of KCK for TGr Management Frame Protection

Use of KCK for TGr Management Frame Protection
Extended Usage of STKSA

Extended Usage of STKSA
June 2006 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Proposed Scenarios for Usage Model Document.

June 2006 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Proposed Scenarios for Usage Model Document.
Multicast Scope Date: Authors: September 2006 Month Year

Multicast Scope Date: Authors: September 2006 Month Year
Fair and protected DLS July 2007 Date: LG Electronics

Fair and protected DLS July 2007 Date: LG Electronics
TDLS Inconsistent Security Problem

TDLS Inconsistent Security Problem
TDLS Setup Date: Authors: Mar 2008 September 2007

TDLS Setup Date: Authors: Mar 2008 September 2007
Long SlotTime Option for RTS/CTS Procedure

Long SlotTime Option for RTS/CTS Procedure
TDLS TPK Handshake Date: Authors: May 2010 May 2010

TDLS TPK Handshake Date: Authors: May 2010 May 2010
<month year> <doc.: IEEE doc> January 2013

<month year> <doc.: IEEE doc> January 2013
Submission Title: [Extend-Superframe and Extend-GTS Structure]

Submission Title: [Extend-Superframe and Extend-GTS Structure]

Similar presentations

Ads by Google