Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 1 IEEE 802.11i is Secure Date: 2010-05-11 Authors:

Published byJaydon Trees Modified over 9 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 1 IEEE 802.11i is Secure Date: 2010-05-11 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 1 IEEE 802.11i is Secure Date: 2010-05-11 Authors:

2 doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 2 Abstract This document outlines the IEEE 802 response to ISO/JTC1/SC6 on the WAPI NP process

3 doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 3 IEEE 802 provided input into the WAPI NP proposal voting and resolution process D ONDJFMAMJJASONDJFMAMJ Oct 09: N14123 WAPI NP proposal Feb 10: N14228 WAPI NP voting results Oct 10: N14436 Initial WAPI NP disposition Mar 11: N14620 Revised WAPI NP disposition Dec 09: N14142 IEEE 802 comments on WAPI NP proposal Jan 11: N14551 IEEE 802 comments on WAPI NP disposition 20092010J2011 Timeline of IEEE 802 participation

4 doc.: IEEE 802.11-11/0792r0 Submission Unfortunately, that input was ignored and is now being rejected May 2011 IEEE 802.11 WGSlide 4 D ONDJFMAMJJASONDJFMAMJ Oct 09: N14123 Justification of WAPI NP based on assertion that 802.11i is insecure Feb 10: N14228 Apparently IEEE 802 input was not considered in WAPI NP vote Oct 10: N14436 IEEE 802 input is ignored, incorrect claims about 802.11i are repeated Mar 11: N14620 IEEE 802 input is dismissed on the basis that it is too late! Dec 09: N14142 IEEE 802 rebuts all assertions regarding the claim of 802.11i insecurity Jan 11: N14551 IEEE 802 again rebuts all assertions regarding the claim o f 802.11i insecurity 20092010J2011 Timeline of IEEE 802 participation

5 doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 5 N14123: WAPI NP justification entirely based on assertion that 802.11i is insecure Single assertion to justify WAPI NP: –“It is a well known fact that current WLAN international standards contain serious security loopholes which need to be dealt with by enhanced security mechanisms.” Evidence to support this assertion: –“Can your neighbors router make yours sick?”– Hu, et al, 2008 –“A Wi-Fi virus outbreak? Researchers say it’s possible”– article in Network World, 2008 –“Practical Attacks Against WEP and WPA”– Beck and Tews, 2008 –“A Practical Message Falsification Attack on WPA”– Ohigashi and Morii, 2009

6 doc.: IEEE 802.11-11/0792r0 Submission N14142: IEEE 802 rebuts all claims of 802.11i insecurity “Can your neighbor’s router make yours sick?” –Assumes either no security, or WEP, on an AP. WEP has been deprecated in favor of 802.11i! Says nothing about 802.11i. “A Wi-Fi Virus Outbreak? Researchers say it’s possible” –Refers to paper by Hu et al– i.e. no security or WEP, not 802.11i “Practical Attacks against WEP and WPA” –WPA attack is against TKIP and its MIC, Michael, which is not a one-way function, and whose security is not assumed strong. TKIP was designed in 2003 with a 5 year expectation of validity. Paper says nothing about mandatory aspects of 802.11i (i.e. it addresses WPA not WPA2). “A Practical Message Falsification Attack Against WPA” –An improvement on paper above-- it’s WPA, no mention of WPA2 May 2011 IEEE 802.11 WGSlide 6

7 doc.: IEEE 802.11-11/0792r0 Submission N14228: Significant Lack of Consideration of IEEE 802 rebuttal during WAPI NP vote US NB –Two comments made challenging the statement that 802.11i is insecure (apparent consideration of IEEE 802 rebuttal). –Seven other substantive comments submitted. UK NB –Comments alluding to technical concerns. –Mostly focused on “standalone security issue”. No other NB submitted comments –Silence implies the rebuttal was not considered. May 2011 IEEE 802.11 WGSlide 7

8 doc.: IEEE 802.11-11/0792r0 Submission N14436: Repeats, and extends, invalid claims regarding 802.11i security IEEE 802 rebuttal of previous claims are completely ignored. Asserts that “Security loopholes in the current IS (ISO/IEC 8802-11) have been reported in the security literature”. Additional, new, unsubstantiated claims –WAPI can protect against fake STA/AP attacks and 802.11i cannot. –In N14123, N14399, N14402 and N14410 all “comprehensively address weaknesses in existing network security”. –Specific security problems were asserted during 802.11i fast track ballot in 2006. May 2011 IEEE 802.11 WGSlide 8

9 doc.: IEEE 802.11-11/0792r0 Submission N14551: IEEE 802 Rebuts New Claims of 802.11i insecurity Repetition of N14123 –Already addressed by N14142! Unfortunately N14142 was ignored. N14410 refers to IEEE 802.16 Security Issues: A Survey –This notes that security was not designed into IEEE 802.11-2003, says nothing about IEEE 802.11-2004 (or ISO/IEC 8802-11)! N14399, N14402 and N14410 make claims on lack of mutual authentication between STA, AP and AS –RFC4017-compliant EAP methods perform mutual authentication, the AP/AS distinction is logical and in many deployments does not apply, the 4-way Handshake confirms AS has disclosed PMK to AP and provides implicit authentication. Claims made during Fast Track Balloting of 802.11i –Same sort of non-mutual authentication assertions. May 2011 IEEE 802.11 WGSlide 9

10 doc.: IEEE 802.11-11/0792r0 Submission N14620: IEEE 802 Objections and Rebuttal of invalid claims of insecurity dismissed After ignoring comments, they are dismissed on the basis that the comment disposition is no longer concerned with the WAPI NP proposal! –“This comment is focusing on the Justification of ISO/IEC 20011, but it should be noted that the NP ballot has passed; the main comment and contribution in this state should be focused and changed to the editing and commenting of WD text.” Comments are ignored for an extended period of time and then dismissed as invalid because they are made too late! –This improper behavior is an insult to IEEE 802. May 2011 IEEE 802.11 WGSlide 10

11 doc.: IEEE 802.11-11/0792r0 Submission IEEE 802’s Current View of the Process is Best Summarized in Conclusion of N14551 IEEE 802 respectfully requests consideration: –… the fundamental justification for a WAPI NP in SC6 is based on the assertion that there are security loopholes or flaws in mandatory security components included in 802.11 (and its amendments). However, no valid or credible evidence has been provided to support this assertion. The reality is that mandatory security components included 802.11 have no known “security loopholes”. This statement is practically supported by the use of 802.11 in millions of systems worldwide, in high security applications, by governments, financial institutions, telecommunications providers, enterprises and consumers. IEEE 802 requests SC6 do not consider any assertions that mandatory security components included in 802.11 (and its amendments) are insecure when deciding whether to authorize the WAPI NP proposal. Alternatively, IEEE 802 invites any SC6 NB to provide valid and credible evidence to the 820.11 WG of “serious security loopholes”. May 2011 IEEE 802.11 WGSlide 11

12 doc.: IEEE 802.11-11/0792r0 Submission IEEE 802 Requests SC6 to Undertake Further Action Remove all existing, and unsubstantiated allegations regarding the security of 802.11i from official SC6 documents –Particularly the WAPI NP proposal and all associated comment dispositions. Provide credible evidence of security issues with mandatory features of 802.11i –Stop accepting unsubstantiated assertions regarding 802.11i security. Halt any new project activity whose justification relies on invalid assertions of security issues with 802.11i May 2011 IEEE 802.11 WGSlide 12

13 doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 13 References

Download ppt "Doc.: IEEE 802.11-11/0792r0 Submission May 2011 IEEE 802.11 WGSlide 1 IEEE 802.11i is Secure Date: 2010-05-11 Authors:"

Similar presentations

Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.19-05/0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.

Doc.: IEEE /0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
Doc.: IEEE 802.11-12/0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in 802.11 Date: 2012-01-16.

Doc.: IEEE /0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in Date:
Doc.: IEEE 802.11-08/0559r0 Submission May 2008 Terry L Cole, AMDSlide 1 WG Technical Editors Opening Report (May) Date: 2008-05-12 Authors:

Doc.: IEEE /0559r0 Submission May 2008 Terry L Cole, AMDSlide 1 WG Technical Editors Opening Report (May) Date: Authors:
Doc.: VC1_16112009_EC_P&P_Update-opening_r0.ppt Submission EC Update on LMSC Governance Date: November 16 th, 2009 Author: Matthew Sherman 1 st Vice Chair,

Doc.: VC1_ _EC_P&P_Update-opening_r0.ppt Submission EC Update on LMSC Governance Date: November 16 th, 2009 Author: Matthew Sherman 1 st Vice Chair,
The IEEE and International Standards Steve Mills July 2006 IEEE 802 Plenary.

The IEEE and International Standards Steve Mills July 2006 IEEE 802 Plenary.
Doc.: IEEE 802.15-01/081r0 Submission January 2001 Shoemake, Texas InstrumentsSlide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks.

Doc.: IEEE /081r0 Submission January 2001 Shoemake, Texas InstrumentsSlide 1 Project: IEEE P Working Group for Wireless Personal Area Networks.
Starting Planning for the 2010 Policy Key Issues Notes for the TAC Executive Committee April 8, 2009 Phil Hattis, AIAA VP for Public Policy.

Starting Planning for the 2010 Policy Key Issues Notes for the TAC Executive Committee April 8, 2009 Phil Hattis, AIAA VP for Public Policy.
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE 802.11-13/0908r1 Submission July 2013 Andrew Myles, CiscoSlide 1 IEEE 802 JTC1 SC closing report (July 13) Date: 2013-7-18 Authors:

Doc.: IEEE /0908r1 Submission July 2013 Andrew Myles, CiscoSlide 1 IEEE 802 JTC1 SC closing report (July 13) Date: Authors:
Doc.: IEEE 802.11-14/0424r0 Submission March 2014 Osama Aboul-Magd, Huawei TechnologiesSlide 1 HEW SG PAR and CSD Comments and Resolutions Date: 2014-03-18.

Doc.: IEEE /0424r0 Submission March 2014 Osama Aboul-Magd, Huawei TechnologiesSlide 1 HEW SG PAR and CSD Comments and Resolutions Date:
Doc.: IEEE 802.19-09-0061-00-tvws Submission September 2009 Stanislav Filin et al, NICTSlide 1 Comments to WS coexistence draft PAR Notice: This document.

Doc.: IEEE tvws Submission September 2009 Stanislav Filin et al, NICTSlide 1 Comments to WS coexistence draft PAR Notice: This document.
Doc.: 18-11/58r0 Submission July 2011 John Notor, Notor ResearchSlide 1 Summary of ITU-R Documents Notice: This document has been prepared to assist IEEE.

Doc.: 18-11/58r0 Submission July 2011 John Notor, Notor ResearchSlide 1 Summary of ITU-R Documents Notice: This document has been prepared to assist IEEE.
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.15-07-0656-00-wng0 Submission November, 2013 Pat Kinney, Kinney ConsultingSlide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE wng0 Submission November, 2013 Pat Kinney, Kinney ConsultingSlide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE 802.11-05/1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 1 Alternative Lock-up Solution Notice: This document has been prepared.

Doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 1 Alternative Lock-up Solution Notice: This document has been prepared.
Doc.: IEEE 802.11-10/1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.

Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Doc.: IEEE 802.11-11/0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: 2011-05-10 Authors: NameCompanyAddressPhoneemail.

Doc.: IEEE /0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: Authors: NameCompanyAddressPhone .

Similar presentations

Ads by Google