Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Published byValerie Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd."— Presentation transcript:

1 doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata, Ontario K2K 3J1 +1 613 2871948Rob.sun@huawei.com Performance Analysis of 802.11 authentication and authorization Date: 2011-11-15 Slide 1 Authors: Rob Sun etc, Huawei. Jan 2012

2 doc.: IEEE 802.11-12/0041r1 SubmissionSlide 2 Abstract Rob Sun etc, Huawei. This proposal provides analysis of primary delay contributors within RSNA security protocol in accordance with IEEE 802.11i. Jan 2012

3 doc.: IEEE 802.11-12/0041r1 Submission Conformance w/ TGai PAR & 5C Rob Sun etc, Huawei.Slide 3 Conformance QuestionResponse Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11? No Does the proposal change the MAC SAP interface?No Does the proposal require or introduce a change to the 802.1 architecture?No Does the proposal introduce a change in the channel access mechanism?No Does the proposal introduce a change in the PHY?No Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3 Jan 2012

4 doc.: IEEE 802.11-12/0041r1 Submission IEEE 802.11 EAP Authentication and Authorization Delay Contributors EAP Authentication Phases – EAPOL handshake – EAP specific methods Authentication and Key establishment Key Agreement Key Generation Key Transport – 4-Way handshake Rob Sun etc, Huawei.Slide 4 Jan 2012

5 doc.: IEEE 802.11-12/0041r1 Submission.11 EAPOL Handshake Purpose: To initiate the EAP/802.1X based authentication; Components: - EAPOL Start (STA ->AP) - EAPOL Identity Request (AP ->STA) - EAPOL Identity Response (STA ->AP) - EAPOL success/failure (AP ->STA) Primary Delay Contributors T1: - air time transmission Rob Sun etc, Huawei.Slide 5 Jan 2012

6 doc.: IEEE 802.11-12/0041r1 SubmissionRob Sun etc, Huawei.Slide 6 DIFS CW Preamble Data SIFS Preamble Data Message Frame ACK Frame SIFS = 16 us; DIFS = 34 us; CW = 67.5 us; (average of CWmin); Preamble:= L-STF (8us)+L-LTF(8us)+L-SIG(4us)+HT-SIG(8us)+HT-STF(4us)+HT-LTF(4us) = 36 us; Data rate = 6.5 Mbps; (MCS0 in 802.11n) Results: EAPOL start air time = 369.1us EAPOL identity request = 369.1us EAPOL identity response = 1476.8 us EAPOL success =369.1us Total T1= 2584 us =2.5ms Reference: Draft P802.11REVmb_D12.0 Air Time of 802.1X EAPOL messages Jan 2012

7 doc.: IEEE 802.11-12/0041r1 Submission EAP Authentication and Key establishment Purpose : To provide the mutual authentication and RSNA key establishment Components : EAP Specific Authentication - Different EAP methods are examined for delay comparison Hypothesis : PSK based EAP methods consumes less key establishment time than X.509 certificate based pair-wise key establishment ( reference: RFC 5216, and FIPS SP 800 56A). Primary Delay Contributor T2: - X.509 certificate verification delay - Key generation delay - Handshake Delay (Air time + Wired Delay) Note1: All EAP methods are assumed using minimum 4 message handshake as per RFC 5216 Note 2: Wired Delay is non negligible but wasn’t calculated Rob Sun etc, Huawei.Slide 7 Jan 2012

8 doc.: IEEE 802.11-12/0041r1 Submission Performance of various EAP methods and EAP-PSK methods Testing Environment: Server and Client Side: – CPU: PIII 550Mhz – RAM: 256M – OS: Windows XP – HD: 40G – Simulation Software: OpenSSL (Open source toolkit for TLS) – # of Iterations: 100,000 Rob Sun etc, Huawei.Slide 8 Jan 2012

9 doc.: IEEE 802.11-12/0041r1 Submission Client and Server processing time Both Client and Server processing time including the following operations – Initialization – Key Processing – Signature Processing Tested Candidates: 1) EAP-PSK (RFC 4764) 2) EAP-TLS w/ cipher suites of DHE-DSS-1024 3) EAP-TLS w/ cipher suites of RSA 1024 (PKCS #1) – For DHE-DSS-1024 with mutual authentication – For RSA 1024 with server authentication Rob Sun etc, Huawei.Slide 9 Jan 2012

10 doc.: IEEE 802.11-12/0041r1 Submission Client and Server processing time Rob Sun etc, Huawei.Slide 10 EAP Methods Client Processing time (ms)Server Processing Time (ms) EAP-PSK4.83375 EAP-TLS (DHE-DSS-1024)198.8564 EAP-TLS (RSA-1024)9.86979627.568796 Jan 2012

11 doc.: IEEE 802.11-12/0041r1 Submission 4-Way Handshake Processing Time Purpose: To establish the trust and derive the over- the-air session keys between STA and AP Component: – Initialization (Nonce generation) – MIC calculation – KDF function – 4 EAPOL key messages Primary delay contributors T3: - KDF function - Handshake air time Note: same testing environment Rob Sun etc, Huawei.Slide 11 4 WAY handshake Processing Time (ms) Initialization0.635518 KDF functions and MIC5.03574 Air time1.22 Total6.891258 Jan 2012

12 doc.: IEEE 802.11-12/0041r1 Submission Conclusion Total Time consumed by RSNA authentication and key establishment is: 802.1X EAPOL over the air handshake contributes minimum in overall delay ( T1<3ms) 4 way handshake doesn’t contribute major delay (T3<7ms) Major delay contributor is from EAP authentication with chosen methods (T2) – Potential Reasons 1) Certificates verification 2) Finite Field Prime number modular calculation and DLC calculation EAP-PSK demonstrates ideal performance in key establishment and is suitable for FILS authentication (with <20ms). EAP-TLS with X.509 certificate based authentication options and key establishment imposes tight time budget in satisfying the performance objectives of TGai. Rob Sun etc, Huawei.Slide 12 RSNA authentication T1 (ms) T2 in Client(ms) T2 in Server(ms)T3(ms) Total in client (ms) Total in Server (ms) Total in Serialized operation (ms) EAP-PSK2.5844.83375 6.89125814.309008 19.142758 EAP-TLS(DHE-DSS-1024)2.584198.8564 6.891258208.331658 407.188058 EAP-TLS(RSA 1024)2.5849.86979627.5687966.89125819.34505437.04405446.91385 Jan 2012

13 doc.: IEEE 802.11-12/0041r1 Submission Further discussion Even though the choice of EAP methods are out of scope of IEEE 802 working group, would it be necessary to promote EAP-PSK as the candidate for the FILS authentication specific method? DHCP and DNS are both the major contributors of the delay, pre-establishment should be ideal for TGai. Rob Sun etc, Huawei.Slide 13 Jan 2012

14 doc.: IEEE 802.11-12/0041r1 Submission References RFC 5216 RFC 4764 RFC 2246 and RFC 2246-bis-13 Draft P802.11REVmb_D12.0 FIPS SP 800 56A FIP 140-2 annex C RSA PKCS #1 Rob Sun etc, Huawei.Slide 14 Jan 2012

15 doc.: IEEE 802.11-12/0041r1 Submission Performance of Public-Key Cryptograph Reference: I. Branovic, R. Giorgi, E. Martinelli, "Memory Performance of Public-Key cryptography Methods in Mobile Environments", ACM SIGARCH Workshop on MEmory performance: DEaling with Applications, systems and architecture (MEDEA-03), New Orleans, LA, USA, Sept. 2003, pp. 24-31. Jan 2012 Rob Sun etc, Huawei.Slide 15

16 doc.: IEEE 802.11-12/0041r1 Submission Questions & Comments Slide 16Rob Sun etc, Huawei. Jan 2012

Download ppt "Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd."

Similar presentations

Doc.: IEEE 802.11-12/1281r1 Submission NameAffiliationsAddressPhoneemail Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1281r1 Submission NameAffiliationsAddressPhone Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-11/1436r0 Submission NameAffiliationsAddressPhoneemail Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE 802.11-11/0780r1 Submission NameAffiliationsAddressPhoneemail Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.

Doc.: IEEE /0780r1 Submission NameAffiliationsAddressPhone Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.
Doc.: IEEE 802.11-12/0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: 2012-05-04 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
TGai FILS Authentication Protocol

TGai FILS Authentication Protocol
Doc.: IEEE 802.11-11/1498-01-00ai Submission NameAffiliationsAddressPhoneemail Phillip BarberHuawei Technologies Co., Ltd. 1700 Alma Rd, Ste 500 Plano,

Doc.: IEEE / ai Submission NameAffiliationsAddressPhone Phillip BarberHuawei Technologies Co., Ltd Alma Rd, Ste 500 Plano,
Submission doc.: IEEE 11-12-0406-03-00ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for 802.11ai Passive Scanning.

Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE 802.11-12/933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: 2012-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/1042r3 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /1042r3 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE 802.11-12/1042 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,

Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE 802.11-12/0249r0 Submission March 2012 Slide 1Lin Cai et al,Huawei. Differentiated Association Service Provisioning in WiFi Networks Date: 03/02/2012.

Doc.: IEEE /0249r0 Submission March 2012 Slide 1Lin Cai et al,Huawei. Differentiated Association Service Provisioning in WiFi Networks Date: 03/02/2012.
Doc.: IEEE 802.11-12/0039r0 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.

Doc.: IEEE /0039r0 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.
Doc.: IEEE 802.11-12/1054r0 Submission Sep. 2012 Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: 2012-09-07 Authors:

Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE 802.11-11/1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: 2011-11-02 Authors:

Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: Authors:
Doc.: IEEE 802.11-12/0257r1 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /0257r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE 802.11-12/0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: 2012-01-12 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-11/0977r2 Submission NameAffiliationsAddressPhoneemail Hitoshi MORIOKA ROOT INC.2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN +81-92-771-

Doc.: IEEE /0977r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN

Similar presentations

Ads by Google