Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Published byEmma Simmons Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

2 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation makes the case for formation of a Study Group on Enhanced Security for 802.11.

3 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 3 802.11 Security is Not Complete Enterprise security is there but we have failed to provide technology to secure other use cases. –Attacks against known flaws generate bad press for 802.11 Its either simple to deploy or secure, but not both. Updates to 802.11 security are needed –Faster and more efficient algorithms –Enhancements to prevent known and published attacks– allow for passwords to be used securely. –Improvements to support more usable, robust and secure 802.11 networks. There is a market for deployments that are problematic today –No 802.1x, no centralized AAA server –Easy to configure, easy to deploy, robust but is still secure –Secure password-based authentication

4 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 4 What is the Problem? New ciphers have been designed that are better than CCM, the one used in 802.11 today. –GCM: provides higher throughput and less power consumption than CCM –SIV: provides misuse-resistance and is more generally useful than CCM. Strong security is only possible when using 802.1x but that is not appropriate for all use cases and is complex to deploy. –Passwords are easy to use but 802.11 does not define how to use them securely. –There is a market for peer-to-peer applications but 802.1x is a pure client/server protocol. –Other organizations want to address these shortcomings but their attempts are complicated, insecure, or both. There is at least one feature in 802.11 that needs security but no existing Task Group has the scope to take on that work. IEEE 802.11 does not have a way to add small featurettes such as these to the standard.

5 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 5 Whats the Solution? A Study Group to define a PAR and 5C for a new Task Group that will address these issues. –Define how GCM and SIV are used to protect an 802.11 frame. –Define how to use a secure password-authenticated key exchange from TGs more generally in 802.11, for ESS, IBSS, mesh, and any other peer-to-peer application. –Develop a peer-to-peer variant of an existing certificate-based key exchange (e.g. DHKE-1) that is appropriate for ESS, IBSS, mesh, and any other peer-to-peer application. –Address the security of TGvs location service. Most of this has already been developed, it just needs to be defined for 802.11 –A constrained scope would ensure timely results.

6 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 6 Whats the Benefit and Why Should I Care? Network deployment can be simple yet secure if: –Passwords are used with a protocol implementing a zero-knowledge proof. This would be resistant to attack where RSN PSK is not. –Authentication is done using authentication frames! –Protocols are specified in a peer-to-peer fashion. –STAs can authenticate each other directly, no AAA needed! Less power consumption means longer battery life, and its green. 802.11 will be applicable for more use cases while still providing strong security. This improves the end-user experience and customer experience with 802.11 gear which can result in better and wider deployments of 802.11 which benefits us all!

7 doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 7 References NIST SP800-38D P. Rogaway and T. Shrimpton, Deterministic Authenticated Encryption, A Provable Security Treatment of the Key-Wrap Problem, Advances in Cryptology– EUROCRYPT 06, St. Petersburg, Russia, 2006. RFC 5297 D. Harkins, Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks, Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, Cap Esterel, France, 2008. V. Shoup, On Formal Models for Secure Key Exchange. ACM Computer and Communications Security Conference, 1999.

Download ppt "Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Sg-whitespace-09/0002r0 Submission January 2009 Steve Shellhammer, QualcommSlide 1 Possible TV White Space Coexistence Tasks Date: 2009-01-06 Authors:

Sg-whitespace-09/0002r0 Submission January 2009 Steve Shellhammer, QualcommSlide 1 Possible TV White Space Coexistence Tasks Date: Authors:
Doc.: IEEE 802.11-09/0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: 2009-01-19 Authors:

Doc.: IEEE /0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: Initiate An Exercise for Generating a 21a Document Date Submitted: September 21, 2009.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: Initiate An Exercise for Generating a 21a Document Date Submitted: September 21, 2009.
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Doc.: IEEE 802.11-10/0156r0 Submission January 2010 Ashish Shukla, MarvellSlide 1 Reorganizing Mesh Channel Switch Announcement Text Date: 2010-01-21 Authors:

Doc.: IEEE /0156r0 Submission January 2010 Ashish Shukla, MarvellSlide 1 Reorganizing Mesh Channel Switch Announcement Text Date: Authors:
Secure Pre-Shared Key Authentication for IKE

Secure Pre-Shared Key Authentication for IKE
Submission doc.: IEEE 11-12/0553r0 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: 2012-05-04 Authors:

Submission doc.: IEEE 11-12/0553r0 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: Authors:
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: 2013-05-07 Authors:

Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: Authors:
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Submission doc.: IEEE 11-10/0443r0 March 2014 Jarkko Kneckt, NokiaSlide 1 What Is P2P Traffic in HEW Simulation Scenarios? Date: 2014-03-20 Authors:

Submission doc.: IEEE 11-10/0443r0 March 2014 Jarkko Kneckt, NokiaSlide 1 What Is P2P Traffic in HEW Simulation Scenarios? Date: Authors:
Doc.: IEEE 802.11-09/0391r0 Submission March 2009 Carlos Cordeiro, Intel CorporationSlide 1 Implications of usage models on TGad network architecture Date:

Doc.: IEEE /0391r0 Submission March 2009 Carlos Cordeiro, Intel CorporationSlide 1 Implications of usage models on TGad network architecture Date:
Doc.: IEEE 802.11-08/0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: 2008-05-12 Authors:

Doc.: IEEE /0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: Authors:
Doc.: IEEE 802.11-10/1317r1 Submission November 2010 B.Carney, OakTree WirelessSlide 1 “L 3 ” * Update From September Date: 2010-11-09 Authors: *LONGER.

Doc.: IEEE /1317r1 Submission November 2010 B.Carney, OakTree WirelessSlide 1 “L 3 ” * Update From September Date: Authors: *LONGER.

Similar presentations

Ads by Google