Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Published byHailey Hunt Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

2 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 2 Abstract This document presents an idea to radically simplify the draft.

3 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 3 Security Architecture is Confusing There are many protocols– Abbreviated Handshake, MSA 4-way Handshake, SAE, MSA Initial Exchange, MSA Key Pulling, Mesh Key Holder Handshake, Peer Link Management The relationship between them is complex Fundamentally there are two models for mesh security being represented with these protocols: –An ad-hoc laissez-faire model where each device authenticates its peer(s) directly based upon its peer(s) credential(s). –A centralized model where each device authenticates, through the device with which it wants to establish a secure connection, to a centralized server which then distributes keys to both devices.

4 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 4 Centralized Mesh A mesh is, fundamentally, a peer-to-peer network. The centralized mesh attempts to overlay a client-server model on top of that. –Must use a peer-to-peer protocol, like the Peer Link Management protocol, to negotiate roles. –Once roles are established client-server protocols are used for authentication– MSA Initial Exchange (802.1x), MSA 4-way Handshake– to establish keys and bring up a session. This creates much complexity. –At least 18 decision points (perhaps more?) when the centralized mesh maintains key hierarchies. –At least 8 decision points when the centralized mesh uses a key distributor. –Multiple centralized key servers causes much more complexity. –There are race conditions that need to be addressed. This makes for a more fragile mesh. Topological changes can create islands of connectivity with no connection to the centralized key server. Two islands cannot connect until one of them discovers a connection to the centralized key server. The mesh forms more slowly and has trouble healing itself.

5 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 5 AbbrHS Peer discovered Shared an MKD? yes MKD identified? PMK available? Succeed? no yes PLM SAE succeeds AbbrHS Succeeds? yes no SAE preferred? MKD decided? EAP authentication 4WHS yes no Am I the authenticator? Have supplicants key? yes no Key pulled? yes MSA 4WHS/AbbrHS Need authentication? EAP succeeds? MSA 4WHS yes Initiate AbbrHS? AbbrHS Wait to respond to 4WHS no yes MSA 4WHS/AbbrHS Session Protocol Decisions with MSA Key Hierarchies (stolen from 11-08/1296r0) fail succeed fail succeed fail succeed fail no yes no fail yes no fail no Only 1 MKD? yes fail

6 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 6 Peer Discovery Do I share PMK with Peer? SAE or EAP? No SAE Succeeds? Yes Abbrev HS Succeeds? Yes Session Yes No SAE EAP PLM Succeeds? No Do I share MKD with Peer? Yes Key Pulling Succeeds? EAP Succeeds? Yes No Yes No Protocol Decisions with Key Distribution (stolen from 11-08/1296r0)

7 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 7 Laissez-Faire Mesh The mesh remains peer-to-peer –Authentication is peer-to-peer at 802.11 authentication time. –Session establishment is peer-to-peer post 802.11 authentication. Protocol decisions are much simpler. Its possible to be 802.11 authenticated to more than one mesh point. It is not necessary to throw away a PMK when the session is torn down (and session keys are thrown away). This brings up an interesting state diagram analogous to figure 11-6 in IEEE Std 802.11-2007

8 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 8 A State Representation that is Known and Understood Unauthenticated And Unassociated Authenticated And Unassociated Authenticated And Associated 802.11 authentication 802.11 association disassociation deauthentication SAE authentication Abbreviated Handshake Peer link close Key expiry or deauthentication No shared key And No peer link Shared key And No peer link Shared key And Peer link

9 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 9 Laissez-Faire Mesh Abbrev HS Succeeds? Session Do I share PMK with Peer? Did SAE succeed? Yes Peer Discovery Yes No Yes No Three decision points Simple to describe and simple to implement Short latency in establishing secure link Lower debugging and testing costs

10 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 10 The Modest Proposal… Greatly simplify the 11s draft by getting rid of the centralized mesh option. If mesh security is desired, use SAE and the Abbreviated Handshake; if its not use PLM

11 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 11 The Modest Proposal… What do we lose if we get rid of the centralized option? –Existing authentication infrastructure based on AAA technology will not be used for establishment of the mesh, but can continue to be used to authenticate users (its reason for existence). –A Passphrase/PSK is the only supported credential a mesh point can use to authenticate (unless we resurrect an older proposal for peer-to-peer authentication with certificates, which is not part of this modest proposal). –Revocation of a mesh points credential is problematic, especially if per- device credentials are not used. What do we gain if we get rid of the centralized option? –A much simpler and less confusing specification, elimination of many comments (there are around 190 on MSA alone!), and the probability of being done earlier. –A more robust mesh that forms faster and can heal itself faster in the event of unanticipated partition.

12 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 12 What Kind of Mesh Do You Envision? There are use cases for which the laissez-faire model works but the centralized model does not: –Small office/home-office mesh –A PDA meshing with a phone meshing with a baby monitor meshing with a digital video recorder (DVR) meshing with…. The laissez-faire model makes sense even in the deployments where a centralized model makes sense: –Emergency responder– why worry about access to an MKD when lives are at stake? –Metropolitan or enterprise mesh– the infrastructure can be built securely using SAE. While a AAA server probably exists the need to use it for device authentication is not very compelling. And nothing stops it from continuing to be used to authenticate clients (not MPs)!

13 doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 13 How about a straw poll? The TGs motto is: perfection is achieved not when there is nothing else to add but when there is nothing else to take away. Q: The centralized mesh option should be removed from the draft. - Yes: - No: - Unable to make an opinion either way:

Download ppt "Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-08/1326r1 Submission November 2008 Donald Eastlake 3rd, MotorolaSlide 1 TGs Process, November Date: 2008-11-13 Author:

Doc.: IEEE /1326r1 Submission November 2008 Donald Eastlake 3rd, MotorolaSlide 1 TGs Process, November Date: Author:
Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-09/0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: 2009-01-19 Authors:

Doc.: IEEE /0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: Authors:
Doc.: IEEE 802.19-10/0165r1 SubmissionPäivi Ruuska, NokiaSlide 1 Implementation aspects of a 802.19.1 coexistence system Notice: This document has been.

Doc.: IEEE /0165r1 SubmissionPäivi Ruuska, NokiaSlide 1 Implementation aspects of a coexistence system Notice: This document has been.
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Submission doc.: IEEE 11-12/0553r0 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: 2012-05-04 Authors:

Submission doc.: IEEE 11-12/0553r0 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: Authors:
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: 2013-05-07 Authors:

Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: Authors:
Doc.: IEEE 802.11-08/0115r0 Submissions January 2008 Gabor Bajko, NokiaSlide 1 Support for un-authenticated Emergency Services Date: 2008-01-11 Authors:

Doc.: IEEE /0115r0 Submissions January 2008 Gabor Bajko, NokiaSlide 1 Support for un-authenticated Emergency Services Date: Authors:
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-10/1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.

Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Submission doc.: IEEE 11-10/0443r0 March 2014 Jarkko Kneckt, NokiaSlide 1 What Is P2P Traffic in HEW Simulation Scenarios? Date: 2014-03-20 Authors:

Submission doc.: IEEE 11-10/0443r0 March 2014 Jarkko Kneckt, NokiaSlide 1 What Is P2P Traffic in HEW Simulation Scenarios? Date: Authors:
Doc.: IEEE 802.11-08/0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: 2008-05-12 Authors:

Doc.: IEEE /0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: Authors:
Doc.: IEEE 802.11-12/0898r2 Submission July 2012 Marc Emmelmann, FOKUSSlide 1 Fast Initial Service Discovery: An enabler for Self-Growing Date: 2012-07-16.

Doc.: IEEE /0898r2 Submission July 2012 Marc Emmelmann, FOKUSSlide 1 Fast Initial Service Discovery: An enabler for Self-Growing Date:
Doc.: IEEE 802.11-11/0877r0 Submission June 2011 802.11 WG Slide 1 TGs response to CN NB comments Date: 2011-06-17 Authors:

Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
Doc.: IEEE 802.11-13/1345r0 Submission November 2013 Jiamin Chen, HuaweiSlide 1 Dynamic Channel Transfer(DCT) Procedure for IEEE 802.11aj ( 60GHz New Technique.

Doc.: IEEE /1345r0 Submission November 2013 Jiamin Chen, HuaweiSlide 1 Dynamic Channel Transfer(DCT) Procedure for IEEE aj ( 60GHz New Technique.
Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:

Doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: Authors:

Similar presentations

Ads by Google