Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Published byCollin Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

2 doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation describes a proposed FILS authentication protocol.

3 doc.: IEEE 802.11-11/1429r2 Submission Conformance with TGai PAR & 5C January 2012 Dan Harkins, Aruba NetworksSlide 3 Conformance QuestionResponse Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11? No Does the proposal change the MAC SAP interface?No Does the proposal require or introduce a change to the 802.1 architecture? No Does the proposal introduce a change in the channel access mechanism? No Does the proposal introduce a change in the PHY?No Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (Re-)establishment, exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment. 3

4 doc.: IEEE 802.11-11/1429r2 Submission Otway-Rees: Authentication with a TTP Classic 3-party protocol Players: –Alice, a client/peer with identity A –Bob, a server/peer with identity B –Trent, the trusted 3 rd party with identity T Assumptions: –Alice shares a key with Trent, K at –Bob shares a key with Trent, K bt Notation: –{X}y is wrapping message X with key y –g x is a Diffie-Hellman exponential, generator g raised to power x –Nx is a nonce, a random number, contributed by party x –sess is a session identifier –X  Y means X sends to Y January 2012 Dan Harkins, Aruba NetworksSlide 4

5 doc.: IEEE 802.11-11/1429r2 Submission “Otway-Rees” with Key Confirmation A  B: A, B, sess, {Na, A, B, sess} K at B  T: B, A, sess, {Nb, B, A, sess, {Na, A, B, sess} K at } K bt B  T: sess, {Nb, Na, Kab, {Na, Nb, K ab }K at }Kbt A  B: sess, {Na, Nb, K ab }K at K ab-mac | PMK = KDF(Na | Nb, K ab ) A  B: HMAC(K ab-mac, sess | MAC-A | MAC-B) A  B: HMAC(K ab-mac, sess | MAC-B | MAC-A) K ab-ccm = KDF(PMK, sess, min(MACS), max(MACS)) January 2012 Dan Harkins, Aruba NetworksSlide 5

6 doc.: IEEE 802.11-11/1429r2 Submission “Otway-Rees” with Key Confirmation Nonces provide a proof of “liveness” to the resulting shared key Embedding Alice’s messages in Bob’s thwarts certain cut-and-paste attacks Final two messages provide proof-of-possession K ab Trent, the trusted third party, is a key distributor –Someone else besides Alice and Bob know their secret –Trent is solely responsible for creating the secret If either Alice’s or Bob’s long-term secret is compromised, then all past sessions can be exposed –Lacks Perfect Forward Secrecy (PFS) January 2012 Dan Harkins, Aruba NetworksSlide 6

7 doc.: IEEE 802.11-11/1429r2 Submission Authentication Using a TTP– Adding PFS Use Diffie-Hellman exchange to derive a unique session key Use Trent to authenticate the exchange, not be a key distributor Diffie-Hellman exchange provides Perfect Forward Secrecy– if Alice’s or Bob’s long term secret is compromised, past sessions remain confidential and secure. January 2012 Dan Harkins, Aruba NetworksSlide 7

8 doc.: IEEE 802.11-11/1429r2 Submission Authentication Using a TTP– Adding PFS A  B: A, sess, Na, {A, B, sess, g a } K at B  T: B, sess, {B, A, sess, g b, {A, B, sess, g a }K at } K bt B  T: sess, {B, A, sess, g b, g a, {A, B, sess, g a, g b }K at }K bt, A  B: sess, Nb, {A, B, sess, g a, g b }K at (g b ) a = g ab = (g b ) a K ab-mac | PMK = KDF(Na | Nb, g ab ) A  B: HMAC(K ab-mac, sess | MAC-A | MAC-B) A  B: HMAC(K ab-mac, sess | MAC-B | MAC-A) K ab-ccm = KDF(PMK, sess, min(MACS), max(MACS)) January 2012 Dan Harkins, Aruba NetworksSlide 8

9 doc.: IEEE 802.11-11/1429r2 Submission Authentication Using a TTP– Adding PFS Diffie-Hellman exponentials in wrapped content provide the “liveness” proof to the exchange Embedding messages from/for Alice into Bob’s messages helps thwart cut-and-paste attacks Alice knows Bob created g b and Bob knows Alice created g a (because Trent said so), and they both know that the only entities that can know g ab are themselves Final two messages provide proof-of-possession of g ab Generation of a CCMP (GCMP!) key for initial use and a PMK for subsequent use January 2012 Dan Harkins, Aruba NetworksSlide 9

10 doc.: IEEE 802.11-11/1429r2 Submission Putting FILS Authentication Using a TTP Into 802.11 Authenticated Diffie-Hellman between Alice and Bob is four messages– two for the interaction with Trent, and two to prove possession of the resulting shared secret. –Use 802.11 authentication frames for first two –Use 802.11 association frames for second two Fits in nicely with 802.11 state machine –Discovery is through Beacons and Probe responses –State 0 to State 1 transition is using authentication frames –State 1 to State 2 transition is using association frames –STA could associate with multiple APs while associated with another Can put other things, like DHCP Request/Response, into 802.11 Association Request/Response January 2012 Dan Harkins, Aruba NetworksSlide 10

11 doc.: IEEE 802.11-11/1429r2 Submission Putting FILS Authentication Using a TTP Into 802.11 January 2012 Dan Harkins, Aruba NetworksSlide 11 802.11 beacon/probe response 802.11 authentication request 802.11 authentication response 802.11 association request 802.11 association response FILS-TTP authentication request FILS-TTP authentication response STAid, sess, {blob}sta-ttp TTPid, APid APid, sess, {blob}ap-ttp sess, {blob}ap-ttp sess, {blob}sta-ttp H(K, sess | MAC-STA | MAC-AP) H(K, sess | MAC-AP | MAC-STA) STAAPTTP

12 doc.: IEEE 802.11-11/1429r2 Submission Putting FILS Authentication Using a TTP Into 802.11 Fast! –Only operations using asymmetric cryptography invole the Diffie- Hellman key exchange –PFS is optional! –The TTP does not do any computationally intensive action! Use state-of-the-art crypto –Use RFC 5297 for wrapping/unwrapping of blobs –Use RFC 5869-style “extract-the-expand” KDF –Works with elliptic curve as well as finite field cryptography Communication with Trent: –Use existing infrastructure: RADIUS or DIAMETER. January 2012 Dan Harkins, Aruba NetworksSlide 12

13 doc.: IEEE 802.11-11/1429r2 Submission Properties of FILS Authentication Using a TTP Perfect Forward Secrecy: Yes, optionally Mutual Authentication: Yes Key Generation: Yes Identity Protection: No Protection against DDOS attacks: No Crypto-agility: Yes Negotiation of crypto capabilities: Yes January 2012 Dan Harkins, Aruba NetworksSlide 13

14 doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 14 References

Download ppt "Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:"

Similar presentations

Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-11/1521r2 Submission January 2012 Marc Emmelmann, FOKUSSlide 1 AP and Network Discovery Enhancements Date: 2012-01-17 Authors:

Doc.: IEEE /1521r2 Submission January 2012 Marc Emmelmann, FOKUSSlide 1 AP and Network Discovery Enhancements Date: Authors:
Doc.: IEEE 802.11-11/1436r0 Submission NameAffiliationsAddressPhoneemail Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: IEEE 802.11-11/1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2011-11-01 Authors:

Doc.: IEEE /1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE 802.11-12/0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: 2012-05-04 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE 11-12-0406-03-00ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for 802.11ai Passive Scanning.

Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE 802.11-11/0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: 2011-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1

Doc.: IEEE /0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1
Doc.: IEEE 802.11-12/933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: 2012-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/1042r3 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /1042r3 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE 802.11-12/1042 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,

Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE 802.11-12/1054r0 Submission Sep. 2012 Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: 2012-09-07 Authors:

Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE 802.11-11/1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: 2011-11-02 Authors:

Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: Authors:
Doc.: IEEE 802.11-12/0257r1 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,

Doc.: IEEE /0257r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: 2014-01-15 Authors:

Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: Authors:
Doc.: IEEE 802.11-12/0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: 2012-01-12 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-11/0977r2 Submission NameAffiliationsAddressPhoneemail Hitoshi MORIOKA ROOT INC.2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN +81-92-771-

Doc.: IEEE /0977r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN

Similar presentations

Ads by Google