Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Published byElla Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel."— Presentation transcript:

1 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel Corporation

2 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 2 Agenda Motivation Proposal Issues Q&A

3 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 3 Motivation Availability = the most important security attribute for commercial applications –Hence, important to protect against DoS when possible Well known that attacker can disconnect a STA by forging Disassociation or Deauthentication Well known that unprotected Reassociation coupled with IAPPs introduce new DoS attack –Attacking STA sends Reassociation Request to new AP –New AP sends IAPP message to old AP –Old AP disconnects real STA

4 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 4 Proposal Overview Use CCMP or TKIP to protect Reassociate, Disassociation, and Deauthentication messages –Doc 04/264 proposes similar approach to protect Action Frames If keys can be put in place prior to AP-to- AP transition, this can work –Doc 04/476 proposes mechanism to put CCMP/TKIP keys in place

5 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 5 Protected Mgmt Frame Format Original Mgmt Frame: Mgmt frame body Protected Mgmt Frame: MICMgmt frame body802.11i header IV Key ID IV used as frame sequence space to defeat replay Authenticated by MIC Cryptographic Message Integrity Code to defeat forgeries Use the same cryptographic algorithm selected for Data MPDUs Encrypted 802.11 hdrFCS Encryption used to provide confidentiality FCS802.11 hdr

6 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 6 Protected Frame Bit Protected Frame (“WEP bit”) Subfield of the 802.11 Frame Control Field indicates whether the Management Frame is protected or unprotected –“Protected Frame” bit = 1 for Protected Management Frame – “Protected Frame” bit = 0 for Unprotected Management Frame

7 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 7 Negotiation AP sets RSN capabilities bit if it supports Protected Mgmt Messages; clears bit otherwise –RSN IE advertised in Beacons, Probe Responses STA sets RSN capabilities bit if AP set it and if STA supports Protected Mgmt Messages; clears bit otherwise –Needed for backward compatibility AP and STA use Protected Mgmt Messages only if both agree to use it

8 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 8 Cryptographic Key Scheme requires that a PTK be established for CCMP or for TKIP MM IE key = TK portion of PTK –Doc 04/476 suggests a way to put PTK in place Reassociation, Disassociation, Deauthentication use the same TK and cipher suite as data

9 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 9 Replay Protection Transmitter uses next CCMP PN or TKIP TSC as the IV/Extended IV –Use sequence number given by PN/TSC to protect payload and increment counter Each receiver implements a new receive counter for management frames –New counter initialized to zero –Sequence number in received protected management frame compared with new counter value –If received sequence number does not exceed last valid value, discard the frame as a replay –If received sequence number exceeds last valid value and management frame validates correctly, accept packet and set counter value to received sequence number value Note: Receive counter is shared with Protected Action Frames, doc 04/264

10 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 10 Usage Can only be used if both systems support CCMP or TKIP If an AP or STA have agreed to protect mgmt frames and have established a fresh PTK with its peer, it shall protect: –Reassociate Request Frame –Reassociate Response Frame –Disassociation Frame –Deauthentication Frame –And shall require its peer to include MM IE as well If an AP or STA has not established a fresh PTK or agreed to protect mgmt frames, it shall not protect these messages In case of synchronization loss, the STA may – Associate to resynchronize, i.e, STA and ESS must undergo full reauthentication and PMK establishment –Re-establish a fresh PTK via some other channel

11 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 11 Issues Depends on a mechanism to provision fresh PTKs prior to reassociation –Example: doc 04/476 “Pre-keying” Negotiation dependent on pre-keying like mechanism –Necessary to negotiate via RSN IE during PTK set up Does not tolerate reordering among Protected Action Frames, Reassociate Frames, Disassociation Frames, Deauthentication Frames, and Protected Action Frames –All use the same replay counter Don’t know whether encryption of message payload will cause problems for 802.11 implementations Must prevent TK reuse –If any data replay counter for this TK is non-zero when Reassociate message received, then TK has been used already If Protected Mgmt frames in use and STA declines use, AP must either –Reject STA Reassociate Requests or –Delay IAPP messages until STA demonstrates possession of the PTK

12 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 12 Q&A Is there anything new here? –No; essentially a restructuring of ideas presented in TGi Then why bring it up again? –A proposal exists to puts keys in place at a suitable time (04/476) Why not an “Integrity IE” instead of reusing CCMP/TKIP? –Would require separate key for protected mgmt messages and other frames –Would require separate replay counter for Protected Management Messages and other frames –The scheme would have to be designed and reviewed from scratch

13 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 13 Q&A Why is this proposal sound? –CCMP/TKIP PN/TSC usage allows key sharing between data and management messages –Important that same cipher and PN/TSC used for both! –Important that different replay counters used for both! Why not protect Association Request/Response as well? –802.11i does not instantiate a PMK in time Why not other Mgmt Messages? –04/264 already proposes same technique to protect Action Frames –Probes, Beacons not easily protectable – no keys in place –No value perceived in protecting other mgmt frames –And counter-productive to protect others (e.g. CTS, ACK, etc.)

14 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 14 Q&A Why is this work in scope for 802.11r? –It is related to transition –If TGr adopts a make-before-break architecture, security will be degraded unless Reassociation exchange is secured

15 doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 15 Feedback?

Download ppt "Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-08/1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-04 Authors:

Doc.: IEEE /1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE 802.11-08/1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-09 Authors:

Doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.

Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell Stanford University WiSE, Oct. 1, 2004.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell Stanford University WiSE, Oct. 1, 2004.
CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.

Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Submission August 2001 Nancy Cam-Winget, Atheros Slide 1 Rapid Re-keying WEP a recommended practice to improve WLAN Security Nancy Cam-Winget, Atheros.

Submission August 2001 Nancy Cam-Winget, Atheros Slide 1 Rapid Re-keying WEP a recommended practice to improve WLAN Security Nancy Cam-Winget, Atheros.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Doc.: IEEE 802.11-01/495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Doc.: IEEE 802.11-02/684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.

Doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.

Similar presentations

Ads by Google