Doc.: IEEE 802.11-08-0317r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: Authors:
Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
Jesse Walker, keying requirements1 Suggested Keying Requirements Jesse Walker Intel Corporation
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Doc.: IEEE /1625r1 Submission November 2006 Braskich, et al Slide 1 Update to Efficient Mesh Security and Link Establishment Notice: This document.
Doc.: IEEE /0039r0 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: Authors:
IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc: IEEE xxx Submission March 2015 Jeongseok Yu et al., Chung-Ang University Project: IEEE P Working Group for Wireless Personal.
Doc.: r Submission March 2006 AllSlide 1 A method to refresh the keys hierarchy periodically Notice: This document has been prepared to.
Doc.: IEEE /0793r0 Submission May 2007 Robert Mosko witz, ICSAla bs Slide 1 PSK a Serious Risk for Mesh Formation Control Notice: This document.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:
Doc.: IEEE /1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.
Protocol Coexistence Issue in MSA Subsequent Authentication
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Relationship between peer link and physical link
Robust Security Network (RSN) Service of IEEE
Authentication and handoff protocols for wireless mesh networks
Overview of Key Holder Security Association Teardown Mechanism
Authentication and Key Management of MP with multiple radios
Mesh Security Proposal
Key Hierarchy Merge Status
PEKM (Post-EAP Key Management Protocol)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Improvement to TWT Parameter set selection
TGr Architectural Entities
(Man in the Middle) MITM in Mesh
Authentication and handoff protocols for wireless mesh networks
Overview of Changes to Key Holder Frame Formats
May 2007 MSA Comment Resolution Overview
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Update to Efficient Mesh Security and Link Establishment
Authentication and Key Management of MP with multiple radios
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Performance Analysis of authentication and authorization
Mesh Security Proposal
Different MKD domain MPs communication method
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Relationship between peer link and physical link
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Overview of Improvements to Key Holder Protocols
MSA Key Hierarchy Analysis and Alternatives
Overview of Improvements to Key Holder Protocols
Link Setup Flow July 2011 Date: Authors: Name Company
A method to refresh the keys hierarchy periodically
A method to refresh the keys hierarchy periodically
Presentation transcript:

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date: Authors:

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 2 Abstract This presentation states the secure association setup problem when the MP with multiple radios joins into the mesh network.

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 3 Agenda Problem Statement Suggestions

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 4 Current Secure association setup mechanism Step2: Authenticate with AS through MKD –Build the root of trust, i.e., MSK/PSK. Key derivation mechanism –Derive PMK-MKD to distribute session keys between MPs. –Derive MKDK to establish secure link between MP and MKD. Step1: Authentication Method & Role & Key Management type Negotiation Step2:Authentication through MKD & The key hierarchy setup Step3: PTK/GTK distribution 4-Way handshake to build session keys Probe/Beacon Secure communication Peer Link Management Initial Authentication if needed Supplicant Mesh Authenticator

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide s Key Hierarchy According to the current Key derivation mechanism –There will be multiple PMK-MKDs and MKDKs when the multiple radios MPs join the mesh network, because the MPs should have to use different SPA corresponding to different radio to differ the radios in order to derive PMK-MKD and MKDK. MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) –Multiple initial authentication procedures should have to be launched. Held by MKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held & Derived by Supplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD- Nonce||MA-ID||MKD-ID) PMK-MA PMK-MKD PTK MKDK MPTK-KD Key Distribution branch Link Security Branch

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 6 Disadvantages of multiple authentications Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. –The authentication credential may be used by multiple MPs simultaneously. Increase the air cost overhead when launching multiple times initial authentication

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 7 Agenda Problem Statement Suggestions

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 8 Solution Requirements The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. –Authentication credential is issued one per device –Authenticate the device to produce trust credential secrecy –Doesn’t rely on the concrete authentication credential and authentication methods Different radio in the same MP should use different session key. –Distribute keys for radios of the device through One time initial authentication procedure Follow the s security requirements –Authentication process is to build the root of trust relationship and authorize the device to use the trust credential; such as MSK etc –The key management has to work at the MAC layer –The SAs has to be tied to the MAC addresses Less modification, more better

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 9 Possible solution AS Sup MP MAMKD 2. EAPOL (EAP-Request Identity) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 7. EAP Transport (EAP- Success, MSK) 9. EAPOL (EAP-Success) 1. EAPOL-Start 4. Mesh EAP encapsulation (EAP-Response Identity) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP- Response Accept PMK-MA) 6. EAP-specific (mutual) authentication Only one PMK-MKD and one MKDK for an MP, shared by all the radios –Introduce device ID which can only identify the MP, i.e., prime address –Using the Dev_ID instead of SPA when deriving MeshTopLevelKeyData MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD- ID, Dev_ID) No modification to the derivation formulas of the PMK-MA, PTK and MPTK-KD –Different Session Keys is derived for different radios The SPA is the communication radio’s MAC address of the MPs No modification of the 4-way handshake.

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 10 Mesh key holder security handshake Modification The MKDK is indexed the MA_ID in the MKD according to the current mechanism –The transmission address of handshake message 1 It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID –Using the MKDKName to index the MKDK to establish secure association between MP and MKD.

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 11 Mesh key holder security handshake Modification The MKDK is indexed the MA_ID in the MKD according to the current mechanism –The transmission address of handshake message 1 It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID –Using the MKDKName to index the MKDK to establish secure association between MP and MKD.

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 12 Straw Poll Would you like to use Dev_ID for deriving PMK- MKDs and MKDKs to enhance the authentication procedure of multiple radios MPs? Yes No

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 13 Reference Draft_P802.11s_D1.09

doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 14 Back Up The radios can use MIC to prove its legality a.To MKD when doing the Mesh key holder security handshake -ONLY the authorized device have the MPTK-KD to compute the MIC. b.To other MPs when doing the 4-Way handshake -ONLY the authorized device have the AKCK derived from PMK-MA to compute the MIC. MP MKD 1,MANonce,MA-ID , MKD-ID , MKDKName 2,MANonce,MKDNonce,MA-ID , MKD-ID , MKDKName,MIC 3,MANonce,MKDNonce,MA-ID , MKD-ID , MKDKName,MIC 4,MANonce,MKDNonce,MA-ID , MKD-ID , MKDKName,MIC MP 1,MANonce,SPA,MA-ID,MKDD-ID,PMK-MKDName 2,SPANounce,MANonce,SPA,MA-ID,MKDD-ID,PMK-MKDName,MIC 3,SPANounce,MANonce,SPA,MA-ID,MKDD-ID,PMK-MKDName, MIC 4,SPANounce,MANonce,SPA,MA-ID,MKDD-ID,PMK-MKDName,MIC a. Mesh key holder security handshake b. 4-Way handshake

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.