Doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel

Slides:



Advertisements
Similar presentations
Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
Advertisements

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
September 2004Rudolf, Carlton and TGr Marian Rudolf, Alan Carlton - InterDigital doc: IEEE /1052r0.
Doc.: IEEE /0175r2 Submission June 2011 Slide 1 FCC TVWS Terminology Date: Authors: Peter Ecclesine, Cisco.
Doc.: IEEE /0357r0 Submission March 2008 Michelle Gong, Intel, et alSlide 1 Enhancement to Mesh Discovery Date: Authors:
A Bandwidth Scheduling Algorithm Based on Minimum Interference Traffic in Mesh Mode Xu-Yajing, Li-ZhiTao, Zhong-XiuFang and Xu-HuiMin International Conference.
Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
Doc.: IEEE /1147r1 Submission November 2009 David Halasz, AclaraSlide 1 Path Protection Date: Authors:
Ad Hoc Relay Mode for Mobile Coverage Extension and Peer-to-Peer Communications IEEE Presentation Submission Document Number: IEEE S802.16m-07/260r2.
Doc.: IEEE /322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,
5/12/2005doc.: IEEE /0334 Submission Ripple: A Distributed Medium Access Protocol for Wireless Mesh Network Presented at the IEEE802.11, ,
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
History and Implementation of the IEEE 802 Security Architecture
History of s Standardization
History and Implementation of the IEEE 802 Security Architecture
Some LB 62 Motions January 13, 2003 January 2004
Considerations on WDS Addressing Tricci So 7 May 2004 Prepared by
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Waiver request regarding IEEE RAC comments
ESS Mesh Network Interconnection Considerations
SECURITY IN DISTRIBUTED FILE SYSTEMS
Proposal for ESS Mesh Date: Authors:
ESS Mesh Deployment Usage Model
Motions to Address Some Letter Ballot 52 Comments
Mesh Security Proposal
Mesh Security Goals and Requirements
Lightweight Mesh Point – A confusing term
Technical Requirements for IEEE ESS Mesh Networks
TruSecure Corporation
Enhancement to Mesh Discovery
Low Power Sensor Broadcast Use Cases
Traffic Class Control in MBSS
ESS Mesh Deployment Usage Model
Chapter 3 VLANs Chaffee County Academy
Requirements for ESS mesh network development
AP Architecture Thoughts
Jesse Walker and Emily Qi Intel Corporation
Lightweight Mesh Point – A confusing term
Extensible Security and Routing Proposal
CID#89-Directed Multicast Service (DMS)
Multi hop connections using
Mesh Security Recommendation
Mesh Security Proposal
Multi hop connections using
Suggested Clarification of s ESS Mesh Terminology
Relationship between peer link and physical link
Lightweight Mesh Point – A confusing term
P802.11aq Waiver request regarding IEEE RAC comments
Response to Coexistence Presentations
Suggested Major Functional Components for s
Extensible Security and Routing Proposal
Naval Research Laboratory Dynamic Backbone Subnets
Lightweight Mesh Point – A confusing term
TruSecure Corporation
Multi hop connections using
Presentation transcript:

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide s Security concepts Jasmeet Chhabra, Intel Anand R Prasad, DoCoMo Euro-Labs Jesse Walker, Intel Hindenori Aoki, NTT DoCoMo

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Outline Goals Requirements Assumptions Basic security model Distributed Authentication Centralized Authentication Conclusion

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Goals/Requirements Reuse/build on top of current i techniques –802.11s PAR, Clause 18: “The amendment shall utilize IEEE i security mechanisms, or an extension thereof...” Other requirements –Allow peer-to-peer association/authentication between mesh points/mesh APs –Protect mesh management and control messages exchanged between mesh points/mesh APs (e.g. routing and topology info) –Allow mesh nodes to broadcast to all its neighbors : needed by routing services etc. –Maintain 11i data security for data delivery across multi-hop mesh path –Credentials issued might have to differentiate between a mesh point and a non-mesh point –Allow for both distributed and centralized authentication schemes

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Assumptions Authenticated Mesh Points in an administrative domain can be trusted for faithful forwarding of messages. –No selective forwarding like attacks –No eavesdropping

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Background i “Figure 16—Example 4-Way Handshakes in an IBSS”

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Basic security model New mesh point ESS Mesh Security bubble Supplicant Authenticator Group key is used for broadcast communications Pair-wise keys are used for unicast communications Authentication server could be distributed or centralized –Does not effect basic security model

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Basic security model (Contd.) Each mesh point supports both supplicant and authenticator functionality Each mesh point acts as supplicant and authenticator for each of its neighbors –Similar to IBSS security model in i After authentication/authorization/4-way handshake: –Mesh point uses its own group key to broadcast/multicast – Pair-wise key for unicast Number of keys is O (num_neighbors)

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Advantages Minimal changes required to i –Mainly language changes –Re-uses the strong and well debated solution Builds on top of current i standard Key management Complexity is controlled –O(num_neighbors)

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Authenticator Security model with stations ESS Mesh Security bubble Supplicant Access Point No change in the current STA operation

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Authentication Schemes IEEE i does not specify where the authentication server resides. –Can be on the AP/Node itself –Only specifies functionality needed As mentioned earlier, the authentication scheme could be –Distributed or –Centralized

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Distributed authentication Completely distributed: automatic or manual configuration of nodes Elect: Requires solution for the case where elected AS becomes unavailable –A node is assigned as AS at random –The first node becomes AS –Some other mechanism is used Select: The user selects a node as AS

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Centralized Authentication The centralized method involves a ESS mesh AP that has access to a AS The AS could either reside locally or could be placed elsewhere in the network All other ESS mesh APs and STAs will be authenticated via the AP connected to the AS

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Open questions i does not provide management frame security –Could effect routing, topology traffic etc. security –Should align with management frame security study group: Need to submit requirements to the group before November Only language changes needed to i –Do we need to do any other changes in i? Are there changes needed for allowing distributed authentication?

doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide Conclusion Security model builds on top of i –Minimal language changes Manageable key complexity –O(num_neighbors) Need to submit requirements to the management frame security group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.