Authentication and Upper-Layer Messaging

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
IEEE Wireless Local Area Networks (WLAN’s).
Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Wireless and Security CSCI 5857: Encoding and Encryption.
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: Authors:
Doc.: IEEE /0977r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /1042r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /1000r1 Submission July 2011 Jihyun Lee, LG ElectronicsSlide 1 TGai FILS Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.: IEEE /xxxr0 Submission Nov Jonathan Segev (Intel)Slide 1 Rapid Scanning Procedure Date: Authors:
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE /484r0 Submission NameAffiliationsAddressPhone George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.
Submission doc.: IEEE r1 March 2012 Dan Harkins, Aruba NetworksSlide 1 The Pitfalls of Hacking and Grafting Date: Authors:
Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE /0294r2 Submission March 2012 Jonathan Segev (Intel)Slide 1 Active Scanning Reply Window Date: Authors:
Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
FILS Reduced Neighbor Report
Access Control Mechanism for FILS
Submission Title: [Proposal for MAC Peering Procedure]
Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure
Discussions on FILS Authentication
AP Discovery Information Broadcasting
Fast Authentication in TGai
MAC Address Hijacking Problem
PEKM (Post-EAP Key Management Protocol)
An Example Protocol for FastAKM
Access Control Mechanism for FILS
FILS Reduced Neighbor Report
Security for Measurement Requests and Information
Security for Measurement Requests and Information
Band adjustment for fasat AP discovery
Listen to Probe Request from other STAs
Security for Measurement Requests and Information
Submission Title: [Proposal for MAC Peering Procedure]
Security Properties Straw Polls
Access Control Mechanism for FILS
Month Year doc.: IEEE yy/xxxxr0
Changes to SAE State Machine
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Link Setup Flow July 2011 Date: Authors: Name Company
Fast Authentication in TGai
AP Status Broadcast Date: Authors: November 2011
Access Control Mechanism for FILS
An Example Protocol for FastAKM
TGai FILS: GAS/ANQP Signaling Reduction
Infrastructure Service Discovery
FILS Frame Content Date: Authors: February 2008
Session MAC Address Solves Deadlocks
Month Year doc.: IEEE yy/xxxxr0 May 2012
Cooperative AP Discovery
Link Setup Flow July 2011 Date: Authors: Name Company
Month Year doc.: IEEE yy/xxxxr0
A Better Way to Protect APE Messages
Fast passive scan for FILS
Presentation transcript:

Authentication and Upper-Layer Messaging May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 Authentication and Upper-Layer Messaging Date: 2012-05-04 Authors: Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 Abstract This submission discusses problems with the acceptance (and processing) of upper-layer messages prior to authentication. Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

Challenging Goals in 11ai May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 Challenging Goals in 11ai Fast link set-up Authentication and upper-layer protocol messaging (e.g. address assignment, plus DAD, plus….) with a minimum of delay Cannot degrade RSN security Mutual authentication No replay attacks (“liveness” proof) etc Handle the use case of hundreds of STAs trying to connect simultaneously The doors of the train open and everyone’s phone/PDA tries to connect to wireless network in the station Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

Handling of Upper Layer Messages May 2012 Handling of Upper Layer Messages Piggy-back the upper-layer message on an L2 frame that is conveying its own message Put (some of) the upper-layer messages into (some of) the authentication frames Do as much as possible in parallel Dan Harkins, Aruba Networks

Simultaneous Address Assignment w/ERP May 2012 Simultaneous Address Assignment w/ERP First message from client has both authentication and DHCP message Server simultaneously asks AS to authenticate peer and asks DHCP server for an address Server validates DHCP discover after receipt of DHP ACK Dan Harkins, Aruba Networks

Problems with Simultaneous Address Assignment w/ERP May 2012 Problems with Simultaneous Address Assignment w/ERP Handling is problematic Infrastructure may require authenticated identity to determine appropriate address to assign An address is requested upon receipt of a single unauthenticated message Request is processed before it is validated! This opens up the network to a resource exhaustion attack The network is unable to discriminate between an attacker spraying hundreds of bogus (but semantically valid) messages from fake MAC addresses and hundreds of legitimate users requesting access Remember the train station use case: network must be able to handle hundreds of nascent connections Dan Harkins, Aruba Networks

“Concurrent” IP Address Assignment w/ERP May 2012 “Concurrent” IP Address Assignment w/ERP First message from client has both authentication and DHCP message Server relays ERP message to AS, and retains rest of client message If AS authenticates client the rest of the client message is validated and a DHCP discover is sent to obtain an IP address Dan Harkins, Aruba Networks

Problems with Concurrent IP Address Assignment w/ERP * May 2012 Problems with Concurrent IP Address Assignment w/ERP * It requires a significant amount of state to be maintained on the AP upon receipt of a single unauthenticated message The AP must create per-STA state after receipt of a probe request! ERP message– name, cryptosuite, tag and DHCP offer must be retained until AAA server responds The DHCP offer can be encrypted, making validity heuristics impractical-- impossible to distinguish between an encrypted offer with many attributes and a very large amount of garbage Cost of single request/response is not amortized across all STAs Benefit of “single” request/response is illusory The client doesn’t know whether the AP is implementing “concurrent” or “simultaneous”, how long does it wait? Since it’s 2 round trips to 2 servers the cost is the same as 2 messages * these problems are also inherent to Simultaneous IP Address Assignment with ERP Dan Harkins, Aruba Networks

How to Process Authentication and Upper-Layer Messaging May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 How to Process Authentication and Upper-Layer Messaging Sequentially! Authentication then DHCP To do otherwise opens the network up to resource exhaustion attack In an honest and fair manner Don’t hide two 2-message protocols as one 2-message protocol The client should get feedback on where in the protocol it is Timers can be set realistically without guessing or over compensating The AP should not bear the full cost of hundreds of simultaneous connections when amortizing the cost over all clients is possible Susceptibility to resource exhaustion attacks should not be a requirement for FILS Some cost should be amortized over all STAs (per-STA load will be trivial) Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

How to Process Authentication and Upper-Layer Messaging May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 How to Process Authentication and Upper-Layer Messaging There are two separate things going on, do them separately In a single 2 round-trip exchange– one round-trip for authentication, one round-trip for DHCP Like 11-11/1488r1 (as presented in 11-11/1429r2) Minimal initial resource allocation requirements per-STA state on the network is session id plus nonce per-connection state on the STA is session id plus nonce No built in resource exhaustion attack DHCP request is still integrity protected and can still, optionally, have privacy protection Authenticated identity always known prior to address assignment Authorization attributes can be used to determine IP/VLAN assignment Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

References 11-11/1160r6 11-11/1488r1 11-11/1429r2 May 2012 doc.: IEEE 802.11-12/0562r0 May 2012 References 11-11/1160r6 11-11/1488r1 11-11/1429r2 Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks