Discussions on FILS Authentication

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Advertisements

Doc.: IEEE /0119r00 Submission January 2011 Marc Emmelmann, Fraunhofer FokusSlide 1 Requirements for FILS Submissions coming from PAR & 5C Date:
Submission doc.: IEEE ai May 2012 InterDigital, KDDI, Nokia, Huawei, Intel, Qcomm Slide 1 Proposed SFD Text for ai Passive Scanning.
Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Submission doc.: IEEE ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for ai Passive Scanning Improvement.
Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Submission doc.: IEEE /1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: Authors:
Submission doc.: IEEE ai September 2012 Lei Wang, InterDigital CommunicationsSlide 1 Ad Hoc Discussions of ai Passive Scanning during.
Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc.: IEEE /0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: Slide 1 March 2012.
Submission doc.: IEEE ai May 2012 InterDigital Slide 1 Passive Scanning Improvement Ad Hoc Report Date: Authors:
Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Higher Layer Packet Container Proposal Presentation
FILS Reduced Neighbor Report
Access Control Mechanism for FILS
Omission of Probe Request
Month Year doc.: IEEE yy/xxxxr0 May 2012
AP discovery with FILS beacon
Proposed SFD Text for ai Link Setup Procedure
TGai Guideline for Submissions to TGai Template Slides
Triggering the Broadcast Probe Response
FILS presentation on High Level Security Requirements
AP Discovery Information Broadcasting
Fast Authentication in TGai
Triggering the Broadcast Probe Response
Differentiated Initial Link Setup (Follow Up)
EAP based Message Flow Optimization for FILS
Response considerations in Active Scanning
Improvement on Active Scanning
Multiple Frequency Channel Scanning
Fast Authentication in TGai
AP discovery with FILS beacon
MLME.SCAN-request Date: Authors: Nov 2012 Month Year
Scanning from Specific Channel
GAS procedure in TGai Date: Authors: Mar 2012 Month Year
Probe Request and Response in TGai
Access Control Mechanism for FILS
AP discovery with FILS beacon
FILS Reduced Neighbor Report
Reducing the Probe Response transmission
Band adjustment for fasat AP discovery
Listen to Probe Request from other STAs
Proposed SFD Text for ai Prioritized Active Scanning
Access Control Mechanism for FILS
Reducing Overhead in Active Scanning with Simulation Results
Prioritized Active Scanning in TGai
Access distribution in ai
Fast Authentication in TGai
AP Status Broadcast Date: Authors: November 2011
Access Control Mechanism for FILS
Performance Analysis of authentication and authorization
Reducing Overhead in Active Scanning with Simulation Results
Differentiated Association Service Provisioning in WiFi Networks
Triggering the Broadcast Probe Response
FILS Frame Content Date: Authors: February 2008
Fast Authentication in TGai
Month Year doc.: IEEE yy/xxxxr0 May 2012
Differentiated Initial Link Setup (Follow Up)
Cooperative AP Discovery
Omission of Probe Request
Access distribution in ai
Proposed SFD Text for ai Prioritized Active Scanning
Scanning from Specific Channel
Fast passive scan for FILS
Multiple Frequency Channel Scanning
Reducing Overhead in Active Scanning
GAS procedure in TGai Date: Authors: May 2012 Month Year
Reducing Overhead in Active Scanning
MLME.SCAN-request Date: Authors: Nov 2012 Month Year
Month Year doc.: IEEE yy/xxxxr0 May 2012
Presentation transcript:

Discussions on FILS Authentication Month Year doc.: IEEE 802.11-yy/xxxxr0 May, 2013 Discussions on FILS Authentication Date: 2013-05-03 Authors: Lei Wang John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 May, 2013 Abstract This document provides further discussions regarding FILS Authentication, for a comment submitted as a response to 802.11 WG Comment Collection 8 (CC8), on the question "Please provide comments on Draft P802.11ai D0.5". Lei Wang John Doe, Some Company

Conformance w/ TGai PAR & 5C Month Year doc.: IEEE 802.11-yy/xxxxr0 May, 2013 Conformance w/ TGai PAR & 5C Conformance Question Response Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11? No Does the proposal change the MAC SAP interface? ?? Does the proposal require or introduce a change to the 802.1 architecture? Does the proposal introduce a change in the channel access mechanism? Does the proposal introduce a change in the PHY? Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3, 4 Lei Wang John Doe, Some Company

Re-Cap: FILS Authentication May, 2013 Re-Cap: FILS Authentication Three FILS Authentication Methods in 11ai/D0.5 EAP-RP with no PFS EAP-RP with PFS Non-TTP with PFS FILS Authentication Operations Using Authentication frames and Association frames with newly introduced FILS authentication information content items; Piggybacking IP address assignment in FILS association frames; Designed to effectively reduce the authentication time and IP address setup time for STAs during initial link setup. Lei Wang

FILS Authentication with TTP May, 2013 FILS Authentication with TTP Authentication with TTP (Trusted Third Party) AP and STA perform mutual authentication using a mutually-trusted third party, e.g., AAA server; The TTP is known to both AP and STA; Current applications/adoption/common use cases: 3GPP - WLAN interworking: TS23.234, TS23.402. Secure Authentication for the Passpoint program from the Wi-Fi Alliance to enable seamless and secure Wi-Fi access in hotspots (2012) Next Generation Hotspot (NGH) Program of the Wireless Broadband Alliance: http://www.wballiance.com/wba-initiatives/next-generation- hotspot Two Schemes of FILS Authentication with TTP EAP-RP without PFS (Perfect Forward Secrecy) EAP-RP with PFS  Both are based on EAP-RP Lei Wang

Discussions about EAP-RP May, 2013 Discussions about EAP-RP EAP Extensions for the EAP Re-authentication Protocol (ERP) IETF RFC 5295/6696 Applying to the cases where STA and the trusted third party already share a valid rRK (re-authentication Root Key) Based on an EMSK (512 bits) derived out of a previous full EAP authentication process. Do all of the EAP methods generate an EMSK necessary for the subsequent process EAP-RP as a result of successful full EAP authentication process? What happens to the EAP-RP session when the lifetime of the full-EAP Master key (MK) expires? What happens to EAP-RP Re-Authentication when there are several AAA servers in the network (typical deployment)? Allowing single-roundtrip re-authentication with an authentication server following an initial full EAP authentication Lei Wang

Applying EAP-RP Requirements for becoming EAP-RP capable Month Year doc.: IEEE 802.11-yy/xxxxr0 May, 2013 Applying EAP-RP Requirements for becoming EAP-RP capable At device/UE side: Requires STA to support EAP extensions, including: EAP-Initiate, EAP-Finish At network / infrastructure side: Requires AP and AS to support EAP extensions, including: EAP- Initiate, EAP-Finish Current EAP-RP Capable Devices / network equipment Could not find any through public search. Current EAP-RP Applications and Standards adopted by 3GPP2 in the following UMB specification published in December of 2007: http://www.3gpp2.org/Public_html/specs/X.S0054-100- 0_v1.0_071219.pdf http://en.wikipedia.org/wiki/Ultra_Mobile_Broadband Any networks, any trials, any deployment announcements: Lei Wang John Doe, Some Company

Concerns with FILS Authentication with TTP May, 2013 Concerns with FILS Authentication with TTP FILS Authentication with TTP: only based on EAP-RP EAP-RP is still pending to be adopted in devices/networks; EAP-RP applies to the STAs with valid security associations with a TTP. For STAs with pre-established security association with a TTP Direct dependency on EAP-RP in both adoption time and scope Adoption time: only when or after EAP-RP is adopted How about the cases where people want to update AP/STAs to enable some quick improvement on the initial link setup time; but may not be ready to upgrade the network infrastructures to enable EAP-RP? Adoption scope: only where EAP-RP is adopted How about the applications / use cases where EAP-RP is not adopted? What if EAP-RP won’t be widely adopted? For STAs without pre-established security association with TTP No help from the current FILS authentication schemes; Such STAs exist; Should 11ai consider improving initial link setup time for such STAs? Lei Wang

Discussions on FILS Authentication with TTP May, 2013 Discussions on FILS Authentication with TTP Should 11ai consider any alternative / additional schemes? To fill in the potential gaps in the adoption time between FILS and EAP-RP; To cover the use cases where EAP-RP is not in use, e.g., in networks that are not EAP-RP capable; To cover the STAs to which EAP-RP is not applicable, e.g., the STAs without valid pre-established security associations with TTP; To allow solutions which have less impact on the requirements for device and infrastructure. Lei Wang

Discussions on FILS Authentication with TTP –con’t May, 2013 Discussions on FILS Authentication with TTP –con’t If the answer is yes, then: For the STAs with valid pre-established security associations with TTP What’s the performance expectation? Can we still keep the same number of message exchanges as the current EAP-RP based FILS authentication schemes? For STAs without valid pre-established security associations with TTP Use Full EAP, any room for optimization? Any alternatives to using Full EAP? Lei Wang

May, 2013 Straw Polls Straw-Poll-1: Do you support to have further discussions in TGai to address the concerns listed in Slide 8 of this document about FILS authentication with TTP? Result Yes No Abstain_______________ Lei Wang

References: IEEE Std 802.11™-2012 Draft-P802.11ai_D0.5 May, 2013 Lei Wang

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.