IEEE Interim May 2004 Allyn Romanow

Slides:



Advertisements
Similar presentations
Discussion of KaY Key Exchange and Management Interface to SecY
Advertisements

EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
IEEE MEDIA INDEPENDENT HANDOVER
A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Secure Socket Layer.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010.
WEP Protocol Weaknesses and Vulnerabilities
Frank Chao San Antonio 11/22/2004.1AE Management Info.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Doc.: IEEE /174r0 Submission March, 2003 Rene Struik, Certicom Corp.Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
History and Implementation of the IEEE 802 Security Architecture
Emerging Solutions in Network Time Synchronization Security
Computer and Network Security
Module 4: Configuring Site to Site VPN with Pre-shared keys
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
History and Implementation of the IEEE 802 Security Architecture
IPSecurity.
April 13, 2018 doc.: IEEE r0 March, 2003 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title:
Content Protection Support in
Lecture 29 Security in IEEE Dr. Ghalib A. Shah
Chapter 18 IP Security  IP Security (IPSec)
WEP & WPA Mandy Kershishnik.
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS
Jee sook, Eun May 2004 Presented in IEEE 802.1af - key management
BINF 711 Amr El Mougy Sherif Ismail
Chapter 4: Wireless LANs
IPSec VPN Chapter 13 of Malik.
Presented by: Dr. Munam Ali Shah
Using SSL – Secure Socket Layer
On and Off Premise Secure Access
CS 465 TLS Last Updated: Oct 31, 2017.
Chapter 3: Open Systems Interconnection (OSI) Model
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Migration to the new EDAMIS
Slides have been taken from:
Mesh Security Proposal
Content Protection Support in
Network Security – Kerberos
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
TruSecure Corporation
Virtual Private Networks (VPNs)
SSL (Secure Socket Layer)
Web Security (TRANSPORT-LEVEL SECURITY)
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Security Architecture Considerations Date.
Digital Certificates and X.509
November 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Amendment text] Date Submitted:
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Building a MACsec Draft
Virtual Private Networks (VPNs)
Project: IEEE Wireless Personal Area Networks (WPANs)
Electronic Payment Security Technologies
draft-ietf-dtn-bpsec-06
Counter With Cipher Block Chaining-MAC
Security in Wireless Metropolitan Area Networks (802.16)
Security in Wireless Metropolitan Area Networks (802.16)
Presentation transcript:

IEEE 802.1 Interim May 2004 Allyn Romanow Overview MACsec D2.0 IEEE 802.1 Interim May 2004 Allyn Romanow

Allyn Romanow, Cisco Systems Outline Disposition of comments for D1.2 Changes in D2.0 – Re-org of material Cipher Suite changes – no null C.S., E bit Keys EPON Parameter enhancements Deployment, Debugging, Other Management SecY Operation, Interface with KaY 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Re-organization of Material (Intro notes to current draft) Cl 8 SecY Operation <-> cl 10 MACsec protocol State machine – cl 15 EPON support in cl 8.4 Cl 7 -> cl 11 MACsec in Systems (ES & B), cl 16 Securing Networks (LAN & PB) 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems Keys Master Key – pre-shared or established by authentication, longer lived Secure Association Key (SAK) Key for the SA, short lived Sometimes called transient key Shared, private key Get a new one from Master Key when PN wraps, or timer expires Need to store 3 SAKs 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Interoperability, Migration Previously, Null Cipher Suite Now, through management controls, E bit saying whether there is encryption, cl 10.1 SecY Overview, E bit is bit 3 in TCI Got rid of Null Cipher Suite and Include Tag- reduces unnecessary complexity 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems EPON Single Copy Broadcast SCB 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems Management Controls, monitors, reports Maintains and uses info for The SecY The CA Each SC in the CA Each SA that supports and SC Operational parameters include MAC status (cl 6.4)-- MAC_Enabled, MAC_Operational Point to point (cl 6.5) --operPointToPointMAC, AdminPointToPoint MAC 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

SecY Management Parameters SecY Parameters List of Cipher Suites C. S. selected Cipher Suite Parameters Confidentiality Provided- E bit C.S. identifier Secure data length- user data length ICV length 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

SecY Management Parameters CA Parameters Transmit SC List of Receiver SCs SCI EncodingSA EncipheringSA 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

SecY Management Parameters Receiver SC SCI Transmit or Receive SAs(set of 4) Statistics Transmit SA SCI AN InUse? SAK Next PN 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

SecY Management Parameters Receive SA SCI AN In use? SAK LastValidatedPN? 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Deployment & Debugging 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems MacSEC Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems SecY Overview 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

KaY Direct Use of SecY Uncontrolled 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

KaY Use of SecY Uncontrolled and Controlled 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

Allyn Romanow, Cisco Systems SecY Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems