Overview of Key Holder Security Association Teardown Mechanism

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: Authors:
Advertisements

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: IEEE /0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: Authors:
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol State Machine Date Submitted: September 13, 2006 Presented at IEEE.
Doc.: IEEE /0358r0 Submission March 2007 Zhao and Walker, Intel CorpSlide 1 Thoughts on Peer Capacity Date: Authors: Notice: This document.
Doc.: IEEE /0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: Authors:
Doc.: IEEE /0232r0 Submission February 2009 Meiyuan Zhao, IntelSlide 1 Suggestions to Clean Up Peering Management Frames Date:
Doc.: IEEE /1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.
Doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Protocol Coexistence Issue in MSA Subsequent Authentication
Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Doc.: IEEE /1353r0 Submission September 2006 J. Walker, M. Zhao, and S. Conner (Intel) Slide 1 Summary of Security and Link Establishment Protocols.
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
Architectural Considerations for IEEE s
Relationship between peer link and physical link
Submission Title: [Proposal for MAC Peering Procedure]
Updates on Abbreviated Handshake
March 2012 doc.: IEEE March 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title:
TDLS Inconsistent Security Problem
Authentication and Key Management of MP with multiple radios
TDLS Setup Date: Authors: Mar 2008 September 2007
TDLS TPK Handshake Date: Authors: May 2010 May 2010
Mesh Frame Formats Date: Authors: June 2007 March 2007
QoS Resource Query Overview
Fix inconsistency in PLM specification
Mesh Frame Formats Date: Authors: July 2007 March 2007
Submission Title: [Proposal for MAC Peering Procedure]
QoS Resource Query Overview
1/1/2019<month year> doc.: IEEE
Key Distribution for Mesh Link Security
Submission Title: [Proposal for MAC Peering Procedure]
Overview of Changes to Key Holder Frame Formats
May 2007 MSA Comment Resolution Overview
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Update to Efficient Mesh Security and Link Establishment
Changes to SAE State Machine
Authentication and Key Management of MP with multiple radios
Mesh Frame Formats Date: Authors: May 2007 March 2007
Mechanism to update current session parameters
802.1X in s Discussion Date: Authors: March 2011
RFI Update Munich Meeting
September 2007 doc.: IEEE /2376r0 November 2007
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Proposed DLS Teardown Date: Ovadia, Ginzburg, Intel
Simulation Evaluation of Peer Link Management Protocol
Different MKD domain MPs communication method
Submission Title: [Proposal for MAC Peering Procedure]
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Relationship between peer link and physical link
PLE Comment Resolution
27 Febraury 2002 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Security Sub-committee Status Report.
Overview of Improvements to Key Holder Protocols
Simplified DLS Action Frame Transmission in 11Z
Overview Suggested Comment Resolution for Mesh Synchronization
Security Requirements for an Abbreviated MSA Handshake
MSA Key Hierarchy Analysis and Alternatives
Overview of Improvements to Key Holder Protocols
Method for geting Link RCPI
Mesh Frame Formats Date: Authors: May 2007 March 2007
Mesh Frame Formats Date: Authors: July 2007 March 2007
RFI Update Munich Meeting
RFI Update Munich Meeting
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Overview of an MSA Security Proof
September 2006 doc.: IEEE /1351r0 September 2006
Mesh Frame Formats Date: Authors: May 2007 March 2007
General discovery comment resolution overview
Presentation transcript:

Overview of Key Holder Security Association Teardown Mechanism September 2007 doc.: IEEE 802.11-07/2376r0 September 2007 Overview of Key Holder Security Association Teardown Mechanism Date: 2007-09-05 Authors: Steve Emeott, Motorola Steve Emeott, Motorola

September 2007 doc.: IEEE 802.11-07/2376r0 September 2007 Abstract This submission provides an overview of document 11-07/2372r0, which proposes a protocol for tearing down a mesh key holder security association that had been set up between a mesh authenticator and a mesh key distributor Steve Emeott, Motorola Steve Emeott, Motorola

Outline Overview Discussion of questions received September 2007 doc.: IEEE 802.11-07/2376r0 September 2007 Outline Overview Mesh Key Holder Security Associations Teardown Mechanism Discussion of questions received Steve Emeott, Motorola Steve Emeott, Motorola

Mesh Key Holder Security Association September 2007 Mesh Key Holder Security Association A MP is elevated to a Mesh Authenticator after establishing a Mesh Key Holder Security Association (MKHSA) with an MKD A MKHSA between an MA and its MKD is identified by MPTK-KDShortName The MKHSA state consists of MPTK-KD (session key) Key Replay Counters If an MP moves to a new MKD domain, it should attempt to tear down the MKHSA in its old domain Allows the MKD to delete old state mesh key distributor mesh authenticator Mesh Key Holder Security Handshake message 1 Mesh Key Holder Security Handshake message 2 Mesh Key Holder Security Handshake message 3 Mesh Key Holder Security Handshake message 4 Figure: Mesh Key Holder Security Association Handshake Steve Emeott, Motorola

Example of MA behavior when changing MKD domains September 2007 Example of MA behavior when changing MKD domains MKD 1 MA 1 MA3 MKD 2 MA 2 Initial MSA Authentication In MKDD 1 Key Holder Security HS Initial MSA Authentication Proposed in 07/2372 Key Holder Security HS Key Holder Security Teardown In MKDD 2 After the Key Holder Security Teardown, MA3 has a secure peer link with both MA1 and MA2, but it only has a MKHSA with MKD2. Steve Emeott, Motorola

Key Holder Security Teardown protocol details September 2007 Key Holder Security Teardown protocol details Either MA or MKD may initiate The MKHSA torn down is identified by MPTK-KDShortName The teardown allows the MKD and MA to clean up state The Key Holder Security Teardown protocol permits the MA to delete a prior session, when joining a new MKD domain. The protocol may also be used by an MKD if it must stop its services as an MKD to one or more MAs. Requester Responder Teardown Request Teardown Response Steve Emeott, Motorola

Earlier Questions Received September 2007 Earlier Questions Received Question: What happens if the MA initiates a new security session while the MKD is tearing down a pre-existing security association? Can this lead to livelock, where one side keeps proposing a new security association and the other tears it down Answer: The MKHSA to be torn down is identified in the teardown request message by its MPTK-KDShortName, which will be different than the identifier for the new security session. Of course, the MKD is free to accept or decline a request for the new session Steve Emeott, Motorola

Earlier Questions Received (cont.) September 2007 Earlier Questions Received (cont.) Question: How does it work if the MA and MKD both initiate the teardown simultaneously. Answer: protocol supports timeout and retry features to increase the probability of success Any party sending a teardown request starts a timer, waits for response. When the timer expires it may retransmit request If a teardown response is not received after the teardown retransmission limit is reached, the MKHSA is deleted. Any party receiving a teardown request sends out a teardown response and starts a timer. The identified MKHSA is deleted when the timer expires. Any party receiving a duplicate request while decrementing the timer should send out a duplicate response When a party receives a valid response after sending out a teardown request, it deletes the identified MKHSA Any party receiving a teardown request while waiting for a response to its own teardown request for the same MKHSA should send a teardown response Steve Emeott, Motorola

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.