Authentication and Key Management of MP with multiple radios Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Authentication and Key Management of MP with multiple radios Date: 2008-07-14 Authors: Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Abstract This presentation states the CID #504 from LB126, the secure association setup problem when the multiple radios MP joins into the mesh network, and the suggested solution including the summary text change of the draft. CID#504: PMK-MKD which is derived after the higher-layer authentication should only be related with the authentication credential and some other device information , not tighten-related with the MAC address of a radio. It would induce multiple authentication problems when the mesh node has two or more radios 解决什么问题 多radio的重复认证问题 Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Agenda Problem Statement Resolution July 2008 Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Agenda Problem Statement Resolution Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Current Secure association setup mechanism Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Current Secure association setup mechanism Supplicant Step2: After MP authenticates with AS through MKD PMK-MKD and MKDK will be derived Bind with SPA Multiple initial authentication procedures should be request for multi-radio MP because each radio will has each SPA. Mesh Authenticator Step1: Authentication Method & Role & Key Management type Negotiation Probe/Beacon Peer Link Management Step2:Authentication through MKD & The key hierarchy setup Initial Authentication if needed Step3: PTK/GTK distribution 4-Way handshake to build session keys Secure communication Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Current 802.11s Key Hierarchy Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Current 802.11s Key Hierarchy The PMK-MKD and MKDK are bound with SPA. MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) There will be multiple SPAs for a multi-radio Supplicant MP; hence there will be multiple PMK-MKDs and MKDKs Multiple initial authentication procedures should have to be launched. Held by MKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held & Derived by Supplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) PMK-MA PMK-MKD PTK MKDK MPTK-KD Key Distribution branch Link Security Branch Suggestions: MPTK-KD = KDF-256(MKDK, “Mesh PTK-KD Key”, MeshID, MKD-NASID, MKD-ID, Dev_ID, MA-Nonce, MKD-Nonce) Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Disadvantages of multiple authentications Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Disadvantages of multiple authentications Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. The authentication credential may be used by multiple MPs simultaneously. Increase the air cost overhead when launching multiple times initial authentication Charles Fan,Amy Zhang, Huawei John Doe, Some Company
The root of the above problem Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 The root of the above problem The EAP authentication should occur between the peer and EAP server The low layer identity should only identify the supplicant There are multiple MAC addresses in multi-radio MP which can not only identify MP Each radio each MAC address Clarify how to only identify the MP The link security association should bind tightly with the MAC address which identify the wireless radio module. The radio’s MAC address should still be used to derive PTK Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Agenda Problem Statement Resolution July 2008 Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Agenda Problem Statement Resolution Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Solution Requirements Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Solution Requirements The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. Authentication credential is issued one MP device One PMK-MKD and one MKDK for an MP, shared by all the radios Different radio in the same MP should use different PTK. Distribute keys for radios of the device through one time initial authentication procedure There should be one MPTK-KD between an MA and MKD. The communication between MKD and MP is not tied to a peer link with MAC addresses Less modification, more better. Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Possible solution July 2008 Clarify two identifiers Month Year doc.: IEEE 802.11-yy/xxxxr0 Possible solution July 2008 Clarify two identifiers MP-ID: six bytes to only identify the MP node. It may use one of the MAC address of the MP if there are more than one PHY. MPA: the MAC address of the communicating radio module of the MP. Three roles when MP doing authentication and key hierarchy, and different ID names to identify the roles which actually is ‘MP-ID’. Amend the current security solution defined in D2.0 Bind PMK-MKD ,MKDK and PMK-MA to SP-ID instead of SPA MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA SP-ID) Only one MPTK-KD between an MA and MKD The key is to protect the communication between the two node entities, not the link level PTKs should bind with peer link MAC addresses Rename the ‘MA-ID’ into ‘MAA’ (Mesh Authenticator Address), because the MAA has the same definition of ‘MA-ID’ in 802.11s D2.0 MP-ID MPA Supplicant SP-ID SPA Authenticator MA-ID MAA MKD MKD-ID N\A MA-ID: the MAC address of the MA; it is the one of the MAC address of the MA if it has more than one PHY. MKD-ID: the MAC address of the MKD; it is the one of the MAC address of the MKD if it has more than one PHY. Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Peer Link Management negotiation clarify Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Peer Link Management negotiation clarify MP1 MP2 Get the MP-ID besides the radio MAC address (MPA) The MP-ID is used to do the selector MP determination Do not use MPA, because there are multiple MPAs which can not only identify the MP. Link instance is still bound with MPAs <local MPA, peer MPA, local ID, peer ID> I’m MP-ID#1, MPA#1, Who are u? I have PMK-MA#1 ... I’m MP-ID#2, MPA#2, Who are u? I have PMK-MA#1, PMK-MA#2 ...... PMK-MA negotiation by MP-ID Role negotiation PMK-MA negotiation by MP-ID Role negotiation I’m supplicant, use PMK-MA#1 维护MP-ID和MPA的映射关系 MP之间可以区分设备之间的链路连接情况 两个设备之间是否能建立多个link依赖于于各系统的实现 OK, I’m authenticator, I could use PMK-MA#1 ... Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Initial authentication clarify Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Initial authentication clarify Supplicant MP uses PLM to tell the SP-ID to MA in MSAIE and trigger the initial authentication procedure MA transfers the SP-ID to MKD in Mesh EAP encapsulation frame Supplicant MP and MKD use SP-ID to derive the PMK-MKD, MKDK, PMK-MA and to request PMK-MA AS Sup MP MA MKD 2. EAPOL (EAP-Request Identity) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 7. EAP Transport (EAP-Success, MSK) 9. EAPOL (EAP-Success) 1. EAPOL-Start 4. Mesh EAP encapsulation (SPA, SP-ID) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP-Response) 6. EAP-specific (mutual) authentication Peer Link Open (Request Authentication, SPA, SP-ID) Charles Fan,Amy Zhang, Huawei John Doe, Some Company
802.11s Key Hierarchy Clarify Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 802.11s Key Hierarchy Clarify MAA: the authenticator MP’s MAC address SP-ID: the identifier of the Supplicant MP; it is the one of the MAC address of the Supplicant MP if it has more than one PHY. MA-ID: the identifier of the MA; it is one of the MAC addresses of the MA if it has more than one PHY. MKD-ID: the identifier of the MKD; it is the one of the MAC address of the MKD if it has more than one PHY MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPASP-ID) Bind with MPs Held by MKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID||SPA SP-ID) MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Bind with Radios Held & Derived by Supplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID MAA||SPA||PMK-MAName) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) PMK-MA PMK-MKD PTK MKDK MPTK-KD Key Distribution branch Link Security Branch Suggestions: MPTK-KD = KDF-256(MKDK, “Mesh PTK-KD Key”, MeshID, MKD-NASID, MKD-ID, Dev_ID, MA-Nonce, MKD-Nonce) Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Summary updated text of the Draft Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Summary updated text of the Draft New Abbreviations: MP-ID: Mesh point Identifier MPA: Mesh Point Address Change the SPA into SP-ID when deriving the MKDK ,PMK-MKD and PMK-MA. Change the MA-ID into MAA when deriving the PTK. Change the criterion of selector MP Add the local MP-ID subfield in MSA IE in order to let the pair MPs know the identities of each other. Change the SPA into SP-ID in EAP Authentication field to send the SP-ID to MKD. Extend the definition of MA-ID and MKD-ID to support multiple radios MP. Element ID Length Handshake Control Local MP-ID MA-ID Selected AKM Suite Selected Pairwise Cipher Suite Chosen PMK Local Nonce Peer Nonce Optional Parameters Encapsulation Type Replay Counter SPA SP-ID EAP Message Length EAP Message Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Summary updated text of the Draft(cont’) Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Summary updated text of the Draft(cont’) Change the SPA into SP-ID in Mesh Key Transport Control field when requesting the PMK-MA PMK-MKDName SPA SP-ID Replay Counter Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Conclusion Less modification, more efficiency Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Conclusion Less modification, more efficiency Add the ‘MP-ID’ to only identify the MP, especially for the multiple radio MPs, and hence the SP-ID, MA-ID, MKD-ID when the MP is in different roles. Extend the definition of MA-ID and MKD-ID to be an unique identify of the MP devices, which are more reasonable to be named as an identifier also. Add the local MP-ID(6 bytes) field in MSA IE to let the pair MPs know the identities of each other when building the link. Rename the ‘MA-ID’ to ‘MAA’ in PTK derivation formula to make the PTK bind with peer links Charles Fan,Amy Zhang, Huawei John Doe, Some Company
Reference Draft_P802.11s_D2.00 July 2008 Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2008 Reference Draft_P802.11s_D2.00 Charles Fan,Amy Zhang, Huawei John Doe, Some Company
July 2008 Motion Moved, To adopt the normative text in 11-08/526r5 resolving CID 504 and direct the Editor to incorporate it into the Draft. Moved: Second: Result: Charles Fan,Amy Zhang, Huawei