Opportunistic Wireless Encryption

Slides:



Advertisements
Similar presentations
Doc.: IEEE /410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.
Advertisements

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Secure Pre-Shared Key Authentication for IKE
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE /0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: Authors:
Submission doc.: IEEE /1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date:
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE /1294r0 Submission November 2008 Kenan Xu, Nortel NetworksSlide 1 Enhancing BSS Transition Management Date: Authors:
Doc.: IEEE /2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0448r0 Submission March, 2007 Srinivas SreemanthulaSlide 1 Joiint TGU : Emergency Identifiers Notice: This document has been.
Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:
Doc.: IEEE /0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: Authors:
Submission doc.: IEEE r1 March 2012 Dan Harkins, Aruba NetworksSlide 1 The Pitfalls of Hacking and Grafting Date: Authors:
Randomized MAC Addresses for Privacy Enhancement
Network Access on Apple iOS
Secure PSK Authentication
Authentication and Upper-Layer Messaging
Enhanced Security Features for
Month Year doc.: IEEE yy/xxxxr0 May 2012
AP discovery with FILS beacon
Network Neighborhood? Who’s on Your Wi-Fi?
Discussions on FILS Authentication
Some Findings from Real World Measurement
Enhanced Security Features for
AP Discovery Information Broadcasting
SFD Text for Public Key Cryptography
MMWave Distribution Network Discovery
MMWave Distribution Network Discovery
Pre-association Security Negotiation for 11az SFD Follow up
Firmware Notification
Secure PSK Authentication
Pre-association Security Negotiation for 11az SFD Follow up
ANQP Service Discovery
Key Descriptor Version in EAPOL Key Frames
MMWave Distribution Network Discovery
TGaq Design Options Date: Authors: January 2013
Multi-band Discovery Assistance
Multiple Frequency Channel Scanning
Enhancements to Mesh Discovery
How To Fragment An IE Date: Authors: May 2013
Multi-band Discovery Assistance
Pre-Association Security Negotiation (PASN) for 11az
AP discovery with FILS beacon
Scanning from Specific Channel
AP discovery with FILS beacon
AP discovery with FILS beacon
TGaq Design Options Date: Authors: March 2013 March 2013
Robert Moskowitz, Verizon
Security Properties Straw Polls
Password Authenticated Key Exchange
Changes to SAE State Machine
11i PSK use in 11s: Consider Dangerous
TGaq Design Options Date: Authors: March 2013 March 2013
Broadcast Service Advertisements
Broadcast Use Cases from Event Producers
Password Authenticated Key Exchange
Month Year doc.: IEEE yy/xxxxr0 May 2012
EAP Method Requirements for Emergency Services
IoT Onboarding for Date: Authors: November 2018
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
Broadcast Service Advertisements
11i PSK use in 11s: Consider Dangerous
Multiple Frequency Channel Scanning
Presentation transcript:

Opportunistic Wireless Encryption September 2015 doc.: IEEE 802.11-15/1128r0 September 2015 Opportunistic Wireless Encryption Date: 2015-09-13 Authors: Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

September 2015 doc.: IEEE 802.11-15/1128r0 September 2015 Abstract This submission presents an idea for addressing a problem with public wi-fi hotspots Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi” September 2015 doc.: IEEE 802.11-15/1128r0 September 2015 The Situation Wireless Internet access as an entitlement– “oh, no wi-fi, let’s go somewhere else” Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi” They want to provide a service but don’t want it to be a pain to configure or use They want to provide some notion of both service and security to customers Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

The Problem Perpetual battle: Security vs Ease-of-Use September 2015 doc.: IEEE 802.11-15/1128r0 September 2015 The Problem Perpetual battle: Security vs Ease-of-Use They want it to be easy-to-use Don’t bug the staff too much– “no I said the L is capital” Don’t irritate the customer– “wait, what? say that again” Don’t require specialized knowledge– “what’s an EAP method? How do I configure an ‘anonymous identity’?” They want some notion of security Want it to be better-than-nothing security Don’t want to have to get/generate/install a certificate Secure access by patrons has to scale (see easy-to-use) Result: Both sides lose Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

Dan Harkins, Aruba Networks (an HP company) FAIL September 2015 Dan Harkins, Aruba Networks (an HP company)

The Solution? OWE Make it simple to provision– just switch it on September 2015 The Solution? OWE Make it simple to provision– just switch it on Make it virtually impossible to misconfigure– no user entry required Make public wi-fi “suck less” than it does when using a shared PSK Raise the bar that is necessary to perform pervasive monitoring just a bit higher OWE is an outgrowth of an IETF BOF on improving the captive portal experience Dan Harkins, Aruba Networks (an HP company)

IETF Proposal Upside Downside September 2015 IETF Proposal https://tools.ietf.org/html/draft-wkumari-owe-00 Network appears “open” to the user (no lock icon), uses a Vendor Specific Element in beacons and probe responses to indicate OWE After association in an OWE network, STA and AP do the PSK authentication using the SSID as the password Upside No need to explain/enter anything, just works Code changes AP side are trivial; STA side, manageable Downside Inherits all the security problems of shared PSK Publicly advertises the PSK so arguably worse! Dan Harkins, Aruba Networks (an HP company)

Don’t do it in the IETF, let’s do it here AP advertises an OWE AKM September 2015 My Proposal Don’t do it in the IETF, let’s do it here AP advertises an OWE AKM When associating to an SSID with OWE include Diffie-Hellman exponentials in (Re)Associate Request and Resonse STA and AP perform Diffie-Hellman, use shared secret to derive a PMK Use this (truly pairwise) PMK with 4-way HS Dan Harkins, Aruba Networks (an HP company)

Benefits More secure than a shared PSK Easier to set-up than PSK September 2015 Benefits More secure than a shared PSK Not susceptible to passive attack All those tools downloadable from Internet to crack PSKs won’t work! Easier to set-up than PSK Nothing to provision or describe, no user error Easier to use by customers Absolutely nothing needed to do! It just works. Makes pervasive monitoring harder Easier to use plus better security! Winner, winner! Dan Harkins, Aruba Networks (an HP company)

ขอขอบคณ ุ Thank You! September 2015 Dan Harkins, Aruba Networks (an HP company)

September 2015 Questions? Dan Harkins, Aruba Networks (an HP company)

Option 1: Good idea, we should do it! September 2015 OWE Straw Poll Option 1: Good idea, we should do it! Option 2: Bad idea, let the IETF do it! Option 3: I was reading my email and not paying attention, sorry. Dan Harkins, Aruba Networks (an HP company)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.