Key Descriptor Version in EAPOL Key Frames

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Advertisements

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Submission doc.: IEEE 11-13/0487r0 May 2013 Dan Harkins, Aruba NetworksSlide 1 How To Fragment An IE Date: Authors:
Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
Doc.: IEEE r1 Submission July 2011 Dan Harkins, Aruba NetworksSlide 1 Prohibiting Technology Date: Authors:
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
Doc.: IEEE r0 Submission July 2011 Dan Harkins, Aruba NetworksSlide 1 Prohibiting Technology Date: Authors:
Doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.
Submission doc.: IEEE /1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date:
Doc.: IEEE /1077r0 Submission September 2010 Dan Harkins, Aruba NetworksSlide 1 Galois/Counter Mode (GCM) Date: Authors:
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Doc.: IEEE /0946r1 Submission July 2012 A proposal for next generation security in built on changes in ac 16 July 2012 Slide 1 Authors:
Doc.: IEEE /0964r0 Submission September 2010 David Halasz, AclaraSlide 1 Smart Grid and Key Lengths Date: Authors:
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Doc.: IEEE /552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia
IEEE 802.1AS REV D5.0 Review Comments
Secure PSK Authentication
Security Enhancement to FTM
Service Discovery Proposal
Enhanced Security Features for
White Space Map Notification
November 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted:
Enhanced Security Features for
Secure PSK Authentication
<month year> doc.: IEEE < e> <May 2018>
Motions to Address Some Letter Ballot 52 Comments
October 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted: [17.
Martin Lefkowitz Trapeze Networks
October 2017 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES-256 for ] Date Submitted: [17.
Opportunistic Wireless Encryption
Motion for ANA Request re: WNM-Notification Frame Type Field
Motion for ANA Request re: WNM-Notification Frame Type Field
Vendor Specific WUR Frame Follow Up
Vendor Specific WUR Frame Follow Up
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
Submission Title: Algorithm agility without frame by frame information
Using Upper Layer Message IE in TGai
Corrections for D2.8 Date: Authors: May 2014 Name
<month year> doc.: IEEE < e> <July 2018>
<month year> doc.: IEEE < e> <May 2018>
How To Fragment An IE Date: Authors: May 2013
March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Call for Proposals] Date Submitted:
TGv redline between Draft 1.0 and 1.01
July 2010 doc.: IEEE /0903r0 A proposal for next generation security in built on changes in ac 23 August 2012 Authors: Name Company.
doc.: IEEE <doc#>
Security for Measurement Requests and Information
Security for Measurement Requests and Information
November 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Amendment text] Date Submitted:
Security for Measurement Requests and Information
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Vendor Specific WUR Frame Follow Up
Changes to SAE State Machine
Submission Title: Algorithm agility without frame by frame information
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
NIST Considerations Date: Authors: July 2005 Month Year
Clarifying TKIP MIC processing format Fred Stivers, Texas Instruments
CID#89-Directed Multicast Service (DMS)
<month year> doc.: IEEE < e> <July 2018>
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
Nov 2008 doc.: IEEE yy/xxxxr0 July 2012
Overview of Improvements to Key Holder Protocols
Clause 7 Comment Resolutions
Overview of Improvements to Key Holder Protocols
Timing Measurement Date: Authors: Jan 2010 November 2007
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
A Better Way to Protect APE Messages
Timing Measurement Date: Authors: Jan 2010 November 2007
Comparison of Digital Signature with TESLA
Encrypting Management Frames
Report on Date: Authors: May 2019 July 2013
Presentation transcript:

Key Descriptor Version in EAPOL Key Frames July 2010 doc.: IEEE 802.11-10/0856r0 July 2010 Key Descriptor Version in EAPOL Key Frames Date: 2010-07-13 Authors: Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

July 2010 doc.: IEEE 802.11-10/0856r0 July 2010 Abstract This document discusses the processing of EAPOL Key Frames and the Key Descriptor Version. Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

EAPOL Key Frame Key Descriptor Version July 2010 EAPOL Key Frame Key Descriptor Version The current definition from 8.5.2: Key Descriptor Version is 3 bits (note the error in the figure) allowing 7 distinct versions. Three have been defined already. Dan Harkins, Aruba Networks

EAPOL Key Frame Key Descriptor Version July 2010 EAPOL Key Frame Key Descriptor Version Section 8.5.2 b) 1) describes the values to use for the key descriptor depending on the AKM (and pairwise cipher) negotiated and the data integrity algorithm and key wrapping algorithm to use for that particular value. Section 8.5.2 h) describes how big the MIC field will be depending on the Key Descriptor Value. (It says, “This field is 16 octets in length when the Key Descriptor Version subfield is 1 or 2” but there are 3 versions defined and it does not actually say the MIC size for version 3– it’s also 16 octets). Dan Harkins, Aruba Networks

EAPOL Key Frame Key Descriptor Version July 2010 EAPOL Key Frame Key Descriptor Version Version number determines processing Value 1 indicates HMAC-MD5 for data integrity and ARC4 for key wrapping. MIC is 16 octets Value 2 indicates HMAC-SHA1 for data integrity and AES Key Wrap (RFC 3394) for key wrapping. MIC is 16 octets. Value 3 indicates AES-CMAC for data integrity and AES Key Wrap (RFC 3394) for key wrapping. MIC is 16 octets. There are other options possible: RFC 5649 version of AES Key Wrapping HMAC-SHA256 or HMAC-SHA384 Winner of the SHA3 competition Dan Harkins, Aruba Networks

EAPOL Key Frame Key Descriptor Version July 2010 EAPOL Key Frame Key Descriptor Version AKM (and pairwise cipher) determines version 00:0F:AC:1 or 00:0F:AC:2 with TKIP means version 1 00:0F:AC:1 or 00:0F:AC:2 with CCMP means version 2 00:0F:AC:3, 00:0F:AC:4, 00:0F:AC:5 or 00:0F:AC:6 means version 3 AKM (and pairwise cipher) determines the Key Descriptor Version and the Key Descriptor Version determines how to process the frame. Therefore AKM (and pairwise cipher) determines how to process the frame. The Key Descriptor Version is extraneous. Dan Harkins, Aruba Networks

July 2010 Proposal Transmitter sets the Key Descriptor Version to 1, 2, or 3 depending on the AKM (and pairwise cipher) negotiated. Receiver ignores Key Descriptor Version and processes frame according to the negotiated AKM (and pairwise cipher, if applicable). Put AKM-to-processing mapping into single section. Going forward: New AKMs define data integrity algorithm, key wrapping algorithm, and size of MIC. This goes in the AKM-to-processing section Key Descriptor Version is not set for new AKMs. Dan Harkins, Aruba Networks

EAPOL Key Frame Key Descriptor Version July 2010 EAPOL Key Frame Key Descriptor Version Comments? Dan Harkins, Aruba Networks

July 2010 References Dan Harkins, Aruba Networks