Month Year doc.: IEEE yy/xxxxr0 November 2005

Slides:



Advertisements
Similar presentations
Use of KCK for TGr Management Frame Protection
Advertisements

Coexistence Motions for LB84 Comment Resolution
LB84 General AdHoc Group Sept. Closing TGn Motions
[ Interim Meetings 2006] Date: Authors: July 2005
TGu/TGv Joint Session Date: Authors: July 2005 July 2005
London TGu Motions Authors: January 2007 Date: Month Year
LB73 Noise and Location Categories
LB73 Noise and Location Categories
Waveform Generator Source Code
Japanese Emergency Call Regulation
TGu Closing Report Date: Authors: November 2005
TGp Closing Report Date: Authors: July 2005 Month Year
TGp Closing Report Date: Authors: July 2007 Month Year
Attendance and Documentation for the March 2007 Plenary
Attendance and Documentation for the March 2007 Plenary
[ Policies and Procedure Summary]
[ Policies and Procedure Summary]
3GPP liaison report May 2006 May 2006 Date: Authors:
Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005
3GPP liaison report July 2006
R0KH-R1KH protocol requirements
[place presentation subject title text here]
Descriptive Language Usage in TGv
JTC1 Chair’s Closing Report
Pre-Authentication Authentication of Management Frames
TGp Motions Date: Authors: November 2005 Month Year
TGp Closing Report Date: Authors: March 2006 Month Year
TGp Closing Report Date: Authors: May 2007 Month Year
JTC1 Ad Hoc Mid-week Report
TGp Closing Report Date: Authors: March 2006 Month Year
Reflector Tutorial Date: Authors: July 2006 Month Year
TGv Redline D0.07 Insert and Deletion
TGv Redline D0.06 Insert and Deletion
TGu Closing Report Date: Authors: September 2005
ADS Study Group Mid-week Report
Attendance for July 2006 Date: Authors: July 2006
IEEE P Wireless RANs Date:
Protection Assurance Method
Attendance for November 2006
TGu-changes-from-d0-01-to-d0-02
LB73 Noise and Location Categories
Extended Channel Switch Announcements
TGy draft 2.0 with changebars from draft 1.0
TGv Redline D0.10 Insert and Deletion
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Redline of draft P802.11w D2.2 Date: Authors:
Document Motions Date: Authors: November 2005 November 2005
Attendance for July 2006 Date: Authors: July 2006
TGu-changes-from-d0-02-to-d0-03
[ Policies and Procedure Summary]
May 2005 CAPWAP AHC Closing Report
Beamforming and Link Adaptation Motions
Path Selection and Path Switch Mechanism
Draft P802.11s D1.03 WordConversion
Motion to go to Letter Ballot
TGu-changes-from-d0-04-to-d0-05
Transition Nowhere Date: Authors: Sept 2005 Sept 2005
Use of More Data Field Date: Authors: Nov 2005 Month Year
TGu-changes-from-d0-03-to-d0-04
TGu Motions Date: Authors: May 2006 May 2006
11k Public Awareness Program
Attendance for November 2006
New User Plane Requirement
Extended Channel Switch Announcements
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Use of KCK for TGr Management Frame Protection
Use of KCK for TGr Management Frame Protection
Proposal for Diagnostic Alerts
TGp Motions Date: Authors: January 2006 Month Year
Presentation transcript:

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Disassociation and Deauthentication in BUMP using Length-Two-Hash Chain Date: 2005-11-17 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Abstract Part of the BUMP proposal describes a mechanism for secure disassociation frames using a hash-based commitment. This talk describes an (independently discovered) observation regarding this approach. In particular, we show how to use a two-level hash chain to separately permit both secure disassociation and deauthentication without requiring extra state or communication costs. Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Outline Basic 802.11 State Machine DoS Attacks by Rogue STA Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Outline Basic 802.11 State Machine DoS Attacks by Rogue STA The BUMP proposal for protecting group management frames: Length-One Hash Chains Relevance to 802.11 State Machine (protects deauthentication/disassociate frame) Our Core Idea: Length-Two Hash Chains Relevance to 802.11 State Machine (protects deauthentication/disassociate frame and also protects disassociation frame). Implementation based closely on BUMP protocol architecture Conclusions Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Review: “Basic” 802.11 state diagram Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Review: “Basic” 802.11 state diagram State 1: Unauthenticated Unassociated Not clear whether there’s a compelling reason to separate these two states. Successful authentication Deauthentication notification State 2: Authenticated Unassociated Deauthentication notification Successful (re) association Disassociation notification State 3: Authenticated Associated (State 3’: w/PTKSA) IEEE 802.1X Controlled Port unblocked Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Problem: Rogue group stations Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Problem: Rogue group stations Need to protect management frames that a station uses to disassociate or deauthenticate. Otherwise rogue station can forge such frames which results in a DoS attack. DoS attack Associated w/PTKSA Disassociation or Deauthentication broadcast Group (same GTK) Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 BUMP Proposal to Achieve Insider Forgery Protection for Broadcast Disassoc/Deauth If AP is enabled to enforce protection of broadcast management frames: Generate a random, unpredictable value CGTK whenever it selects a new IGTK (e.g. the key for protecting broadcast management frames). Distributes the commitment value CV = hash(AA | SA | CGTK) to 802.11w STAs when it distributes IGTK When AP sends broadcast Disassociation/Deauthenticate: MIC IE includes CGTK as the sequence number, length is updated to 26 Full packet is MIC’ed per the 802.11w broadcast protection (except for muted bits per slide 3) When an 802.11w STA receives a protected broadcast, accept frame if: CV = hash( AA | SA | CGTK) MIC is valid Otherwise discard packet Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

BUMP Proposal: relevance to “Basic” 802.11 state diagram Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 BUMP Proposal: relevance to “Basic” 802.11 state diagram State 1: Unauthenticated Unassociated Successful authentication Deauthentication notification Deauthentication notification State 2: Authenticated Unassociated With CGTK Successful (re) association Disassociation notification State 3: Authenticated Associated IEEE 802.1X Controlled Port unblocked Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Our Core Idea Add a level of indirection! Specifically Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Our Core Idea Add a level of indirection! BUMP starts with the CGTK and generates the CV by hashing it (one-level hash chain). We propose first generating the CGTK itself by a hash function (two-level hash chain). Specifically AP sets up CV as follows: Pick unpredictable value SGTK (“Seed” for CGTK) CGTK = Hash(SGTK) CV = Hash(AA | SA | CGTK) AP includes CGTK as part of broadcast disassociate; AP includes SGTK as part of broadcast deauthenticate/disassociate Note: hash chains have been around for a long time Passwords (Lamport), One-time Signatures (Merkle), Micropayments (Pedersen; Anderson, Manivafas, Sutherland; Rivest and Shamir), Certificate Revocation (Micali), Multicast Authentication (Perrig, Canetti, Song, Tygar), etc. Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Insider Forgery Protection for Broadcast Disassoc/Deauth Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Insider Forgery Protection for Broadcast Disassoc/Deauth If AP is enabled to enforce protection of broadcast management frames: Generate CGTK=hash(SGTK) – where SGTK is an unpredictable, random “seed” GTK. Distributes the commitment value CV = hash(AA | SA | CGTK) to 802.11w STAs. When AP sends broadcast Disassociation/Deauthenticate: Include SGTK When AP sends broadcast Disassociation Include CGTK When an 802.11w STA receives a protected broadcast, accept frame if: CV = hash( AA | SA | CGTK) for a disassociation frame. CV = hash( AA | SA | hash(SGTK)) for a deauthentication frame. Otherwise discard frame Impacts: Can separately achieve disassociation and deauthentication (but we don’t have a concrete scenario that leverages this separation). Tradeoff: AP needs to do extra hash function computation when generating CV. Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

4way-handshake CGTK=Hash(SGTK) Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Protocol Diagram STAs Rogue AP Store: SGTK 4way-handshake CGTK=Hash(SGTK) CV=Hash(AA | SA | CGTK) Disassociation/Deauthentication with the broadcast address STA can ignore Disassociation with the broadcast address and CGTK Check: CV = Hash( AA | SA | CGTK) Deauthentication with the broadcast address and SGTK Check: CV = Hash(AA | SA | Hash(SGTK)) Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Our Proposal: relevance to 802.11 state diagram Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Our Proposal: relevance to 802.11 state diagram State 1: Unauthenticated Unassociated Problem: While our two-level hash chain allows you to go from State 3 to State 2, you can only go to State 1 from there. Upshot: Two-level hash chains give you extra “flexibility” but it’s not clear if there’s a usage scenario that takes advantage of this flexibility. Successful authentication Deauthentication notification Deauthentication notification State 2: Authenticated Unassociated With SGTK Successful (re) association With CGTK Disassociation notification State 3: Authenticated Associated IEEE 802.1X Controlled Port unblocked Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Proposal Summary Extensions to BUMP: Bumping up BUMP! Impacts: Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 Proposal Summary Extensions to BUMP: Bumping up BUMP! CV created using double-hash chain: CGTK = Hash(CGTK); CV = Hash(AA | SA | CGTK) Disassociate with CGTK De-authenticate with SGTK Impacts: Compatibility: seems to fit very cleanly into existing BUMP proposal Separation: Disassociation and deauthentication are treated individually (fits “basic” 802.11 state diagram more closely). Tradeoffs: AP needs to do one extra hash function computation. Open Question: Is there a scenario that can take advantage of this separation? Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2005 References 11-05-0139-00-0ads-which-management-frames-need-protection.ppt 11-05-0140-00-0ads-session-mac-address-solves-deadlocks.ppt 11-05-0148-00-0ads-management-frame-protection.ppt 11-05-0237-00-0ads-requirements-management-frames-protection-schemes.ppt 11-05-0238-00-0ads-simple-80211i-extension.ppt 11-05-0343-00-0ads-protectionmanagementframes-protocolrequirements.ppt 11-05-0427-00-0ads-PMF-Requirements.ppt 11-05-0521-02-0ads-requirements-management-protection.doc 11-05-0529-00-0ads-protecting-broadcast-management-frames.ppt 11-05-0894-02-000w-broadcast-and-unicast-management-protection-bump.ppt 11-05-1045-01-000w-normative-text-bump-proposal.doc Zulfikar Ramzan, DoCoMo USA Labs John Doe, Some Company

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.