Submission doc.: IEEE 802.11-11/1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date: 2011-09-22.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Doc.: IEEE /0410r2 Submission March 2011 Slide 1 Data Transmission Protection on the IEEE ac MU-MIMO Downlink Date: Authors:
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Doc.: IEEE /516r0-I Submission September 2002 Robert Moskowitz, ICSALabsSlide 1 RADIUS Client Kickstart Robert Moskowitz, ICSALabs John Vollbrecht,
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Doc.:IEEE /1523r4 Submission November 2011 Access Delay Reduction for FILS: Network Discovery & Access congestion Improvements Slide 1 Authors:
Doc.: IEEE /0259r02 Submission Date: ad New Technique Proposal March 2010 Yuichi Morioka, Sony CorporationSlide 1 Authors:
Doc.: IEEE /1097r1 Submission Sep 2012 Timo Koskela, Renesas Mobile CorporationSlide 1 Reserve Channel List in ah Date: Authors:
1 Authentication Applications Ola Flygt Växjö University, Sweden
SCSC 455 Computer Security
Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
Submission doc.: IEEE 11-13/0586r0 May 2013 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Comparison of IE fragmentation proposals Date:
Doc.: IEEE /0093r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /1160r1 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA +1
Doc.: IEEE /0295r0 Submission PRAW Follow Up Date: Authors: March 2013.
Submission doc.: IEEE 11-12/0271r1 March 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Big IE Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE /1167r0 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data IE Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE /1124r0 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Example of IP address assignment using Generic Upper.
Doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 1 An Example Protocol for FastAKM Date: Authors:
Doc.: IEEE /0313r1 Submission March 2011 Jarkko Kneckt, NokiaSlide 1 SU-MIMO Type for Group Addressed Frames Date: Authors:
Doc.: IEEE /2441r2 Submission SA Teardown Protection for w Date:
Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
ZTE corporation doc.: IEEE /1086r2 September 2012 Submission TIM Compression for No Buffered Unicast Traffic Date: Slide 1 Authors:
Doc.: IEEE /0608r2 Submission May 2012 Shoukang Zheng et. al, I2R, SingaporeSlide 1 Low-Power PS-Poll Date: Authors:
PS-Poll TXOP Using RTS/CTS Protection
Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
Doc.: IEEE /0324r0 Submission Slide 1Michelle Gong, Intel March 2010 DL MU MIMO Error Handling and Simulation Results Date: Authors:
Slide 1 doc.: IEEE /1092r0 Submission Simone Merlin, Qualcomm Incorporated September 2010 Slide 1 ACK Protocol and Backoff Procedure for MU-MIMO.
L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
Submission doc.: IEEE /0327r0 March 2015 Jarkko Kneckt, NokiaSlide 1 Microsleep for HE STA Date: Authors:
Off-the-Record Communication, or, Why Not To Use PGP
Doc.: IEEE /1190r2 September 2014 Submission Kaiying Lv (ZTE) Frame Exchange Control for Uplink Multi-user transmission Slide 1 Date:
TIM Compression Date: Authors: January 2012 Month Year
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0976r0 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Submission doc.: IEEE 11-12/0273r8 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE 11-12/0273r9 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE 11-10/0701r0 May 2012 Hitoshi Morioka, Allied Telesis R&D CenterSlide 1 Supplemental Information for HLCF Date: Authors:
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May.
Kerberos Guilin Wang School of Computer Science 03 Dec
Doc.: IEEE /1093r0 Submission November 2005 Hitoshi MORIOKA, ROOT Inc.Slide 1 MISP based Authentication Framework Notice: This document has been.
Doc.: IEEE /0133r3 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /0361r0 Submission March 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Fast Initial Authentication Date: Authors:
Doc.: IEEE /376 Submission November 2000 S. Watanabe et al, Seiko Epson Corp. Slide 1 Proposal to use KPS to Enhance Security of MAC Layer Shinichiro.
Submission doc.: IEEE 11-12/0273r7 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1008r0 August 2010Hiroki Nakano, Trans New Technology, Inc.Slide 1 Parallel processing for upper layer Date: Authors: NameCompanyAddressPhone .
Fall 2006CS 395: Computer Security1 Key Management.
Submission doc.: IEEE 11-12/0273r5 March 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: Authors: NameAffiliationsAddressPhone .
Submission doc.: IEEE 11-12/0273r10 May 2012 Hiroki Nakano, Trans New Technology, Inc.Slide 1 SFD Text for Upper Layers Date: Authors: NameAffiliationsAddressPhone .
Fast Initial Authentication
SFD Text for Public Key Cryptography
More Example Ideas around FIA
More Example Ideas around FIA
An Example Idea of FIA Authors: Date: May 2010 Name Company
IP Address assignment: Offline discussion summary
Reason Why L2 Per Frame Authentication Is Required
An Example Protocol for FastAKM
An Example Idea of FIA Authors: Date: May 2010 Name Company
An Example Protocol for FastAKM
Presentation transcript:

Submission doc.: IEEE /1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date: Authors: NameAffiliationsAddressPhone Hiroki NakanoTrans New Technology, Inc. Sumitomo Seimei Kyoto Bldg. 8F, 62 Tukiboko-cho, Shimogyo, Kyoto JAPAN

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 2 Possible threats Unauthorized STAs User authentication function should have responsibility. done by EAP or something Fake APs steal security credentials and/or users id. MITM (Snooping) monitor and steal security credentials and/or users id This proposal is for MITM and Fake APs. Authorization of non-STA by AP should be done by another framework, such as EAP-RP. Mutual Authentication

Submission doc.: IEEE /1326r1 Common sequence August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 3 non-AP STAAP Beacon Assoc. Request Auth. Server Auth. Request Auth. Response Assoc. Response This should include ID of non-AP STA or its user. AP needs this information at least to know which authentication server should be used. In case of EAP-RP, this includes EMSKname-NAI token to identify EMSK key (= EAP session).

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 4 Whats the problem? To reduce time, the next frame of Beacon, which may be Association Request, should include identifications of non-AP STA and/or its user. At least, AP has to know which authentication server is suitable for this user. There is possibility of steal of ID. Attackers may try to gather stolen IDs. IDs can be mail addresses, telephone numbers, IMEI, etc. To protect ID: ID has to be encrypted and signed. STA has to be able to know if AP is authorized or faked.

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 5 Protection against MITM (for ID) Almost all frames should be encrypted and signed. Except for beacons? Beacons can be encrypted using public key cryptography…? The target in this presentation is the second frame, which is next to a beacon. Before that, we have to exchange a key. Use Elliptic Curve Diffie-Hellman algorithm. ECDH can produce a smaller key with the same strength. Smaller beacons and other frames are preferable.

Submission doc.: IEEE /1326r1 Early key generation by DH/ECDH August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 6 non-AP STAAP Beacon Any mgmt. frame generate gxgenerate gy generate k from (gx, gy) gx, IEs gy, E(k, IEs) decrypt IEs encrypt IEs gx and gy can be reused for a while. This may include user ID.

Submission doc.: IEEE /1326r1 Length and strength of DH key RFC3526 mentions as below (published in 2003). Slide 7Hiroki Nakano, Trans New Technology, Inc. August 2011

Submission doc.: IEEE /1326r1 Length and strength of ECDH key RFC5656 mentions as below (published in 2009). Slide 8Hiroki Nakano, Trans New Technology, Inc. August 2011

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 9 Benefits of early key generation Almost all frames can be encrypted and signed. All packets sent by STA All packets sent by AP except for beacons Threats A malicious STA/AP can let another STA/AP use its computation power. A malicious STA can hijack a MAC address of another STA. Because of lack of MAC address protection User authentication function should kick out such keys after this process. Fake APs can steal information from STAs. Costs beacon size In case of ECDH, additional 64 byte is enough. For example, the length of beacons for VeriLAN.1x is 202 byte. computation power

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 10 Protection against faked APs Can no-AP STA know only from a beacon if the AP is not faked? Impossible…? Combination of key generation and public key cryptography can prevent faked APs from getting correct information.

Submission doc.: IEEE /1326r1 Early key generation w/ public key crypto. August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 11 non-AP STAAP Beacon Any mgmt. frame generate gxgenerate gy generate k from (gx, gy) gx E(Kp, gy), E(k, IEs) decrypt IEs by k encrypt IEs by k encrypt gy by Kp AP has Kp and Ks.non-AP has Kp only. This may include user ID. (Kp, Ks) is a pair of public and secret keys of AP. decrypt gy by Ks

Submission doc.: IEEE /1326r1 In case of faked AP August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 12 non-AP STAAP Beacon Any mgmt. frame generate gxgenerate gy generate k from (gx, gy) gx E(Kp, gy), E(k, IEs) decrypt IEs by k encrypt IEs by k encrypt gy by Kp non-AP has Kp only. AP can not obtain gy because AP does not have Ks. decrypt gy by Ks AP has Kp only. This may include user ID, but faked AP cant obtain this. This may include user ID.

Submission doc.: IEEE /1326r1 Another candidate of sequence August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 13 non-AP STAAP Beacon Any mgmt. frame generate gxgenerate gy generate k from (gx, gy) gx, Sign(Ks, gx) gy, E(k, IEs) decrypt IEs encrypt IEs check Sign(Ks, gx) by Kp AP has Kp and Ks.non-AP has Kp only. This may include user ID. (Kp, Ks) is a pair of public and secret keys of AP.

Submission doc.: IEEE /1326r1 Replay attack by faked AP August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 14 non-AP STAAP Beacon Any mgmt. frame generate gy generate k from (gx, gy) gx, Sign(Ks, gx) gy, E(k, IEs) decrypt IEs encrypt IEs check Sign(Ks, gx) by Kp non-AP has Kp only. AP has Kp only. AP can not produce by itself correct Sign(Ks, gx) from gx because of lack of Ks. But AP can obtain a pair of gx and Sign(Ks, gx) by monitoring. This may include user ID.

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 15 Benefits of early key generation w/ PK Almost all frames can be encrypted and signed. All packets sent by STA All packets sent by AP except for beacons Threats A malicious STA/AP can let another STA/AP use its computation power. A malicious STA can hijack a MAC address of another STA. Because of lack of MAC address protection User authentication function should kick out such keys after this process. Fake APs can steal information from STAs Solved. Costs beacon size In case of ECDH, additional 64 byte is enough. For example, the length of beacons for VeriLAN.1x is 202 byte. computation power

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 16 Conclusion Elliptic Curve Diffie-Hellman key exchange and public key cryptography enables secure transmission of the second frame including user ID transmission. Of course, this can be used to protect another type of frames such as ANQP, etc. This scheme needs additional IE in beacons and computation power. ECDH enables acceptable size of beacon. Old DH method makes beacon too fat.

Submission doc.: IEEE /1326r1August 2011 Hiroki Nakano, Trans New Technology, Inc. Slide 17 Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.