“Not Ready” Response in FT Auth Messages

Slides:



Advertisements
Similar presentations
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Advertisements

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /0061r1 SubmissionJae Seung Lee, ETRISlide 1 Probe Response frame transmission interval Date:
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Doc.: r Submission March 2006 AllSlide 1 A method to refresh the keys hierarchy periodically Notice: This document has been prepared to.
Doc.: IEEE /0538r4 Submission July 2005 Bill Marshall, TGr EditorSlide 1 Introducing 11r-d0.00 Notice: This document has been prepared to assist.
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE /01097r0 Submission November 2005 N. Cam-Winget, K. Sood, and J. WalkerSlide 1 EAPKIE Replay Counters and MIC Notice: This document.
Doc.: IEEE /0199r0 Submission March 2005 Kapil Sood, Intel; Bob O’Hara, AirespaceSlide 1 Policy Enforcement For Resources and Security Notice:
Doc.: IEEE /0538r2 Submission June 2005 Bill Marshall, TGr EditorSlide 1 Introducing 11r-d0.00 Notice: This document has been prepared to assist.
Doc.: IEEE /0294r2 Submission March 2012 Jonathan Segev (Intel)Slide 1 Active Scanning Reply Window Date: Authors:
Doc.: IEEE /0874r0 Submission September 2005 C Trecker, et alSlide 1 Test Methodology, Metrics and Test Cases for measuring Fast BSS Transition.
FILS Reduced Neighbor Report
Authentication and Upper-Layer Messaging
Proposed SFD Text for ai Link Setup Procedure
Queues Chapter 8 Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved
TAP/JIT Resource Pre-allocation
TDLS TPK Handshake Date: Authors: May 2010 May 2010
Advertising WUR Discovery Frame Related Info for Fast Scanning
Idle Mode Operation for IEEE v
TAP & JIT Merged Proposal Summary
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
doc.: IEEE /xxxx February 2004 September 2004
Just-in-time Transition Setup
doc.: IEEE /xxxx February 2004 September 2004
QoS Resource Query Overview
FILS Reduced Neighbor Report
Technical corrections to D0.01
Technical corrections to D0.01
Proposed Modifications to e-D4.0 Direct Link Protocol
Jesse Walker and Emily Qi Intel Corporation
Burst Transmission and Acknowledgment
TAP (Transition Acceleration Protocol)
TAP (Transition Acceleration Protocol)
Roaming Keith Amann, Spectralink
Month Year doc.: IEEE yy/xxxxr0
Changes to SAE State Machine
Mechanism to update current session parameters
Enhancing BSS Transition Management
Flexible Pre-key Overview
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Fast Roaming Compromise Proposal
Advertising WUR Discovery Frame Related Info for Fast Scanning
Policy Enforcement For Resources and Security
Florent Bersani, France Telecom R&D
Introducing 11r-d0.00 Date: Authors: January 2002
Fast Roaming Compromise Proposal
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
SA Teardown Protection for w
Fast Roaming Compromise Proposal
Dan Harkins Trapeze Networks
Introducing 11r-d0.00 Date: Authors: July 2005
Burst Transmission and Acknowledgment
AP Connection Period in TDLS
Month Year doc.: IEEE yy/xxxxr0 May 2012
Cooperative AP Discovery
Use of EAPOL-Key messages
Transition Nowhere Date: Authors: Sept 2005 Sept 2005
Month Year doc.: IEEE yy/xxxxr0
A method to refresh the keys hierarchy periodically
11ay Fast Association Authentication
A method to refresh the keys hierarchy periodically
Use of More Data Field Date: Authors: Jan 2006 Jan 2006
11ay Fast Association Authentication
Use of KCK for TGr Management Frame Protection
Ready to transition/ Clear to transition
Use of Nonces in Fast Transitioning Flows
Location Presentation
Presentation transcript:

“Not Ready” Response in FT Auth Messages Paul Funk, Funk Software 2/23/2019 11-05-0829-00-000r

Problem During Fast Transition, TTAP may need to: Request a PMK-R2 from upper levels of the key hierarchy Consult other network elements prior to satisfying resource (RIC) request This will delay the TTAP’s response to the STA’s FT request. As currently specified, STA must remain on TTAP’s channel to listen for response. This time is better used by STA returning to channel of current AP to continue trafficking in data. 2/23/2019 11-05-0829-00-000r

Solution In response to FT Auth request, TTAP may quickly respond with “Not Ready”. STA temporarily returns to channel of current AP to resume data exchange. STA then reissues FT request, hoping TTAP is now ready. Either the TTAP is now ready, or this process repeats. 2/23/2019 11-05-0829-00-000r

New Data Items Two new Status Codes are added: New Time Interval type: “Security Not Ready” indicates PMK-R2 not yet available “Resources Not Ready” indicates resources cannot immediately be allocated New Time Interval type: “Defer Time” (ms) indicates suggested interval after which STA may try again 2/23/2019 11-05-0829-00-000r

TTAP M2 Response May set SC = Security Not Ready M2/SNR includes: Defer Time Reassociation Deadline EAPKIE with ANonce M2/SNR does not include: Key Lifetime (as it is not known) 2/23/2019 11-05-0829-00-000r

STA Action on M2/SNR STA does the following: * Question: Delays for Defer Time interval Then either: Reissues M1, or Proceeds to next messaging phase [M3 (reservation) or (re)association request] * Note that STA is able to compute PTK, as it has ANonce from TTAP * Question: Allowing STA to proceed to next messaging phase may be an optimization but introduces variability. Is it worth it, or should STA be required to reissue M1? 2/23/2019 11-05-0829-00-000r

TTAP M4 Response to M3 If TTAP still does not have PMK-R2: It may set SC = Security Not Ready in M4 response. Contents of M4/SNR are same as M2/SNR, except for auth transaction sequence number If TTAP has PMK-R2 but needs time to allocate resources: Sets SC = Resources Not Ready in M4 Includes same IEs as per spec for M4, except: Omits RIC Adds Defer Time Otherwise, TTAP responds with M4 as per spec. 2/23/2019 11-05-0829-00-000r

STA Action on M4/Not Ready STA does the following (upon receipt of either SNR or RNR): Delays for Defer Time interval Reissues M3 (typically but not necessarily with the same RIC as before) Question: upon receipt of Resources Not Ready: Should STA be allowed to proceed directly to (re)association, including its resource request in that message? Resource semantics may preclude this, would like input from RIC experts 2/23/2019 11-05-0829-00-000r

TTAP (Re)Association Response If TTAP still does not have PMK-R2: It must acquire PMK-R2 prior to issuing successful (re)association response There is no provision for Not Ready response in (re)association response 2/23/2019 11-05-0829-00-000r

Key Replay Counter in EAPKIE I don’t think it is mentioned in the current spec It should be there: incremented by STA on each message echoed by TTAP In particular it is needed for Not Ready usage, as identical messages may be reissued and, thus, replayed. 2/23/2019 11-05-0829-00-000r

Action Frames Should Not Ready mechanism be permitted in Action frames for FT over-the-DS? The problem of keeping the STA from passing traffic does not exist with over-the-DS. However, there might be value in informing the STA quickly that the TTAP is processing the request. 2/23/2019 11-05-0829-00-000r

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.