Flexible Pre-key Overview

Slides:

Advertisements

Similar presentations

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Advertisements

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.

Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Title : CPU Broker (DSRT Extension) Kihun Kim University of Illinois at Urbana-Champaign.

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0566r1 Submission May 2006 Sood, Walker, Cam-Winget, CalhounSlide 1 TGr Security Architecture Notice: This document has been prepared.

Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.

Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,

Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Doc.: IEEE /01097r0 Submission November 2005 N. Cam-Winget, K. Sood, and J. WalkerSlide 1 EAPKIE Replay Counters and MIC Notice: This document.

Doc.: IEEE /0874r0 Submission September 2005 C Trecker, et alSlide 1 Test Methodology, Metrics and Test Cases for measuring Fast BSS Transition.

Robust Security Network (RSN) Service of IEEE

History and Implementation of the IEEE 802 Security Architecture

Seamless BSS Transition Protocol

doc.: IEEE /xxx Jon Edney, Nokia

Keying for Fast Roaming

Use of KCK for TGr Management Frame Protection

Issues of MAC Management Security

TAP/JIT Resource Pre-allocation

Which Management Frames Need Protection?

TGai FILS Authentication Protocol

Mesh Security Proposal

MAC Address Hijacking Problem

TAP & JIT Merged Proposal Summary

PEKM (Post-EAP Key Management Protocol)

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

doc.: IEEE /xxxx February 2004 September 2004

Just-in-time Transition Setup

doc.: IEEE /xxxx February 2004 September 2004

Security for Measurement Requests and Information

Security for Measurement Requests and Information

Fast Authentication in TGai : Updates to EAP-RP

Jesse Walker and Emily Qi Intel Corporation

Security for Measurement Requests and Information

PMF, take one A simple i extension

TAP (Transition Acceleration Protocol)

TAP (Transition Acceleration Protocol)

Motorola TGr Fast Handover Proposal

Pre-Association Negotiation of Management Frame Protection (PANMFP)

Roaming Keith Amann, Spectralink

“Not Ready” Response in FT Auth Messages

11i PSK use in 11s: Consider Dangerous

Fast Roaming Compromise Proposal

TGr state machines: normative or informative?

Mesh Security Proposal

Fast Roaming Compromise Proposal

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

WLAN Paging and Idle Mode

Fast Roaming Compromise Proposal

Keying for Fast Roaming

Roaming Improvements to TGe

Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc

Session MAC Address Solves Deadlocks

WLAN Paging and Idle Mode

Link Setup Flow July 2011 Date: Authors: Name Company

Transition Nowhere Date: Authors: Sept 2005 Sept 2005

11ay Fast Association Authentication

11ay Fast Association Authentication

Use of KCK for TGr Management Frame Protection

Ready to transition/ Clear to transition

Use of Nonces in Fast Transitioning Flows

WLAN Paging and Idle Mode

Presentation transcript:

Flexible Pre-key Overview Jon Edney, Stefan Faccin Nokia

Key points Establish PTKs for both STA and AP prior to reassociation request Negotiate AP resources prior to or during reassociation Use only reassociation request and response for transition Entire environment on new AP can be setup in advance Avoid resource exhaustion attacks by “last second” reservation at new AP New AP has option to defer decision on resource allocation until reassociation

Summary of the Flexible Pre-key Approach Client Authenticator AP Supplicant Pre-transition Client determines new AP for roam, increments ANONCE Generates SNonce, Generates new PTKi, Generates STnonce Generate Resource Rq-Blob {SNonce} Ek{STKey, Resource Rq Blob, STA_RSN_IE} {MIC} AP validates ANONCE Generates new PTK, validate 802.1X Pre-Key 1 Generate ATnonce & Resource_Rsp_blob Ek{ATnonce, [Resource Rsp Blob], GTK, AP_RSN_IE} {MIC} Reassociate request Include MIC & ATnonce to prove live STA Transition Reassociate response Include value of MIC & STnonce to prove live AP

Summary of Resource Blob Tree structure for scalability Related resource requests can be grouped Resource requests have index number Each node of tree can have “mandatory” indicator Each node of tree can have “defer” indicator AP can allocation upon request or defer allocation decision until reassociation If deferred, STA only provide list of index numbers in secondary request.