NIST Considerations Date: Authors: July 2005 Month Year

Slides:



Advertisements
Similar presentations
Use of KCK for TGr Management Frame Protection
Advertisements

Submission on comments to +HTC frames
LB84 General AdHoc Group Sept. Closing TGn Motions
LB84 General AdHoc Group Sept. Closing TGn Motions
[ Interim Meetings 2006] Date: Authors: July 2005
Motions Date: Authors: January 2006
London TGu Motions Authors: January 2007 Date: Month Year
LB73 Noise and Location Categories
LB73 Noise and Location Categories
Waveform Generator Source Code
March 2014 Election Results
TGp Closing Report Date: Authors: July 2007 Month Year
TGr Security Architecture
Attendance and Documentation for the March 2007 Plenary
Attendance and Documentation for the March 2007 Plenary
[ Policies and Procedure Summary]
[ Policies and Procedure Summary]
Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005
3GPP liaison report July 2006
[place presentation subject title text here]
Descriptive Language Usage in TGv
Motions Date: Authors: January 2006
(Presentation name) For (Name of group) (Presenter’s name,title)
TGp Motions Date: Authors: November 2005 Month Year
TGp Closing Report Date: Authors: March 2006 Month Year
TGu-changes-from-d0-02-to-d0-03
TGp Closing Report Date: Authors: May 2007 Month Year
Contribution on Location Privacy
JTC1 Ad Hoc Mid-week Report
TGp Closing Report Date: Authors: March 2006 Month Year
Reflector Tutorial Date: Authors: July 2006 Month Year
TGv Redline D0.07 Insert and Deletion
TGv Redline D0.06 Insert and Deletion
July 2012 Opening Report Date: Authors: July 2012
ADS Study Group Mid-week Report
Selection Procedure Recommendation
TGu-changes-from-d0-01-to-d0-02
LB73 Noise and Location Categories
Proposal for QAP Available Admission capacity
March 2012 Opening Report Date: Authors: March 2012
TGy draft 2.0 with changebars from draft 1.0
TGv Redline D1.04-D1.0 Insert and Deletion
TGv Redline D0.10 Insert and Deletion
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Redline of draft P802.11w D2.2 Date: Authors:
November Opening Report
TGr Proposed Draft Revision Notice
TGu-changes-from-d0-02-to-d0-03
[ Policies and Procedure Summary]
March Opening Report Date: Authors: March 2011
Liaison Report From Date: Authors: Month Year
TKIP in w Date: Authors: September 2005 Month Year
Beamforming and Link Adaptation Motions
TGv Redline D1.03 Insert and Deletion
Draft P802.11s D1.03 WordConversion
TGv Redline D0.13 Insert and Deletion
Questions to the Contention-based Protocol (CBP) Study Group
January Opening Report
Motion to go to Letter Ballot
TGu-changes-from-d0-04-to-d0-05
Transition Nowhere Date: Authors: Sept 2005 Sept 2005
TGu-changes-from-d0-03-to-d0-04
TGu Motions Date: Authors: May 2006 May 2006
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Use of KCK for TGr Management Frame Protection
Use of KCK for TGr Management Frame Protection
TGr Proposed Draft Revision Notice
Selection Procedure Recommendation
TGp Motions Date: Authors: January 2006 Month Year
Presentation transcript:

NIST Considerations Date:2005-07-19 Authors: July 2005 Month Year March 2005 July 2005 NIST Considerations Date:2005-07-19 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Nancy Cam-Winget, Cisco Emily Qi, Intel Corporation

July 2005 NIST Considerations Collision attack on SHA-1 successful collision after 269 vs. original bound of 280 operations. NIST commencing phase-out of SHA-1 with replacement by 2010. While SHA-1 is still considered secure as a PRF and is further protected by HMAC for signatures, NIST is recommending adoption of SHA-256 Nancy Cam-Winget, Cisco

Updates to KDF Replace HMAC-SHA1 with HMAC-SHA256: July 2005 Output = KDF-Length( K, label, Context) where Input: K, a 256 bit key derivation key label, a string identifying the purpose of the keys derived using this KDF Context, a bit string that provides context to identify the derived key Length, the length of the derived key in bits Output: a Length-bit derived key result = “” iterations = (Length+159)/160 do i = 1 to iterations result = result || HMAC-SHA256(K, i || label || 0x00 || Context || Length) od return first Length bits of result and securely delete all unused bits Nancy Cam-Winget, Cisco

Use AES-CMAC-128 for EAPOL-Key MIC July 2005 Use AES-CMAC-128 for EAPOL-Key MIC EAPOL Key frame new Key Descriptor Version: The value 3 shall be used for all EAPOL-Key frames to and from a STA when either the pairwise or the group cipher is AES-CCMP for Key Descriptor 2. This value indicates the following: AES-CMAC-128 is the EAPOL-Key MIC. Where CMAC is defined in NIST Special publication 800-38B. The output of the AES-CMAC shall be the full 128 bits. The value 3 shall also be used for all EAPOL-KEY-IE elements included in the (re)association and TGr action frames Nancy Cam-Winget, Cisco

July 2005 AES-CMAC-128 AES(K, D) : AES 128bit block cipher using a 128bit key, K to encrypt plaintext D 0128: 128bits of zeroes L = AES( K, 0128) if MSB(L) = 0 → Lu = L << 1 else Lu = (L << 1) XOR 0x00000000000000000000000000000087 if MSB(Lu) = 0 → Lu2 = (Lu) << 1 else Lu2 = ((Lu) << 1) XOR 0x00000000000000000000000000000087 Y[0] = 0128 Partition data stream, M into m blocks: M[1], M[2] … M[m] If M[m] != 128bits, pad: M*[m] = (Lu2 XOR (M[m] || 10j)) where j= # 0’s to pad to 128bits M[m] = M[m] XOR (Lu) if the length of M[m] = 128 X[m] = X[m] XOR (Lu2) otherwise for i = 1 to m do Y[i] = AES( K, M[i] XOR Y[i-1] ) Nancy Cam-Winget, Cisco

July 2005 Comments? Nancy Cam-Winget, Cisco