Secure Network Selection January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Secure Network Selection Date: 2007-01-15 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair stuart@ok-brit.com as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Lars Falk, TeliaSonera Lars Falk, TeliaSonera

January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Abstract This contribution outlines a method for letting the STA know which of the available networks that can be trusted. Lars Falk, TeliaSonera Lars Falk, TeliaSonera

Agenda Background and Problem Description Solution Outline Straw Polls January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Agenda Background and Problem Description Solution Outline Straw Polls Lars Falk, TeliaSonera Lars Falk, TeliaSonera

Background and Problem Description January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Background and Problem Description Today a STA at power up has no way of telling which of the available networks that can be trusted. It is very easy to set up a fake AP that uses the SSID of a real network and re-directs the user to a copy of the normal login page. Therefore a method for letting the STA know which networks can be trusted before it tries an association would be welcome. Lars Falk, TeliaSonera Lars Falk, TeliaSonera

Relation to TGu Requirements January 2007 Relation to TGu Requirements R13N1: Define functionality by which a STA can determine whether its subscription to an SSPN would allow it to access a particular 802.11 AN before actually joining a BSS within that 802.11 AN. Proposals must describe their consideration of scalability. Lars Falk, TeliaSonera

TGv Two relevant diagnostics request/report mechanisms: January 2007 TGv Two relevant diagnostics request/report mechanisms: 802.11 Authentication 802.1X Authentication Initiated by the AP, determines that the STA is able to perform an authentication properly. Normal authentication parameters are exchanged between AP and STA to check this. Lars Falk, TeliaSonera

January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Solution Outline On power up or when the STA reaches an area with coverage from one or several WLAN, let the STA initiate the authentication parameter exchange before it gets associated The authentication parameter exchange can be related to a certificate issued by e.g. a clearing house or roaming consortium The parameter exchange can be done with all relevant networks This way the STA/user/client software can get a list where it can see which of the available networks that can be trusted Could be referred to as active secure probing? Lars Falk, TeliaSonera Lars Falk, TeliaSonera

January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Straw Poll 1 On problem statement: Should TGu create a solution for secure network solution, as described in this presentation? Yes: No: Don’t care: Lars Falk, TeliaSonera Lars Falk, TeliaSonera

January 2007 doc.: IEEE 802.11-07/0047r0 January 2007 Straw Poll 2 On solution outline: Is the solution outline (secure probing) as described in this presentation the way to go? Yes: No: Don’t care: Lars Falk, TeliaSonera Lars Falk, TeliaSonera