HIP DEX for Fast Initial Authentication in

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0095r0 Submission Jan 2012 Konstantinos Georgantas, HIITSlide 1 HIP DEX for Fast Initial Authentication in Date:
Advertisements

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Doc.: IEEE /0756r0 Submission May 2011 Robert Moskowitz, VerizonSlide 1 IP Address Assignment in FIA Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P Working Group.
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE /484r0 Submission NameAffiliationsAddressPhone George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.
Submission doc.: IEEE /1146r0 Hitoshi Morioka, ROOT INC. Jun 2010 Feasibility Study of FIA Date: Authors: NameCompanyAddressPhone .
Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure
Discussions on FILS Authentication
FILS presentation on High Level Security Requirements
AP Discovery Information Broadcasting
Fast Authentication in TGai
Triggering the Broadcast Probe Response
Resource Request/Response Discussion
TGaq Pre-Association Summary
Robert Moskowitz, Verizon
IGTK Switch Announcement
Using Upper Layer Message IE in TGai
Mar 2015 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: KMP TG9 Opening Report Berlin 2015 Date Submitted:
Pre-association Service Discovery Use Cases
Improvement on Active Scanning
Uplink Broadcast Service
FILS Association Date: Authors: Name Affiliations Address
IGTK Switch Announcement
AP discovery with FILS beacon
AP discovery with FILS beacon
AP discovery with FILS beacon
Robert Moskowitz, Verizon
Nov 2013 Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Low Power Sensor Broadcast Use Cases
Reducing the Probe Response transmission
Robert Moskowitz, Verizon
Listen to Probe Request from other STAs
AP Power Down Notification
Month Year doc.: IEEE yy/xxxxr0
Reducing Overhead in Active Scanning with Simulation Results
Prioritized Active Scanning in TGai
Link Setup Flow July 2011 Date: Authors: Name Company
Fast Authentication in TGai
Access Control Mechanism for FILS
Secure Network Selection
Impact of KTP Non-definition
Reducing Overhead in Active Scanning with Simulation Results
Robert Moskowitz, Verizon
IEEE TGai Closing Report
Mobility Support in Wireless LAN
Triggering the Broadcast Probe Response
Synchronization of Quiet Periods for Incumbent User Detection
Robert Moskowitz, Verizon
Konstantinos Georgantas, HIIT
Management Enhancement for WLAN
Month Year doc.: IEEE yy/xxxxr0 May 2012
HIP DEX for Fast Initial Authentication in
Link Setup Flow July 2011 Date: Authors: Name Company
Month Year doc.: IEEE yy/xxxxr0
July 2013 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Technical Decisions for KMP transport Date.
Month Year doc.: IEEE yy/xxxxr0
Fast passive scan for FILS
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Month Year doc.: IEEE yy/xxxxr0 May 2012
Roaming mechanism for duty cycle mode
Presentation transcript:

HIP DEX for Fast Initial Authentication in 802.11 Konstantinos Georgantas, HIIT Page 1 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 HIP DEX for Fast Initial Authentication in 802.11 Date: 2011-05-10 Authors: Name Company Address Phone email Konstantinos Georgantas Helsinki Institute for Information Technology 0030-6974343988 Konstantinos.Georgantas@hiit.fi Robert Moskowitz Verizon Business 15210 Sutherland, Oak Park, MI 48237, USA +1-248-219-2059 rgm@labs.htt-consult.com Slide 1 Konstantinos Georgantas, HIIT Page 1 Konstantinos Georgantas, HIIT

Abstract Konstantinos Georgantas, HIIT Page 2 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Abstract This document presents the use of a HIP Diet EXchange (DEX) based architecture which intends to provide the necessary IP layer elevated security mechanisms in order to face the challenge of fast authentication in WLANs. HIP introduces a radically new way of authenticating hosts in WLANs in only two message exchanges and therefore saves time during authentication Slide 2 Konstantinos Georgantas, HIIT Page 2 Konstantinos Georgantas, HIIT

Agenda Konstantinos Georgantas, HIIT Page 3 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Agenda Problem statement Solution overview Network architecture HIP DEX adjustments Protocol operation Open work items Conclusions Slide 3 Konstantinos Georgantas, HIIT Page 3 Konstantinos Georgantas, HIIT

Problem Statement Konstantinos Georgantas, HIIT Page 4 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Problem Statement Why Fast Initial Authentication? Moving users with high velocity between APs Big amount of users entering an AP Smaller and smaller cell areas Ultimate goal: Can we go with a single roundtrip? Slide 4 Konstantinos Georgantas, HIIT Page 4 Konstantinos Georgantas, HIIT

Solution Overview (1/3) Konstantinos Georgantas, HIIT Page 5 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (1/3) Maybe not a single roundtrip but what about 2 roundtrips? “Lightweight Authentication and Key Management on 802.11 Wireless Networks” by Konstantinos Georgantas and Andrei Gurtov submitted in IEEE GLOBECOM 2011 Introduce a new network hierarchy Move the authenticator – HIP responder one level above Authentication only when ESS transition occurs Let the APs act as relays Introduce port based Net Access Control allowing HIP only traffic until the Initiator is authenticated Slide 5 Konstantinos Georgantas, HIIT Page 5 Konstantinos Georgantas, HIIT

Solution Overview (2/3) Konstantinos Georgantas, HIIT Page 6 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (2/3) Let HIP datagrams run over 802.11 Authentication frames HIP UPDATE can act as a rekeying mechanism EAP can also run on HIP! Slide 6 Konstantinos Georgantas, HIIT Page 6 Konstantinos Georgantas, HIIT

Solution Overview (3/3) Konstantinos Georgantas, HIIT Page 7 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Solution Overview (3/3) Proposed operation Slide 7 Konstantinos Georgantas, HIIT Page 7 Konstantinos Georgantas, HIIT

Open Work Items Konstantinos Georgantas, HIIT Page 8 doc.: IEEE 802.11-11/xxxxr0 May 2011 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Open Work Items STA validation of AP Include a CERT parameter in R1 that contains an X.509 cert for the AP Assumption is the STA can validate the cert without any 'upstream' assistance, or delay validation until IP connectivity is provided Timing concerns for AUTHENTICATION RESPONSE 802.11 does not specify a response time window, but does WiFi certification? If so do we need NULL keepalives or loosening of timings when AUTHENTICATION used for KMP? Slide 8 Konstantinos Georgantas, HIIT Page 8 Konstantinos Georgantas, HIIT

Conclusions Thank you! Konstantinos Georgantas, HIIT Page 9 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 doc.: IEEE 802.11-11/xxxxr0 May 2011 Conclusions Seamless intra-domain handovers (BSS transitions) Only 2 roundtrips (instead of 11) for inter-domain handovers (ESS transitions) But there are still some security considerations under review Thank you! Slide 9 Konstantinos Georgantas, HIIT Page 9 Konstantinos Georgantas, HIIT

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.