Fast Roaming Compromise Proposal

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Robust Security Network (RSN) Service of IEEE
Authentication and handoff protocols for wireless mesh networks
Just-In-Time 2 Phase Association TGr Proposal for Fast BSS Transitions
Keying for Fast Roaming
Pre-association Security Negotiation for 11az SFD Follow up
TGi Motions for Comment Resolution
Motions to Address Some Letter Ballot 52 Comments
TGai FILS Authentication Protocol
Pre-association Security Negotiation for 11az SFD Follow up
Mesh Security Proposal
Nancy Cam-Winget, Cisco Systems Inc
Wireless Network Security
Use of EAPOL-Key messages during pre-auth
TAP & JIT Merged Proposal Summary
PEKM (Post-EAP Key Management Protocol)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Nancy Cam Winget, Atheros
Just-in-time Transition Setup
TAP & JIT Key Hierarchy Notes
Nancy Cam-Winget, Cisco Systems Inc
802.1X/ Issues Nancy Cam-Winget, Cisco Systems
Technical corrections to D0.01
Authentication and handoff protocols for wireless mesh networks
Technical corrections to D0.01
Fast Authentication in TGai : Updates to EAP-RP
Jesse Walker and Emily Qi Intel Corporation
802.1X and AKE Comparison Nancy Cam-Winget, Atheros
TAP (Transition Acceleration Protocol)
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Roaming Keith Amann, Spectralink
Tim Moore, Microsoft Corporation Clint Chaplin, Symbol Technologies
Fast Roaming Compromise Proposal
Options for Protecting Management Frames
Roaming timings and PMK lifetime
Mesh Security Proposal
TGr Security Architecture
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Roaming Compromise Proposal
802.1X and AKE Comparison Nancy Cam-Winget, Atheros
Dan Harkins Trapeze Networks
Roaming timings and PMK lifetime
Keying for Fast Roaming
Jesse Walker, Intel Corporation Russ Housley, Vigil Security
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Overview of Improvements to Key Holder Protocols
Fast Roaming Observations
Overview of Improvements to Key Holder Protocols
Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft.
Submission Title: Dallas i/ Liaison Report.
Roaming timings and PMK lifetime
Group Key Optimizations
IEs in 4-way handshake description
11ay Fast Association Authentication
11ay Fast Association Authentication
Comment Resolution Motions
Presentation transcript:

Fast Roaming Compromise Proposal May 2003 Fast Roaming Compromise Proposal Tim Moore, Microsoft Nancy Cam-Winget, Cisco Systems Clint Chaplin, Symbol Technologies Donald Eastlake, Motorola Laboratories Dan Harkins, Trapeze Networks Russ Housley, Vigil Security Fred Stivers, Texas Instruments Jesse Walker, Intel Cam-Winget et. al.

Voice Requirements for reassociation May 2003 Voice Requirements for reassociation ITU guidance on TOTAL hand-off latency is that it should be less than 50 ms. Cellular networks try to keep it less than 35 ms. Cam-Winget et. al.

Key Management Requirements May 2003 Key Management Requirements Explicitly identify the PMK and PMK type being used Minimize computational load on all device types Support multiple back-end infrastructures Minimize the number of messages required while roaming. Minimize time dependencies in key mgmt Allow PTK pre-computation to accommodate highly constrained devices Modifications to the information in the 4-way handshake can be made to address 1, 2 and 3 but not in 4, 5 and 6 Cam-Winget et. al.

Why not replace 4-way handshake? May 2003 Why not replace 4-way handshake? Because: Generic mechanism for supporting PSK is needed Industry is already deploying 4-way handshake and must be retained for backward compatibility Define an optional proposal that allows coexistance with current TGi AKMs Cam-Winget et. al.

Compromise Proposal Feature Requirement RSN SA May 2003 Compromise Proposal Feature Requirement RSN SA Makes the notion of a session used to protect the data unique Supports multiple backend infrastructures Roaming Key Hierarchy (RKH) Allows PTK precomputation Minimize time dependencies in key mgmt Minimize computational load on all device types RKH IE Minimize the number of message exchanges while roaming Cam-Winget et. al.

RSN Security Association May 2003 RSN Security Association Defines the context to make the PTK usage meaningful Default RSN SA Class named by: AP’s BSSID and STA’s MAC address PTK established by the 4-Way Handshake. Instance named by ANonce and SNonce The SA collapses when any party loses or discards the SA context Alternate RSN SA Class and instance named by: MKID, AP’s BSSID and STA’s MAC address PTK established by the R-PMK and R-PMK Counter Cam-Winget et. al.

Root SA Pairwise Master SA RSN SA May 2003 Roaming Key Hierarchy PMK-EAP = f(MSK) EMSK is unused Default Key Hierarchy Roaming Key Hierarchy (RKH) Unspecified means for generating AP unique PMK’s Root SA (STA-AS) MKID Base Roam Key (BRK) Pairwise Master Key (PMK) = Current radius derivation Roaming Pairwise Master Key (R-PMK) Pairwise Master SA (STA-AP for Key Mgmt) PTK = Current PTK derivation R-PTK RSN SA (STA-AP for Data) KCK KEK TK Cam-Winget et. al.

Fast Roam negotiation: new AKMs May 2003 Fast Roam negotiation: new AKMs OUI Value Meaning Authentication Type Key Management Type 00:00:00 Reserved 1 Unspecified authentication over IEEE 802.1X– RSN default IEEE 802.1X Key Management as defined in 8.5 – RSN default 2 None IEEE 802.1X Key Management as defined in 8.5 using PSK 3 Alternate Key Management - Optional 4 Unspecified authentication over IEEE 802.1X 5-255 Vendor Specific Any Other Cam-Winget et. al.

RSN IE: Supports other back-end infrastructures May 2003 RSN IE: Supports other back-end infrastructures RSN IE Field Length Description Element ID 1 0x30 RSN IE length Version 2 RSN IE version Group Key Ciphersuite 4 Selected ciphersuite for multicast Pairwise Key Ciphersuite Count Number of supported pairwise ciphersuites Pairwise Key Ciphersuite list 4*n List of supported pairwise ciphersuites AKM count Number of supported AKMs AKM list 4*m List of supported AKMs Pairwise Key Hierarchy count Number of supported Pairwise Key Hierarchies Pairwise Key Hierarchy list 4*p List of supported Pairwise Key Hierarchies RSN Capabilities RSN capabilities Cam-Winget et. al.

Pairwise Key Hierarchies May 2003 Pairwise Key Hierarchies OUI Value Meaning 00:00:00 PSK 1 Default EAP PMK 2 EMSK Derived PMK (R-PMK) 3-255 Reserved Vendor OUI Other Vendor Specific Any Cam-Winget et. al.

Rekeying Re-association May 2003 Rekeying Re-association AP STA R-PMK, MKIDSTA, Counter1 R-PMK, MKIDAP, Counter2 Counter1 = Counter1 + 1, R-PTK = KMIK | KMEK | TK = Roaming-PRF() Re-assoc Req (RSN IE(AKMP), RKH IE(MKID, Counter1 , Srand, MIC, RSN IESTA)) Install TK for Rx Install TK Re-assoc Resp ( RKH IE(MKID, Counter2, Srand, Arand, RSC, EKMEK(GTK), MIC, RSN IEBSSID)) Install TK for Tx EAPOL-Key( Arand, MIC) Counter2 = Counter1 Cam-Winget et. al.

RSNIE – (RSN IE Length) bytes May 2003 Rekeying Reassociations (2): Roaming Key Hierarchy IE Element-ID – 1 byte Length – 2 bytes RSN IE Length – 1byte GTK Key ID – 1 byte GTK Length – 1 byte MKID – 16 bytes Counter – 4 bytes SRandom – 16 bytes ARandom – 16 bytes RSC – 8 bytes GTK – 40 bytes MIC – 8 bytes RSNIE – (RSN IE Length) bytes Cam-Winget et. al.

Initial Association: 3-way handshake May 2003 Initial Association: 3-way handshake STA AP MKID = AES-Encrypt(PMK, 0) Counter1 = Counter1 + 1, PTK-R = KMIK | KMEK | TK = Roaming-PRF() APKM EAPOL Key** (0, 1, 1, 0, 0, 1, MKID, SNonce, MIC, RSNIESTA) Install TK for Rx Install TK APKM EAPOL Key** (1, 1, 1, 1, 0, 1, MKID, SNonce, ANonce, MIC, RSNIEBSSID) Install TK for Tx APKM EAPOL-Key** ( 1, 1, 0, 1, 0, 1, ANonce, MIC, 0) Counter2 = Counter1 Initiate GTK handshake **APKM EAPOL Key is as defined in 8.5.2 and uses Version Type 3 or 4 Cam-Winget et. al.

Supports Push and Pull Models May 2003 Supports Push and Pull Models In either Initial Contact or Roam: If the AP does not have the RSN SA, it can contact the AS to establish it Through prediction, the AP – AS can establish the RSN SA before the STA attempts reassociation Cam-Winget et. al.

Motions Move to adopt draft text in 03/241r3 May 2003 Motions Move to adopt draft text in 03/241r3 Move to request IEEE 802.11 Working Group Chair to forward the letter titled “Input to IETF AAA Working Group on Keying Distribution Methods” to the IETF Chair Cam-Winget et. al.

May 2003 Feedback? Cam-Winget et. al.

Measured WPA values in ms May 2003 Measured WPA values in ms Message Client Dir AP Total Open Auth Request 0 - .3 ← .3 Open Auth Response → .25 – 1.4 .25 – 1.7 Associate Request 1.5-3.9 1.75 – 5.6 Associate Response .85 – 1.6 2.6 – 7.2 4-way Message 1 .8 - 4 3.4 – 11.2 4-way Message 2 16 - 250 19.4 – 261.2 4-way Message 3 2.5 - 28 21.9 – 289.2 4-way Message 4 13 - 78 34.9 – 367.2 GTK Message 1 6.9 – 122.6 41.8 – 489.8 GTK Message 2 9.4 - 86.7 (many retries) 51.3 – 576.5 Measurements were taken using Cisco 1200 APs with Intersil and Atheros NIC’s and MS and FUNK WPA Supplicants under ideal conditions (e.g. single client and little to no load on AP) Cam-Winget et. al.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.