Responses to Clause 5 Comments

Slides:



Advertisements
Similar presentations
Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
Advertisements

Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
IEEE Wireless LAN Standard
Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
CWNA Guide to Wireless LANs, Second Edition
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Wireless security Wi–Fi (802.11) Security
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
Proposed solutions to comments on section 7
Doc.: IEEE /465r0 Submission Wim Diepstraten, Agere Systems July 2002 Slide 1 WiSP Wireless Sidelink Protocol Wim Diepstraten Gerrit Hiddink Agere.
FILS Reduced Neighbor Report
Authentication and Upper-Layer Messaging
Some LB 62 Motions January 13, 2003 January 2004
Proposed solutions to comments on section 7
WLAN Paging and Idle Mode
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Waiver request regarding IEEE RAC comments
802.1X and key interactions Tim Moore November 2001
Wireless Mesh Networks
Motions to Address Some Letter Ballot 52 Comments
doc.: IEEE xxx Bob Beach Symbol Technologies
Discussion on CID2199 Date: Authors: Jan 2014 Name Company
Lightweight Mesh Point – A confusing term
Coexistence of Legacy & RSN STAs in Public WLAN
Broadcast of Neighbor Info
Uplink Broadcast Service
Multiple Concurrent Associations as a Means of Doing Fast Roaming
Wireless Sidelink Protocol
BSSID Info Field Comment resolution
FILS Reduced Neighbor Report
Security for Measurement Requests and Information
Security for Measurement Requests and Information
3GPP WLAN Interworking Security Issues
Lightweight Mesh Point – A confusing term
Proposal for Load Balancing
doc.: IEEE /454r0 Bob Beach Symbol Technologies
CCMP Nonce Construction
May 2002 doc.: IEEE /299R0 May 2002 Slides to Assist with non-19 Comments (based on R1 Comment Resolution Excel Sheet) Terry Cole AMD.
Introducing 11r-d0.00 Date: Authors: January 2002
Secure WNM Requirements
Roaming timings and PMK lifetime
FlexWiFi – A Distributed DLS
Discussion on CID2199 Date: Authors: Jan 2014 Name Company
Fast Roaming Using Multiple Concurrent Associations
Proposal for authentication cluster
WLAN Paging and Idle Mode
Signaling of intolerance for 40 MHz transmissions
SA Teardown Protection for w
Lightweight Mesh Point – A confusing term
Roaming timings and PMK lifetime
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Waiver request regarding IEEE RAC comments
WLAN Paging and Idle Mode
TGi Draft 1 Clause – 8.5 Comments
Month Year doc.: IEEE yy/xxxxr0 May 2012
Lightweight Mesh Point – A confusing term
Shared Infrastructure
Chapter 11 Comment Resolution for Letter Ballot 63
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
Lightweight Mesh Point – A confusing term
TGi Draft 1 Clause – 8.5 Comments
Greenfield protection mechanism
WLAN Paging and Idle Mode
Comment Resolution Motions
Presentation transcript:

Responses to Clause 5 Comments Bob Beach Symbol Techologies Bob Beach - Symbol Technologies

Comment Summary 175+ Comments Mostly editorial Nine areas of technical concern Bob Beach - Symbol Technologies

Significant Technical Issues State Diagram Concerns (15) Authentication in IBSS (12) Kerberos applicability (6) Replay Protection for BC/MC (4) AS/AP Trust Issue (3) Legacy Compatibility (3) Deauthentication Frame Usage in ULA (2) What is ESN compliance (2) Security Impact on QoS when roaming (1) Mixed Encrypted/NonEncrypted Streams (1) Disassociation Timeout (1) Deauthentication Question (1) Bob Beach - Symbol Technologies

State Diagram Concerns Comments: 738, 584, 322, 583, 1360, 1151, 28, 711, 1433, 995, 1199,1667,1668,1669,1690 State Diagram is incomplete and/or has formatting errors Some of the problem is that the diagram is for MAC authentication and with ULA there is none Bob Beach - Symbol Technologies

Response -1 Purpose of state diagram is only to define which frames are allowed are any given time States 1,2,3 assume MAC authentication State 4 is only ULS Entry is via configuration variable State 4 needs to be split into two states in order to indicates that data frames cannot be send until associated Bob Beach - Symbol Technologies

Response -2 Define State 4: ULS, not associated. Allowed frames are: All Class 1 frames except a-2-iii (authentication) All Class 2 frames State 5: ULS associated All frames allowed in state 4 All frames in Class 3 Entry to state 4 is via configuration variable Bob Beach - Symbol Technologies

Response -3 Movement from 4 to 5 is Successful Association Movement from 5 to 4 is Disassociation Notification Bob Beach - Symbol Technologies

Proposed Motion That the Tgi editor prepare text and diagrams that reflect these changes into the working document. Bob Beach - Symbol Technologies

Replay Protection Comments: 990, 582, 321, 991 Replay protection using WEP2 (990) Replay protection for BC/MC traffic (582, 321, 991) Bob Beach - Symbol Technologies

Response Comments are rejected BC/MC replay protection not possible in the current Tgi model Bob Beach - Symbol Technologies

Authentication in IBSS Comments: 1006, 1517, 1269,1260,1157, 1517,1551, 1552, 1661, 1662, 1666, 1669, 1688, 1691 Various Problems with proposed mode when using IBSS Essentially not covered Text is very infrastructure oriented Bob Beach - Symbol Technologies

Response Contained in separate presentation Bob Beach - Symbol Technologies

Kerberos applicability Comments (1311-1318, 743, 1319) Question whether Kerberos should be mandatory (1311-1318, 743) Question applicability of Kerberos for SOHO (1319, 1550, 1665, 1687) Bob Beach - Symbol Technologies

Response Contained in separate presentation Bob Beach - Symbol Technologies

AS/AP Trust Issues Comments: 1549, 1664, 1686 Questions concerning whether trust between AS and AP is secure? Bob Beach - Symbol Technologies

Response Comments are rejected. The Tgi security model assumes that the Authentication server is the most trusted entity in the system. All stations, including Access Points, must authenticate with it. It is not a matter of the AP trusting the AS but rather the AP being authenticated by the AS Bob Beach - Symbol Technologies

Legacy Compatibility Comments: 1553, 1598, 1670, 1692 Concern about legacy system compatibility with ESN. Specifically, that legacy systems cannot just associate and operate with ESN Bob Beach - Symbol Technologies

Response –1 The comments are rejected Compatibility with legacy systems has been maintained as much as possible. No existing packet formats have been altered and additions have been made in an accepted manner. No new packet types have been defined. Bob Beach - Symbol Technologies

Response -2 Legacy stations can scan and probe ESN capable access points. Whether they may associate with such an AP is a site configuration issue. An AP may be configured to support both legacy and ESN stations. An ESN Station can associate with a Legacy AP. Such legacy APs can be easily determined by examining their beacons for the ESN bit. Whether the Station selects to do so is a user decision. Bob Beach - Symbol Technologies

What is ESN compliance? Comments: 1258, 1607 Can one implement some elements of ESN or is it an all or nothing choice? Define required elements of Kerberos Bob Beach - Symbol Technologies

Response Contained in separate presentation Bob Beach - Symbol Technologies

Security Impact on QoS Comment: 316 Concerned about QoS jitter introduced by authentication delay on roam Bob Beach - Symbol Technologies

Response The comment is accepted. The committee has spent considerable effort to minimize the impact of authentication on QoS devices. The Kerberos authentication sequence on a roam requires fewer packets (3) than does shared key authentication (4). Furthermore the AP may need not communicate with any other entity if suitably configured. Bob Beach - Symbol Technologies

Mixed Encrypted/NonEncrypted Streams Comment: 705 Is it possible for a STA to send both encrypted and nonencrypted streams concurrently? Bob Beach - Symbol Technologies

Response The comment is rejected. Mixed encrypted/nonencrypted data streams are not allowed since there is no way to authenticate identity of sender Bob Beach - Symbol Technologies

Disassociation Timeouts Comment: 336 How long should AP wait for authentication sequence to complete/fail before it disassociates STA? Bob Beach - Symbol Technologies

Response The comment is accepted. When the Tgi MIB is defined, a variable will be added that defines this timeout value Bob Beach - Symbol Technologies

Deauthentication Frame Usage Comments: 601, 602 5.4.3.2 indicates Deauthentication frames should never be sent with ULA 11.3.2 and 11.3.4 says the AP should send them when in ULA Bob Beach - Symbol Technologies

Response - 1 The comment is accepted Purpose of text in section 11.3 is to define how a station that was previously MAC authenticated transitions to an ULS authentication. The model is that the AP sends an deauthentication frame to terminate the MAC authentication and then accept the ULS association. Bob Beach - Symbol Technologies

Response -2 This approach is reasonable and so the text associated with the state diagram in section 5 will be changed to permit the use of deauthentication frames in states 4 and 5. Bob Beach - Symbol Technologies

Deauthentication Frame Usage Comment: 1598 Question if lack of deauthentication frames at MAC eliminates DOS attacks Bob Beach - Symbol Technologies

Response The comment is rejected DOS attacks may be made at the upper layer. MAC Deauthentication frames are now permitted in an ESN Bob Beach - Symbol Technologies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.