doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 1 Alternative Lock-up Solution Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at. Date: Authors:

doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 2 Abstract A proposed solution is provided for the Lock-up problem that exists with protected Disassociation/ Deauthentication frames. No changes are required in the proposed 11w protocols.

doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 3 Lock-up Problem Consider the situation where the Disassociate & Deauthenticate frames are protected, and the STA losses key state, but the AP maintains key state. STA can not reestablish an association with the AP because the AP thinks that the STA (identified by the MAC address) currently has an association the AP. STA can not Dissociate or Deauthenticate because it does not have the keys to protect the frames. STA has to wait for the SA in the AP to timeout before it can associate with the AP.

doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 4 Solution #1 As soon as the PTK is established, the STA stores it in non-volatile storage STA can create a valid protected Deauth frame at any point in time. The security concern is that the PTK is placed in non- volatile storage

doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 5 Solution #2 As soon as the PTK is established, the STA creates the protected version of a Deauth frame and stores it in non-volatile storage The concern is that the Deauth frame could possibly be interpreted as a replay attempt

doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 6 Solution #3 As soon as the PTK is established, the STA creates the protected version of a Deauth frame using the largest possible sequence number (PN) and stores it in non- volatile storage. The stored Deauth frame can not be interpreted as a replay attempt The requires no enhancement to the proposed 11w protocols. One per recent AP may need to be stored.