doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 1 An Example Protocol for FastAKM Date: Authors: NameCompanyAddressPhone Hiroki NAKANOTrans New Technology, Inc. Sumitomo-Seimei Kyoto Bldg. 8F, 62 Tukiboko-cho Shimogyo-ku, Kyoto JAPAN l.com Hitoshi MORIOKAROOT Inc.#33 Ito Bldg Tenjin, Chuo-ku, Fukuoka JAPAN hq.com Hiroshi MANOROOT Inc.8F TOC2 Bldg Nishi- Gotanda, Shinagawa-ku, Tokyo JAPAN hq.com

doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 2 Abstract FastAKM framework reduces time to set up association between AP and non-AP STA. This results in reduction of blackout time on handover and enables us to use VoIP in “mobile” environment. We show its technical possibility in this presentation by introducing a trial of example implementation of FastAKM, which establishes an association between AP and non-AP STA by single round-trip exchange of management frames.

doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 3 Requirements Employ just ONE round-trip exchange of frames –STA to AP, then AP to STA Do all things to start user’s data exchange –Association –Authentication –Key Exchange No direct contract between AP and non-AP STA –‘Authentication Server’ mediates between AP and non-AP STA –For separation of service providers and AP infrastructure Possibly compatible with existing framework –Old STAs can be still operated together.

doc.: IEEE /0059r3 Submission An Example Procedure by January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 4 STA AP RADIUS Server Beacon Probe Request Probe Response Association Request Association Accept EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/TLS-Start RADIUS-Access-Request/Identity RADIUS-Access-Challenge/TLS-Start EAP-Response/TLS-client Hello EAP-Success RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/ Server Certificate EAP-Key EAP-Request/Pass Through EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/Encryption Type EAP-Request/Pass Through EAP-Response RADIUS-Access-Request RADIUS-Access-Accept Open System Authentication

doc.: IEEE /0059r3 Submission Complaint about the Procedure… January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 5 STA AP RADIUS Server Beacon Probe Request Probe Response Open System Authentication Association Request Association Accept EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/TLS-Start RADIUS-Access-Request/Identity RADIUS-Access-Challenge/TLS-Start EAP-Response/TLS-client Hello EAP-Success RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/ Server Certificate EAP-Key EAP-Request/Pass Through EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/Encryption Type EAP-Request/Pass Through EAP-Response RADIUS-Access-Request RADIUS-Access-Accept Probe process is optional Any other framework than EAPOL?? Open System auth. is meaningless

doc.: IEEE /0059r3 Submission Solution? We investigated and tried implementing two ideas below. –Trial 1: Omit Pre-RSNA Auth. Process –Trial 2: Piggyback Auth. Info. onto Association Request/Response January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 6

doc.: IEEE /0059r3 Submission Trial 1: Omit Pre-RSNA Auth. Process We use “Open System” authentication on Pre-RSNA framework at anytime. –Anyone using Shared Key auth? “Open System auth. is a null auth. algorithm. Any STA requesting Open System auth. may be authenticated” Quoted from section Nevertheless, it takes ONE round-trip time to do that! Standard should be changed to allow to run Association process without Open System authentication process. –Any problem occurs? January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 7

doc.: IEEE /0059r3 Submission Reason of existence of Open System auth. “NOTE 3—IEEE Open System authentication provides no security, but is included to maintain backward compatibility with the IEEE state machine (see 11.3).” Quoted from section b) January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 8

doc.: IEEE /0059r3 Submission Figure 11-6 January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 9

doc.: IEEE /0059r3 Submission Modified Figure? January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 10 Successful Association with FastAKM

doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 11 Trial 2: Piggyback Auth. Info. onto Association Request/Response Can “Mutual Authentication” be done by just A round- trip of Association Request/Response? –“Single Round-trip Authentication” is a common problem. STA AP Authentication Server Beacon (Probe Request) (Probe Response) Authentication (Open System) Access Request Access Response Association Request Association Response (Accept)

doc.: IEEE /0059r3 Submission Supposed Service Model Authentication Server (Service Provider) Non-AP STA (Customer) AP (Infrastructure) January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 12 Contract to provide wireless access via AP infrastructure. Share information to identify each other properly, e.g. username, password, digital certificate, etc. Contract to provide wireless access via AP infrastructure. Share information to identify each other properly, e.g. username, password, digital certificate, etc. Real wireless communication channel Provide wireless access in request of Service Provider Real wireless communication channel Provide wireless access in request of Service Provider Contract to provide wireless access to users specified by Authentication Server (i.e. Service Provider) Set up secure communication channel to exchange information about users Contract to provide wireless access to users specified by Authentication Server (i.e. Service Provider) Set up secure communication channel to exchange information about users No Contract

doc.: IEEE /0059r3 Submission Technical Prerequisite January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 13 Access Point (AP) Authentication Server (AS) Station (non-AP STA) Information shared - to identify each other and - to exchange data securely - Secure communication pipe - Information shared to identify each other Wireless communication

doc.: IEEE /0059r3 Submission Association and Authentication Procedure STA  AP (piggyback on Association Request) –Auth. Server Selector = name of Auth. Server –User Information pack passed through AP toward Auth. Server User Identifier and a kind of digital signature Session key encrypted by secret shared with Auth. Server Countermeasure against replay attack AP  AS –User Information pack AP  AS –Plain (decrypted) session key STA  AP (piggyback on Association Response) –Proof of AP having legitimate session key –Group key January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 14

doc.: IEEE /0059r3 Submission Frame Exchange for Authentication January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 15 Access Point (AP) Authentication Server (AS) Station (non-AP STA) User Information pack - User Identifier - a kind of digital signature - Session key encrypted by secret shared with Auth. Server - Countermeasure against replay attack Auth. Server Selector Plain (decrypted) session key - Proof of AP having legitimate session key - Group key 1 3 2

doc.: IEEE /0059r3 Submission An Example Implemetation OS: NetBSD (i386) Upper MAC Layer: NetBSD’s net80211 WLAN Chipset: Atheros Communications AR5212 Add about 200 lines in C. January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 16

doc.: IEEE /0059r3 Submission Difference from Additional state transition to skip Open System Auth. –Figure 11-6—Relationship between state variables and services Two additional elements to Table 7-26 Element IDs –Authentication Server Selector (240 temporally) –User Information Pack (241 temporally) RSN with key obtained by new FastAKM framework – RSN information element (for beacon and probe resp.) –Both Group and Pairwise Cipher Suites are set to CCMP. –AKM Suite is set to the brand-new one! Define new AKM Suite (00-d is used temporally.) Assign officially on Table 7-34 AKM suite selectors in future… January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 17

doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 18 Conclusion Not-so-many changes enables FastAKM framework. We need more technical discussion –to build and verify authentication method –about any effect of changing standard –to write down detailed specification

doc.: IEEE /0059r3 Submission Straw Poll “Does WNG think that we need tutorial session exploring the need for support for mobile communication ?” Yes: 18 No: 1 Don’t Care: 7 January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 19