Doc.: IEEE 802.11-10/0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date: 2010-01-07.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Advertisements

Doc.: IEEE /2441r2 Submission SA Teardown Protection for w Date:
Doc.: IEEE /0881r0 Submission July 2012 Anna Pantelidou, Renesas Mobile CorporationSlide 1 PS Mode Enhancements with Timing Indication Date:
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Doc.: IEEE /0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: Authors:
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Doc.: IEEE /2913r0 Submission November 2007 Kapil Sood, Intel CorporationSlide 1 Protecting Associations Attacks – Some Considerations Date:
Doc.: IEEE tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P Working Group for.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
Doc.: IEEE /0034r0 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Wireless and Security CSCI 5857: Encoding and Encryption.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IEEE :
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Doc.: IEEE /1093r0 Submission November 2005 Hitoshi MORIOKA, ROOT Inc.Slide 1 MISP based Authentication Framework Notice: This document has been.
Doc.: IEEE /1109r0 Submission Month Year Tom Siep, CSRSlide 1 Amendment Creation Process Date: YYYY-MM-DD Authors:
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Doc: IEEE Submission July 2015 Hernandez,Li,Dotlić,Miura (NICT)Slide 1 Project: IEEE P Working Group for Wireless Personal.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
802.11: Introduction Reference: “IEEE : moving closer to practical wireless LANs”; Stallings, W.; IT Professional, Volume: 3 Issue: 3, May- June.
Data Link Layer Flow and Error Control. Flow Control Flow Control Flow Control Specifies the amount of data can be transmitted by sender before receiving.
Doc.: IEEE /0010r1 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0072r0 Submission January 2009 Slide 1 Proxy ARP Issue for Direct Link Setup Notice: This document has been prepared to assist IEEE.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
May 2011doc.: IEEE 15-XX-XXXX-XX-Xpsc SubmissionSamsung Electronics, ETRI Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Doc.:IEEE /0313r1 Submission Robert Stacey (Intel) March 12, 2010 Slide 1 Rekeying Protocol Fix Authors: Date:
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
November 2011 Jin-Meng Ho and David Davenport. doc.: IEEE Slide 1Submission Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE b Submission Aug H. Shao, H. Dai, J. Zhang, Mitsubishi ElectricSlide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Submission doc.: IEEE /1204r2November 2004 Emily Qi, Intel CorporationSlide 1 QoS Metrics for Traffic Category/Stream Emily H. Qi Intel Corporation.
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Month Year doc.: IEEE yy/xxxxr0 July 2013
Some LB 62 Motions January 13, 2003 January 2004
802.1X and key interactions Tim Moore November 2001
– Chapter 5 (B) – Using IEEE 802.1x
TDLS TPK Handshake Date: Authors: May 2010 May 2010
IGTK Switch Announcement
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Partial Proposal to TGw - AMID
Traffic Class Control in MBSS
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Improved Delayed ACK response Frame for.
Traffic Class Control in MBSS
CID#102 - Channel Allocation
Nov 2013 Robert Moskowitz, Verizon
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
A Simplified Solution For Critical A-MPDU DoS Issues
Rekeying Protocol Fix Date: Authors: Month Year
(60GHz New Technique Proposal)
A Simplified Solution For Critical A-MPDU DoS Issues
Possible Enhancement for Broadcast Services over WLAN
Traffic Class Control in MBSS
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Overview of Improvements to Key Holder Protocols
Cooperative AP Discovery
Revisiting Path Switch
Extended Usage of STKSA
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
Presentation transcript:

doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date: Author:

doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 2 Abstract This presentation describes An issue with the 4 –Way Handshake in the current (i.e. Draft P802.11REVmb_D2.0) spec and the consequent failures that are observed in the field A proposed resolution

doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 3 The completion of 4-way Handshake between STA_I (Authenticator) and STA_P (Supplicant) is not properly synchronized in P802.11REVmb_D2.0. Quotes from D2.0: –The Supplicant uses the MLME-SETKEYS.request primitive to configure the temporal key from (Key hierarchy) into its STA after sending Message 4 to the Authenticator. –The Supplicant sends an EAPOL-Key frame to confirm that the temporal keys are installed. The timing of the MLME-SETKEYS.request from the supplicant is critical and subject to a race condition with data encrypted using new and old keys STA_I may start the transmission of encrypted frames before STA_P completes updating its keys. –At a result the encrypted traffic will be acknowledged but then dropped and not delivered to upper layers by STA_P When a 4-way handshake (for re-keying) takes place concurrently with heavy traffic STA_P may send data that are encrypted with the old keys after STA_I has received the 4 th EAPOL Key message as confirmation, but before STA_P has actually completed the update of its keys. –At a result the encrypted traffic will be also acknowledge but then dropped and not delivered to upper layers by STA_I There are several possible outcomes: –If a group key message is lost, STA I cannot receive protected broadcast messages, which may result in further loss of communication and deauthentication –Enough data may be lost to disrupt network or application-layer connections –Even if connections are not lost permanently, a user-peceived “glitch” may occur in QoS-sensitive applications Problem Statement

doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 4 Actual Field Experience A widely used OS & Supplicant STA stack sends the Key update message to the driver a few (3-6) ms after sending the 4 th EAPOL KEY message. Some APs send encrypted traffic 1.5 ms after receiving the 4 th EAPOL KEY packet at the AP. A STA does not manage to complete key installation so it acknowledges directed encrypted data packets but drops them thereafter. The communication is broken and causes of deauthentication after some timeout. When a 4-way handshake takes place concurrently with with a high rate file copy in 11n, the STA sends tens or hundreds of data frames to AP after sending the 4 th EAPOL Key and the AP acknowledges but drops these packets, causing a critical application failure. User experiences and complaints are as follows –STA cannot connect to AP –Communication is broken when 4-way handshake takes place during high rate data traffic in 11n

doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 5 Recommendation There are three possible approaches to resolving this issue. 1.Delay sending encrypted data until both sides have had a reasonable opportunity to update their keys. 2.Attempt to coordinate the MLME-SETKEYS.requests from supplicant and authenticator based on an event they can both observe 3.Modify the protocol to allow two keys to be active during a key handover period. We propose solution 1, being the simplest one. The following change is proposed in resolution of a comment submitted to LB160 –Insert the following new para at : –The Authenticator/Supplicant should postpone the sending of encrypted data after receiving/sending Message 4 for a period of 20 ms. –NOTE--This gives the implementation time to install the new temporal key and avoid transmission of data using a key that has not yet been installed by the peer.

doc.: IEEE /0018r0 Submission OS/Supplicant NIC AP Driver Assoc Completion 1 st EAPOL Key ACK 1 st EAPOL Key 4 pair-wise key exchange – failure sequence 1 st EAPOL Key EAP Auth ACK 3 rd EAPOL Key 2nd EAPOL Key ACK 2 nd EAPOL Key 4 th EAPOL Key ACK 4 th EAPOL Key Set of KeysInstall Key Request Install Key Complete ACK Encrypted GRP Key Encrypted GRP Key DROPPED Short Delay Long Delay between 4 th EAPOL Key and Key’s Update

doc.: IEEE /0018r0 Submission OS/Supplicant uCode AP Driver Data Transfer and key update– failure sequence ACK 3 rd EAPOL Key 4 th EAPOL Key ACK 4 th EAPOL Key Key install OID Long Delay between 4th EAPOL Key and Key’s Update Data (Old Key) Dropped due to decryption failure Data (New Key) Data Data (Old Key) Data Update Key Request Update Key Complete

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.