Doc.: IEEE 802.11-11/0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: 2011-07-17 Authors: NameAffiliationsAddressPhoneemail.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Advertisements

Doc.: IEEE /0119r00 Submission January 2011 Marc Emmelmann, Fraunhofer FokusSlide 1 Requirements for FILS Submissions coming from PAR & 5C Date:
Doc.: IEEE /0032r0 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE / ai Submission NameAffiliationsAddressPhone Phillip BarberHuawei Technologies Co., Ltd Alma Rd, Ste 500 Plano,
Doc.: IEEE /0976r3 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0976r0 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1169r1 Submission January 2012 Jihyun Lee, LG ElectronicsSlide 1 FILS Association Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0550 Submission NameAffiliationsAddressPhone Kiseon RyuLG Electronics10225 Willow Creek Rd, San Diego, CA, 92131, USA +1
Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1042r3 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE /1054r0 Submission Sep Santosh Pandey (Cisco)Slide 1 FILS Reduced Neighbor Report Date: Authors:
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Submission doc.: IEEE 11-11/1414r2 November 2011 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Probe Request and Response in TGai Date: Authors:
Doc.: IEEE /0067r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Active Scanning Time Notification Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0977r2 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN
Submission doc.: IEEE ai March 2012 InterDigital, KDDI, Nokia, Huawei, IntelSlide 1 Proposed SFD Text for ai Passive Scanning Improvement.
Doc.:IEEE /0259r4 Submission March 2012 Reducing Probe Responses for faster AP discovery Slide 1 Authors: March 2012 NameAffiliationsAddressPhone .
Doc.: IEEE /0897r0 SubmissionJae Seung Lee, ETRISlide 1 Active Scanning considering Operating Status of APs Date: July 2012.
Doc.: IEEE / ai Submission Nov 2011 Huawei Technologies Co. LtdSlide 1 Broadcast Probe Response in TGai Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0061r1 SubmissionJae Seung Lee, ETRISlide 1 Probe Response frame transmission interval Date:
Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Doc.: IEEE /0158r2 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE / ai Submission NameAffiliationsAddressPhone Phillip BarberHuawei Technologies Co., Ltd Alma Rd, Ste 500 Plano,
Submission doc.: IEEE /1034r4 September 2012 Jeongki Kim, LG ElectronicsSlide 1 Enhanced scanning procedure for FILS Date: Authors:
Doc.:IEEE /0258r7 Submission May 2012 Reducing Probe Responses for faster AP discovery Slide 1 Authors: May 2012 NameAffiliationsAddressPhone .
Doc.: IEEE /1093r0 Submission November 2005 Hitoshi MORIOKA, ROOT Inc.Slide 1 MISP based Authentication Framework Notice: This document has been.
Doc.: IEEE /1233r3 Submission Sep 2011 Slide 1 Passive Scanning Improvement Date: Authors:
Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc.: IEEE /1042r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /0275r3 Submission March 2012 Hitoshi Morioka, Allied Telesis R&D CenterSlide 1 Higher Layer Configuration Function for TGai SFD Date:
Doc.: IEEE /0977r1 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN
Doc.: IEEE /278r0 Submission NameAffiliationsAddressPhone Ping Fang Huawei Technologies Co., Ltd. Bldg 7, Vision Software Park, Road Gaoxin.
Submission doc.: IEEE 11-11/0761r0 July 2012 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Operating Channels Information Date: Authors:
Doc.: IEEE /0080r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 AP Admission Control in TGai Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0873r0 Submission July 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Effectiveness of Reduction of Message Exchanges Date:
Doc.: IEEE /1000r1 Submission July 2011 Jihyun Lee, LG ElectronicsSlide 1 TGai FILS Proposal Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: Slide 1 March 2012.
Submission doc.: IEEE ai May 2012 InterDigital Slide 1 Passive Scanning Improvement Ad Hoc Report Date: Authors:
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE /0042r1 Submission January 2013 Yongho Seok, LG ElectronicsSlide 1 Fast Moving Scan Channel Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0977r6 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA Allied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.:IEEE /1523r1 Submission November 2011 Access Delay Reduction for FILS: Network Discovery & Access congestion Improvements Slide 1 Authors:
Doc.: IEEE /0977r4 Submission NameAffiliationsAddressPhone Hitoshi MORIOKA Allied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /0158r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /1244r0 Submission Sep 2011 Hiroshi Mano, Root, Inc.Slide 1 11ai overview (PAR, Scope and current status) Date: Authors:
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 1 Toward Mobile IEEE (a.k.a. IEEE for High Speed.
Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Doc.: IEEE /0294r2 Submission March 2012 Jonathan Segev (Intel)Slide 1 Active Scanning Reply Window Date: Authors:
Higher Layer Packet Container Proposal Presentation
Access Control Mechanism for FILS
Discussions on FILS Authentication
TGai Guideline for Submissions to TGai Template Slides
Fast Authentication in TGai
An Example Protocol for FastAKM
Scanning from Specific Channel
Probe Request and Response in TGai
Access Control Mechanism for FILS
Access Control Mechanism for FILS
Fast Authentication in TGai
Access Control Mechanism for FILS
An Example Protocol for FastAKM
Scanning from Specific Channel
GAS procedure in TGai Date: Authors: May 2012 Month Year
Presentation transcript:

doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone Hitoshi MORIOKA ROOT INC Tenjin, Chuo-ku, Fukuoka JAPAN Hiroshi ManoROOT INC Nishi- Gotanda, Shinagawa- ku, Tokyo JAPAN Mark RISONCSRCambridge Business Park, Cowley Road, Cambridge CB4 0WZ UK Marc EmmelmannFraunhofer FOKUS Kaiserin-Augusta- Alle Berlin Germany

doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 2 Abstract This document describes a technical proposal for TGai which addresses the following phase. Authentication and Association

doc.: IEEE /0976r1 Submission Conformance w/ Tgai PAR & 5C July 2011 Hitoshi Morioka, ROOT INC.Slide 3 Conformance QuestionResponse Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in ? No Does the proposal change the MAC SAP interface?No Does the proposal require or introduce a change to the architecture?No Does the proposal introduce a change in the channel access mechanism?No Does the proposal introduce a change in the PHY?No Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3

doc.: IEEE /0976r1 Submission Network Assumption July 2011 Hitoshi Morioka, ROOT INC.Slide 4 STA AP Network Standalone (Home/Small Office, No AS) STA AP Network Enterprise (ISP/Large Office, with AS) STA AP STA AP AS

doc.: IEEE /0976r1 Submission Key Sharing Standalone –A PMK is pre-shared between AP and an STA. –Each STA has a different PMK. Enterprise –A PMK is pre-shared between AS and an STA. –Each STA has a different PMK. –A shared secret (AP-key) is pre-shared between AS and AP. –Each AP has a different AP-key. July 2011 Hitoshi Morioka, ROOT INC.Slide 5 RADIUS

doc.: IEEE /0976r1 Submission Authentication Protocol Sequence(Standalone) July 2011 Hitoshi Morioka, ROOT INC.Slide 6 STA AP Beacon (TS, aiCAP) Probe Req. Probe Resp. (TS, aiCAP) Assoc. Req. (TS, Nonce, NAI, MIC) Beacon and Probe Resp. deliver the same information. To reduce occupied air-time, Probe should not be used. Beacon/Probe Resp. delivers Timestamp and ai capability indicator. This Timestamp must be unique. So it’s different from TSF. Any other unique number such as ANonce in EAP can be alternative. Assoc. Req. delivers TS: received timestamp Nonce: unique random number NAI: user ID (RFC2486) MIC: Apply hash function to a part of the frame. Then HMAC hash function with PMK to the previous result. (RFC2104) AP confirms the validity of each information. AP authenticates the STA by calculating and comparing MIC. PTK is calculated by applying HMAC to the Nonce with PMK. PTK is calculated by applying HMAC to the Nonce with PMK. PTK is calculated by applying HMAC to the Nonce with PMK. PTK is calculated by applying HMAC to the Nonce with PMK. PTK shared Assoc. Resp. (TS, PTKVT, GTK, MIC) Assoc. Resp. delivers TS: timestamp included in the Req. PTKVT: PTK validity time. GTK: GTK is encrypted with PTK. MIC: Apply HMAC hash function with PTK to a part of the frame. (HMAC: RFC2104) STA confirms the validity of each information. STA authenticates the AP by calculating and comparing MIC. Authentication, Key sharing, Association completed

doc.: IEEE /0976r1 Submission Current State Machine (IEEE ) July 2011 Hitoshi Morioka, ROOT INC.Slide 7 NOTE 3—IEEE Open System authentication provides no security, but is included to maintain backward compatibility with the IEEE state machine (see 11.3). ( b)) NOTE 3—IEEE Open System authentication provides no security, but is included to maintain backward compatibility with the IEEE state machine (see 11.3). ( b))

doc.: IEEE /0976r1 Submission TGai State Machine In real implementation –STA: Skip transmitting Auth Req. –AP: Process Open System authentication and association sequentially. –These modifications are small. –And can coexist with legacy system (state machine). –We tried to implement on NetBSD, Linux and Android. July 2011 Hitoshi Morioka, ROOT INC.Slide 8 State 1: Unauthenticated, Unassociated State 1: Unauthenticated, Unassociated State 3: Authenticated, Associated State 3: Authenticated, Associated Sucessful Association Disassociation Notification

doc.: IEEE /0976r1 Submission Protocol Features 1.5 round-trip frame exchange to complete authentication and PTK/GTK setup. Mutual Authentication between AP and STA –Both AP and STA check MIC in the Assoc frame. –MIC is calculated by using PMK. –So they can authenticate mutually. PTK never on-the-air –PTK is calculated by STA and AP separately. –So PTK is never on-the-air. Early PTK share –PTK can be shared after the AP received Assoc. Request. –So some information, GTK, upper layer information, can be encrypted even in the Assoc. Request. July 2011 Hitoshi Morioka, ROOT INC.Slide 9

doc.: IEEE /0976r1 Submission Security Consideration Major Attacks –Replay Attack By using timestamp, AP can eliminate replay attack. –Man-in-the-middle Attack Prevented by “mutual authentication” and “PTK never on-the-air” features. –Fake AP Prevented by “mutual authentication” feature. Security Strength –Security strength of this protocol depends on the strength of hash function. July 2011 Hitoshi Morioka, ROOT INC.Slide 10

doc.: IEEE /0976r1 Submission Authentication Protocol (Enterprise) July 2011 Hitoshi Morioka, ROOT INC.Slide 11 STA AP Beacon (aiCAP, TS) Probe Req. Probe Resp. (TS) Assoc. Req. (TS, Nonce, NAI, MIC 1 ) PTK shared Assoc. Resp. (TS, PTKVT, GTK, MIC 4 ) Authentication, Key sharing, Association completed AS Access Req. (Nonce, NAI, MIC 1, AD, MIC 2 ) Access Approval (PTKDD, MIC 3 )

doc.: IEEE /0976r1 Submission Out of Scope Issue Protocol between AP and AS is out of scope of IEEE So this should be discussed in IETF (AAA WG?). July 2011 Hitoshi Morioka, ROOT INC.Slide 12

doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 13 Authentication Process APASSTA Association Request Authentication Data MIC 1 hash HMAC-hash (PMK) Association Request Authentication Data Access Request MIC 1 Extract MIC 2 hash HMAC-hash (AP-key) Access Request MIC 2 Authentication Data MIC 1 MIC 2 MIC 1 Extract HMAC-hash (AP-key) HMAC-hash (PMK) Compare Timestamp Nonce NAI… Check Timestamp Check User, Domain Transmit Beacon Probe Resp. NAI Nonce

doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 14 Authentication Process (Cont.) APASSTA Association Response Authentication Data MIC 4 hash HMAC-hash MIC 3 Access Request Nonce PTK MIC 1 Extract HMAC-hash (PMK) Extract HMAC-hash (AP-key) Hashed MIC 1 PTKDD XOR Access Approval MIC 3 HMAC-hash (AP-key) Access Approval MIC 3 Compare Extract HMAC-hash (AP-key) MIC 1 Hashed MIC 1 HMAC-hash (AP-key) PTKDD PTK Extract XOR Association Response Authentication Data (16byte) MIC 4 hash HMAC-MD5 MIC 4 Nonce PTK HMAC-hash (PMK) Compare Extract ENC(GTK) PTK Transmit

doc.: IEEE /0976r1 Submission Questions & Comments July 2011 Hitoshi Morioka, ROOT INC.Slide 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.