doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation makes the case for formation of a Study Group on Enhanced Security for

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide Security is Not Complete Enterprise security is there but we have failed to provide technology to secure other use cases. –Attacks against known flaws generate bad press for Its either simple to deploy or secure, but not both. Updates to security are needed –Faster and more efficient algorithms –Enhancements to prevent known and published attacks– allow for passwords to be used securely. –Improvements to support more usable, robust and secure networks. There is a market for deployments that are problematic today –No 802.1x, no centralized AAA server –Easy to configure, easy to deploy, robust but is still secure –Secure password-based authentication

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 4 What is the Problem? New ciphers have been designed that are better than CCM, the one used in today. –GCM: provides higher throughput and less power consumption than CCM –SIV: provides misuse-resistance and is more generally useful than CCM. Strong security is only possible when using 802.1x but that is not appropriate for all use cases and is complex to deploy. –Passwords are easy to use but does not define how to use them securely. –There is a market for peer-to-peer applications but 802.1x is a pure client/server protocol. –Other organizations want to address these shortcomings but their attempts are complicated, insecure, or both. There is at least one feature in that needs security but no existing Task Group has the scope to take on that work. IEEE does not have a way to add small featurettes such as these to the standard.

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 5 Whats the Solution? A Study Group to define a PAR and 5C for a new Task Group that will address these issues. –Define how GCM and SIV are used to protect an frame. –Define how to use a secure password-authenticated key exchange from TGs more generally in , for ESS, IBSS, mesh, and any other peer-to-peer application. –Develop a peer-to-peer variant of an existing certificate-based key exchange (e.g. DHKE-1) that is appropriate for ESS, IBSS, mesh, and any other peer-to-peer application. –Address the security of TGvs location service. Most of this has already been developed, it just needs to be defined for –A constrained scope would ensure timely results.

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 6 Whats the Benefit and Why Should I Care? Network deployment can be simple yet secure if: –Passwords are used with a protocol implementing a zero-knowledge proof. This would be resistant to attack where RSN PSK is not. –Authentication is done using authentication frames! –Protocols are specified in a peer-to-peer fashion. –STAs can authenticate each other directly, no AAA needed! Less power consumption means longer battery life, and its green will be applicable for more use cases while still providing strong security. This improves the end-user experience and customer experience with gear which can result in better and wider deployments of which benefits us all!

doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 7 References NIST SP800-38D P. Rogaway and T. Shrimpton, Deterministic Authenticated Encryption, A Provable Security Treatment of the Key-Wrap Problem, Advances in Cryptology– EUROCRYPT 06, St. Petersburg, Russia, RFC 5297 D. Harkins, Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks, Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, Cap Esterel, France, V. Shoup, On Formal Models for Secure Key Exchange. ACM Computer and Communications Security Conference, 1999.