Doc.: IEEE 802.11-08/0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0465r0 Submission March 2011 Mark RISON, CSRSlide 1 A-MPDUs with U-APSD Authors:
Advertisements

Doc.: IEEE /2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.
Doc.: IEEE /0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE n A-MPDU Denial of Service.
Doc.: IEEE /0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of n A-MPDU DoS Issues – Progress and Status Authors:
Doc.: IEEE /1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE /0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems.
Doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE /0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE /0026r0 Submission Dec Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.
Doc.: IEEE /301R0 Submission May 2002 Terry Cole, AMDSlide 1 A More Efficient Protection Mechanism Terry Cole AMD Fellow +1.
Doc.: IEEE /2294r1 Submission August 2007 Alex Ashley, NDS LtdSlide 1 Topics for VTS PAR(s) Date: Authors:
IEEE DRAFT RECOMMENDED PRACTICE Clause 14: Collaborative Coexistence Mechanism – IEEE and Steve Shellhammer (Symbol Technologies)
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.:IEEE /0859r0 July 2012 Simone Merlin, Qualcomm Inc Short Block Ack Date: Authors:
Submission doc.: IEEE 11-14/0802r0 Consideration on UL MU transmission Date: Slide 1Jinyoung Chun et. al, LG Electronics July 2014 Authors:
1 November, 2002 doc:.: /480r0 Daniel V. Bailey, Ari Singer, NTRU 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Doc.: IEEE /0578r0 Submission 2008 May Jarkko Kneckt, NokiaSlide 1 Forwarding in mesh containing MPs in power save Date: Authors:
Doc.: IEEE /0640r0 Submission Jun Li, Thomson Inc..Slide 1 Requirements and Implementations for Intra-flow/Intra-AC DiffServ Date:
Doc.: IEEE /0666r0 Submission May 2008 Chan et al. (Cisco Systems) Slide 1 Update on 11n Greenfield Transmissions Causing False DFS Detects and.
Doc.: IEEE /0798r1 Submission July 2008 L. Chu Etc.Slide 1 HT Features in Mesh Network Date: Authors:
Doc.: IEEE / 0052r0 Submission January 2011 Slide 1 Max Nss for SU BF Date: Authors: Sameer Vermani, Qualcomm.
Submission doc.: IEEE 11-12/771r0 July 2012 Jarkko Kneckt, NokiaSlide 1 FILS STA Support for QoS, HT and VHT? Date: Authors:
Doc.: IEEE /0129r2 Submission July 2012 Mika Kasslin, NokiaSlide 1 How to accommodate different CE-CM interaction approaches in IEEE ?
Doc.:IEEE /0037r0 Submission Jan. 17, 2011 Yong Liu, MarvellSlide 1 BW Indication in Non-HT Frames Date: Authors:
Doc.: IEEE /1244r1 Submission Nov.2010 Sun Bo, ZTE CorpSlide 1 Authors: Transmission Mechanism in MU-MIMO Date:
Slide 1 doc.: IEEE /1092r0 Submission Simone Merlin, Qualcomm Incorporated September 2010 Slide 1 ACK Protocol and Backoff Procedure for MU-MIMO.
Doc.: IEEE /0096r0 Submission January 2008 Slide 1 CID#103- MLME Interface for Passing Timestamps Date: Authors:
Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Submission doc.: IEEE 11-10/0745r2 May 2010 Matthew Fischer, BroadcomSlide 1 MFQ MMPDU MAC Sequence Numbering Date: Authors:
Doc.: IEEE /1434r0 Submission November 2013 Slide 1 CID 1376: NDP BlockAck Bitmap Protection Date: Authors: Alfred Asterjadhi, et.
Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Doc.: IEEE /0848-r2 Submission July 2006 K.HayesSlide 1 RSC Pools for Mgmt Frames Notice: This document has been prepared to assist IEEE
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
Doc.:IEEE /0313r1 Submission Robert Stacey (Intel) March 12, 2010 Slide 1 Rekeying Protocol Fix Authors: Date:
Doc.: IEEE /0150r11 Submission July 2015 Ganesh Venkatesan (Intel Corporation)Slide 1 GCR using SYNRA for GLK Date: Authors:
Doc.: IEEE /0615r0 Submission May 2008 Naveen K. Kakani, Nokia IncSlide 1 Multicast Transmission in WLAN Date: Authors:
Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
Submission doc.: IEEE /0961r0 July 2016 Hanseul Hong, Yonsei UniversitySlide 1 Consideration on Multi-STA BlockAck Optimization Date:
Undetected Duplicate Frame Reception
EDMG BlockAck Retransmission
Groupcast discussion Date: Authors: Mar 2009 Month Year
Link Metric for High Throughput Mesh
GAPA - Efficient, More Reliable Multicast
Block Ack Security Authors: May 2008 Date: May 2008
Link Metric for High Throughput Mesh
Multicast/Broadcast Communication With Acknowledge
Regarding UL MU protection
Beacon Protection Date: Authors: July 2018 July 2018
GAPA - Efficient, More Reliable Multicast
Regarding HE fragmentation
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
A Simplified Solution For Critical A-MPDU DoS Issues
CCMP Nonce Construction
Block Ack Security Date: Authors: May 2008 May 2008
Rekeying Protocol Fix Date: Authors: Month Year
Explicit Block Ack Request in DL MU PPDU
A Simplified Solution For Critical A-MPDU DoS Issues
Beacon Protection Date: Authors: July 2018 July 2018
EHT Multi-link Operation
GCR using SYNRA for GLK Date: Authors: July 2015 Month Year
OBSS_PD simplification
Review of n A-MPDU DoS Issues – Progress and Status
Multi-Link Operation: Design Discussion
Multi-link transmission
Discussion on Multi-band operation
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
Multi-Link Architecture and Requirement Discussion
Multi-Link Architecture and Requirement Discussion
Discussion on Multi-link Acknowledgement
Discussion on Multi-band operation
Presentation transcript:

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129 Date: Authors:

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 2 Overview A number of new types of Deny of Service (DoS) associated with the n A-MPDU BA operations have been identified, commented and acknowledged since LB 115 for n. Resolutions for the relating comments in the recent LB 124 called for solutions less complicated and lower implementation cost than those in /0665r0, the jointly developed solutions. Following the thinking outlined in /0755r1, we present here a scaled-down version of 08/0665r0 which focuses on the DoS types with the most significant damages. Also see LB129 CID 8075, 8076.

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 3 Block Ack Security problems The following security problems exist: ( /0665r0) –The SN values of data packets are not protected – yet, SN values of data packets can be used to adjust the RX Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient. –A single forged SN value in a data packet can also cause the recipient to place the received frames in an incorrect order, which can cause problems both when the security layer examines the sequence of PN values in the MAC SN-ordered frames and when the frames are passed to the next layer for processing. –A single forged SN value in a data packet can cause RX scorecard information to be updated, and a subsequent transmission of a BA frame in response to a legitimate AMPDU can include this bogus scorecard information. –A captured and replayed packet cannot be detected except by replay detection in the security layer. If the RX buffer reordering is performed before this check, then the SN in that replayed packet can cause incorrect RX Buffer LE movement. –The BAR frame is not protected – yet the BAR frame SSN value is used to adjust the RX Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient. –The BA frame is not protected – yet the BA frame SSN value is used to adjust the originators TX scorecard LE value. Forged BA frames can cause false adjustments to the LE value that result in some data packets not being transmitted to the recipient, since they now have SN values below the new LE value. Data is lost. –Forged BA frames can suppress retransmission of frames that were not successfully received (even without moving LE at TX)

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 4 Prioritizing the A-MPDU DoS Attacks Sort the A-MPDU DoS Types on their ease of launching: (see /0755r1) 1) Forged packets with advanced Sequence Numbers (SN) easy to launch, can be addressed, e.g., by reversing the order of BA reordering and decryption. 4) False Block ACK Request (BAR) with advanced SN. easy to launch, can be addressed, e.g., by protecting the BAR by wrapping it in an encrypted management frame, an 11w mechanism. 2) Captured and Replayed packets with modified SN. more difficult, can be addressed by encrypting the SN, ( drop this one ?) 3) Captured and Replayed packets with advanced SN without modification. more difficult, less likely to be successful, can be addressed by, e.g., a replay check before BA reordering, ( drop this one?) 5) False BA to prevent retransmission. less likely be successful, not unique since regular ACK can cause similar DoS., (drop this one?) The following proposed solution will focus on the most significant and easy-to-launch ones: 1), and 4).

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 5 A Scaled-down Solution A scaled-down solution addressing the most significant few of the problems is: –Use a new protected form of the BAR frame to convey BAR information, and allow this protected BAR frame to cause RX Buffer LE movement while forbidding unprotected BAR frames from making RX Buffer LE changes –Allow alternative architectural ordering of Block Ack Reordering AFTER MPDU decryption, just before the Block Ack Reordering but preserve existing ordering option as well for legacy implementation

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 6 New Rules for the Solution Unencrypted BAR is not used to shift recipient RX BUFFER LE –Encrypted BAR can shift recipient RX BUFFER LE STA with hybrid support for secure PN but no support for encrypted BAR can still use unencrypted BAR to shift recipient LE Only the new protected MGMT frame can be used to perform BAR-style RX BUFFER pointer moves

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 7 Encrypted BAR frame New Action frame –Category = Block Ack –Action = BAR –Body = BAR Control, BAR Information (see TGn draft) Multi-TID version allowed Uncompressed? Encrypted according to TGw

doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 8 Specification change for order of operations Allow alternative ordering of Block Ack Reordering AFTER A-MPDU decryption step, but preserve existing ordering option as well for legacy implementations.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.