Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

802.1H Kevin Nolish Michael Wright H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

4/1/98Common Generic RTP Payload Format 1 Common Generic RTP Payload Format Anders Klemets.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Cryptography and Network Security

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

IEEE Wireless LAN Standard

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:

March th IETF - Prague1 TRILL Working Group From draft 03 to draft 04 Dinesh Dutt, Cisco Silvano Gai, Nuova Radia Perlman, Sun.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

CSCE 715: Network Systems Security

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:

Real Time Protocol (RTP) 김 준

Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.

March 7, 2008Security Proposal 1 CCSDS Link Security Proposal Ed Greenberg Greg Kazz Howard Weiss March 7, 2008.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Lecture 24 Wireless Network Security

Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein.

Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:

1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.

Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 27 IPv6 Protocol.

Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Network Layer Security Network Systems Security Mort Anvari.

K. Salah1 Security Protocols in the Internet IPSec.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

Secure Frame Format Proposal SFF: PAR, Architecture, 5 Criteria, Some ideas and notes

IEEE Std Proposed Revision Purpose, Scope & 5 Criteria.

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

Updated SBSP draft-birrane-dtn-sbsp-01.txt Edward Birrane

IT443 – Network Security Administration Instructor: Bo Sheng

Considerations on WDS Addressing Tricci So 7 May 2004 Prepared by

CCSDS Link Security Proposal

May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:

MAC address assignment in IEEE through IEEE aq

May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:

IEEE Comments on aq PAR and 5C

Segregated Data Services in

Editors: Bala’zs Varga, Jouni Korhonen

Presentation transcript:

Overview of the SDE Protocol Presented by Ken Alonge Chair,

Primary Goals of Develop an interoperable security solution for all 802 MACs – Security solution based on threat analysis (Annex 2A) – Threat analysis determined security requirements Security protocol independent of crypto mechanism & key management Security services selectable (must have either confidentiality or integrity, can have both) Support bridged environments Enable coexistence of protected & non-protected frames

Placement of SDE in the 802 Stack LLC MAC SDE Security Applied Security Removed USER STACK 1 USER STACK N SYS MGT KEY MGT

Current SDE Header Format DASA CLEAR HEADER PROTECTED HEADER ICV INTEGRITY PROTECTED ENCRYPTED DATAPAD STA ID FLAGS FRAG ID SEC LABEL SDE Des SAID MDF

Clear Header Fields M = Mandatory, if Clear Header is selected O = Optional SDE Designator (M)Identify frame as having security protection SAID (M)Identify what security association to use to encrypt, integrity seal, or both MDF (O)Accommodation for a particular vendors proposed implementation

Protected Header Fields Station ID (O)Origin authentication mechanism Flags (O)Identifies when fragmentation is enabled Fragment ID (O)Fragment counter Security Label (O)Enables application of access control security labels to frames O = Optional

SDE Header Format Modifications DASA CLEAR HEADER PROTECTED HEADER ICV Current Format Revised Format INTEGRITY PROTECTED ENCRYPTED CLEAR HEADER PROTECTED HEADER DATAICV INTEGRITY PROTECTED ENCRYPTED DASA VLAN TAG PAD DATAPAD STA ID FLAGS FRAG ID SEC LABEL Pload EType FLAGS FRAG ID SEC LABEL SDE Des SAID MDF SEQ NO. SAID MDF X XXX X = May be deleted

SDE Designator SDE designator is compatible with LLC Going forward, use of an EtherType is more acceptable

SDE in a Bridged Environment Non-SDE Bridge 1 Non-SDE Bridge N Unprotected Data Environment Trusted Enclave Unprotected Data Environment Protected Data Environment Untrusted Network SDE Bridge A SDE Bridge B XY

Proposed PAR Purpose & Scope

Purpose The purpose of this PAR is to update the Secure Data Exchange (SDE) Protocol specified in IEEE Std , to accommodate newly identified security requirements for all current 802 MACs and delete unneeded header fields.

Scope The scope of this PAR is to make changes to the format and processing of SDE PDUs to: – Accommodate replay protection – Integrity protect the Destination MAC address – Integrity protect additional header fields, particularly the VLAN tag, as needed The current PDU format and processing will have to be modified to incorporate a sequence number; the DA will have to be included in the computation of the ICV, and; the VLAN tag (and any other required header fields) will be included in the computation of the ICV, if protection is required by VLAN tagging rules (which are to be specified). In addition, an informative annex will be developed that discusses various scenarios for securing Layer 2 bridged networks and a normative annex will be developed that defines an SDE profile specifying a single interoperable SDE configuration that must be supported by all vendors claiming conformance to the revised SDE specification.