Discussion of KaY Key Exchange and Management Interface to SecY

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

LinkSec Architecture Attempt 3
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
802.1D – Selective Multicast
MOBILITY SUPPORT IN IPv6
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Jan 01, 2008CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Winter
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
Ch. 5 – Access Points. Overview Access Point Connection.
Improving Networks Worldwide. UNH InterOperability Lab Serial Attached SCSI (SAS) Clause 6.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
Wireless and Security CSCI 5857: Encoding and Encryption.
Vulnerabilities Prasad Narayana, Yao Zhao, Yan Chen, Judy Fu (Motorola Labs) Lab for Internet & Security Tech, Northwestern Univ.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
LECTURE9 NET301. DYNAMIC MAC PROTOCOL: CONTENTION PROTOCOL Carrier Sense Multiple Access (CSMA): A protocol in which a node verifies the absence of other.
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
802.1 af discussion First two slides are my picture of ae requirements - these may need some refining Next slide is my interpretation of KSP implementation.
Frank Chao San Antonio 11/22/2004.1AE Management Info.
Analysis of e Multicast/Broadcast group privacy keying protocol Ju-Yi Kuo CS259 Final Project 3 / 16 / 2006.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
ACCESS CONTROL MANAGEMENT Poonam Gupta Sowmya Sugumaran PROJECT GROUP # 3.
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
GBT SCA overview Slide 1-5 Work status Slide 6-10 Shuaib Ahmad Khan.
Doc.: IEEE /0175r2 Submission June 2011 Slide 1 FCC TVWS Terminology Date: Authors: Peter Ecclesine, Cisco.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /xxxxr0 July 2011 Padam Kafle, Nokia Submission Simplification of Enablement Procedure for TVWS Authors: Date: July 18, 2011 NameCompanyAddressPhone .
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.:IEEE /0313r1 Submission Robert Stacey (Intel) March 12, 2010 Slide 1 Rekeying Protocol Fix Authors: Date:
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.
Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
FILS Reduced Neighbor Report
– Chapter 5 – Secure LAN Switching
IEEE Interim May 2004 Allyn Romanow
Chapter 3: Open Systems Interconnection (OSI) Model
Multi-band Discovery Assistance
Multi-band Discovery Assistance
FILS Reduced Neighbor Report
Agenda retrospective - B. Aboba Lunch
Changes to SAE State Machine
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Rekeying Protocol Fix Date: Authors: Month Year
Dr. John P. Abraham Professor UTPA
TruSecure Corporation
Security in Wireless Metropolitan Area Networks (802.16)
Security in Wireless Metropolitan Area Networks (802.16)
Presentation transcript:

Discussion of KaY Key Exchange and Management Interface to SecY IEEE 802.1af Discussion of KaY Key Exchange and Management Interface to SecY Jim Burns May 20, 2004 Barcelona, Spain jeb@mtghouse.com

SecY/KaY Interface Overview MK (Master Key - pairwise) KaY Key Management (.1af) LMI SAKs .1af Key Exchange Protocol MK to SAK Key Derivation Process SecY (.1ae) SAKs

.1ae Terminology MK is 1 to 1 SC SA SAK SAK SAK SAK is 1 to N … SA SAK

Assumptions If pre-shared master key is deployed out-of-band then key management can operate without authentication protocol. Authorization shall operate following key exchange and creation of the secure channel. Master Keys have Time & Msg-count life times Key-exchange exchanges only one (1) one-way SAK, so two key exchanges must occur between two (2) peers to achieve symmetric connection. I discuss only the .ae/.af interface, I do not discuss specific key management protocol here (I assume there is some method of deriving SAKs from MK)

LMI Communication Communication between SecY and KaY is indirect via LMI LMI is modeled as data structures not as functions. Writing certain data may cause actions at the SecY or KaY Reading data causes no action

LMI: from SecY to KaY Connectivity Capabilities Supported Cipher Suites Supported txEncodingSA - which SA to use for transmit encoding. txEncipheringSA - which SA to use for transmit enciphering (optional). State of each SC State of each SA NextPN of each SA

LMI: from KaY to SecY Connectivity to use Cipher Suite To Use Indication whether All neighbors are SecYs Association Number for each SA (?) Secure Association Key for each SA MUST generate SAK (whether valid or not. An invalid SAK should be a random number…) Request to install/remove/use/don’t-use an SC Request to install/uninstall SAK for each SA

LMI: from ??? To KaY Limit to number of allowed RX SC Desired/required authorization level

LMI Key Management Interface - SecY/KaY Type Element R/W R Enum ConnectivityCapabilitiesSupported - multipoint or point-to-point ConnecitivityCapabilityInUse - current connectivity Int[] CipherSuitesSupported - Cipher Suites supported by SecY Int CipherSuiteInUse - Current Cipher Suite In Use Boolean NeighborsAllSecYs --- MK[sci] Pairwise Master Keys - pairwise key (1-to-1), provisioned via some mechanism (SNMPv3, EAP, Kerberos, out-of-band, etc) - with lifetimes TXSC - Secure Channel for transmitting to ALL peers in CA txEncodingSA txEncipheringSA SCI - Secure Channel Identifier (SCI=MAC+PortNumber) State - current state of this SC {Unused, NotInCA, InCA} Cmd - command to carry out on this CA {Use, AddToCA, RemoveFromCA, stopUsing} SA[0] - Secure Association AN - Association Number (SAI=SCI+AN) SAK - Security Association Key nextPN - next Packet Number State - current state of this SA {Unused, Install, Installed} Cmd - command to carry out on this SA {InstallKey, UninstallKey} SA[1]… SA[2]… SA[3]… RXSC[0] - Secure Channel for receiving from ONE peer in CA << same fields as TXSC except txEncodingSA and txEncipheringSA >> RXSC[1]… RXSC[n]…

Start up… New common port becomes available SecY & KaY instantiated for common port CA created with last saved value (could be an initial out-of-band provisioned value) MK and KGK restored with lifetimes. Announcement occurs, creating peer list TX SC and RX SC created for each peer in peer list. SCs created either via key exchange (if MK available for peer) or authentication (if no MK) Each key exchange results in SAK that is stored in SA. When all peers have SC with SAK, the SAK for the TX SC is stored ins its SA.

Events That Cause Action New common port available KaY instantiated LMI provisioned with last stored CA including Pairwise MKs Empty peer list Send announcement frame (rate limited to 1 per second) Peer station in peer list with no matching SC Create SC with no SA AddToCA SC with no matching peer in peer list RemoveFromCA SC with no active SA Create SA with null key values (completely random) InstallKey

Events That Cause Action (2) SA with null key that we do not have peer MK for Carry out authentication with peer - peer MK created SA with null key that we do have peer MK for Carry out key exchange with peer to obtain SAK InstallKey All peers in peer list have SAs with installed keys but no SA with installed key for TX SC with a valid nextPN Create SA with TX SAK All peers in peer list do NOT have installed SAs but TX SC has installed SA UninstallKey of SA for TX SC (Symmetry broken)

Events That Cause Action (3) Peer MK lifetime expired Remove peer MK stopUsing SC for peer Peer MK changed New RX SA created (as result of key exchange initiated by another system) installKey

Events That Cause Action (4) New rx SA from station we already have rx SA with Create SA in unused SA InstallKey for SA UninstallKey for old SA 2 seconds after receiving a frame with new SA NextPN of installed TX SA is ‘close’ to exhaustion - Generate new SAK Carry out authentication and/or key exchange with each peer to send them new SAK Need to not make this a special case… tie into other events.

Events That Cause Action (5) Authorization level not at expected/required level Need new LMI variable to allow higher layer to define level Attempt to achieve authorization level via Authorization New authentication

LAN-level Events Local station start Local station stop New Common Port available Local station stop Common port not available Peer Station enters CA (KaY discovers new station) Peer in peer list with no SA Peer Station leaves CA gracefully (?) SA with no matching peer in peer list Peer Station leaves CA ungracefully (?)

LAN-level events (2) CA becomes non-transitive or non-symmetric Uninstall Key of SA for TX SA MAC_Operational set to false by SecY No action(?) Choice of available cipher suites is changed by management, removing currently used cipher suite

Questions… Whose job to ensure symmetric and transitive attributes of CA are not violated? Which keys will have lifetimes? SAK -- PN limits lifetime, nothing else needed MK -- lifetime limits in time/frames-sent set during authorization If a receiving SA is approaching the limit of its packet number should we attempt to initiate new SA creation? Or is it always the owner of the TX SA that creates a new SA? How to detect non-SecY neighbors? Announce, and Announce again upon receipt of peer’s Announce Make changes to CA persistent with every change?

Next Steps Further define variables need to be LMI (beyond those for SecY) Create draft of the SecY state machine Define how we will reference variables for LMI For each event create actual state machine like conditions and actions using variables defined for LMI Ensure all events needed for SecY are represented.