Doc.: IEEE 802.11-02/684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Advertisements

Doc.: IEEE /2078r0 Submission July 2007 Matthew Gast, Trapeze NetworksSlide u and Emergency Services Notice: This document has been prepared.
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.
Doc.: IEEE /318r0 Submission May 2002 Martin Lefkowitz, Texas InstrumentsSlide 1 Implicit Initialization Vectors Martin Lefkowitz, Texas Instruments.
Doc.: IEEE k Submission September 2003 Martin Lefkowitz, Trapeze NetworksSlide 1 Directed Probe Request With No Response Option Martin.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless Networking.
CMPT 471 Networking II Address Resolution IPv4 ARP RARP 1© Janice Regan, 2012.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Dynamic Host Configuration Protocol (DHCP)
Doc.: IEEE /1288r1 Submission November 2010 Sameer Vermani, QualcommSlide 1 Frame Format for GroupID Management Date: Authors:
Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:
Submission doc.: IEEE /0890r0 July 2012 Fei Tong, CSRSlide ah Multi-User Aggregation PDU Date: 2012-July-16 Authors:
Doc.: IEEE /1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: Authors:
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE Submission November 16, 2004 Poor & Struik / Ember & CerticomSlide 1 Project: IEEE P Working Group for Wireless Personal.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Doc.: IEEE /0110r6 SubmissionLiwen Chu Etc.Slide 1 Frame Header Compression Date: Authors: Date: March, 2012.
Doc.: IEEE /0110r7 SubmissionLiwen Chu Etc.Slide 1 Frame Header Compression Date: Authors: Date: April, 2012.
Submission November 2010 doc.: IEEE /1236r0 Enhancements to Enablement Procedure Slide 1 Santosh Abraham, Qualcomm Incorporated Date:
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE /230 Submission May 2001 William Arbaugh, University of MarylandSlide 1 An Inductive Chosen Plaintext Attack against WEP/WEP2 William.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
6LoWPAN Meeting 66 IETF Dallas Format Document changes July 11, 2006.
Doc.: IEEE /xxx Submission September 2003 Martin Lefkowitz, Trapeze NetworksSlide 1 Domain Signaling Martin Lefkowitz Trapeze Networks 5753 W.
Doc.: IEEE /0537r0 Submission May 2010 Kazuyuki Sakoda, Sony CorporationSlide 1 General frame format comment resolution overview Date:
Doc.: IEEE /0615r0 Submission May 2008 Naveen K. Kakani, Nokia IncSlide 1 Multicast Transmission in WLAN Date: Authors:
Doc.: IEEE /552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia
Robust Security Network (RSN) Service of IEEE
Security Enhancement to FTM
Solving Status mismatch
Solving Status mismatch
WUR frame format follow-up
Motions to Address Some Letter Ballot 52 Comments
Martin Lefkowitz Trapeze Networks
WUR frame format follow-up
WUR frame format follow-up
Key Descriptor Version in EAPOL Key Frames
Wake Up Frame to Indicate Group Addressed Frames Transmission
Multicast Replay Detection Fred Stivers, Texas Instruments
Broadcast and Unicast Management Protection (BUMP)
Broadcast and Unicast Management Protection (BUMP)
Multicast Replay Detection Fred Stivers, Texas Instruments
Multicast Replay Detection Fred Stivers, Texas Instruments
Security for Measurement Requests and Information
Discussion on Group ID Structure
WUR frame format follow-up
Jul 12, /12/10 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Frame signaling options for Security.
Multicast Replay Detection Fred Stivers, Texas Instruments
WUR frame format follow-up
CID#89-Directed Multicast Service (DMS)
Discussion on Group ID Structure
Overview of Improvements to Key Holder Protocols
Use of EAPOL-Key messages
Group Key Optimizations
Presentation transcript:

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 2 Extended Keymap ID Current Encryption key Technology –Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS per STA –Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS for multicast/broadcast

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 3 What if? We added a mechanism whereby we could use more than 4 keys per STA for either Unicast or Broadcast traffic. –A STA can receive secure multicast traffic based on application while still able to respond to multicast IP traffic like arp.

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 4 Why Premium Subscriptions in the WISP, or carrier area –Pay Per view –Subscription broadcast data service An Administrator can determine if errors are caused by configured events or unconfigured events. A heterogenous environment can support multiple group keys for a more graceful transition to stronger encryption.

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 5 How Add a field to the EAPOL Key Descriptor that indicates the value of the 12 bit field in the encryption header of the MPDU format. – EAPOL Key messages have an 8 byte field that is reserved to zero. –802.1x already has a Key ID f field that is used for multiple group keys. Proposal is to make two of those bytes the Key ID fields Group Keys are used between a single Authenticator and all Supplicants authenticated to that Authenticator. The Authenticator may derive new Group Transient Keys when it wants to update the Group temporal keys.

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 6 How Assign some reserved bits in the encryption header to map a Key Id to a particular encryption key –There are 12 bits available between the key ID and TSC/IV fields of TKIP and CCMP –WRAP would need to change WRAP needs to change anyway to be consistent with the other RSN modes.

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 7 How Add Key Id field to MPDU format. –There are enough bits in the reserved field with 48 bit counter format –Noted Differences between CCMP and TKIP

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 8 TKIP MPDU Format KID EX = Key ID Extension

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 9 CCMP MPDU Format

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 10 How Add SNMP MIB: –dot11numKeymapID Number of different key map IV a STA needs to keep track of. –dot11recievedFramesNoKeymap Indicates how many frames a STA has received for which it did not have the keymap ID. –A normal situation. Add appropriate logic to Pseudo code after the key has been looked up if that entry contains a key that is null discard the frame body and increment dot11WEPUndecryptableCount else if there is no key entry for keymap field in MPDU Increment dot11recievedFramesNoKeymap else attempt to decrypt with that key, incrementing dot11WEPICVErrorCount if the ICV check fails

doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 11 Conclusion Key IDs can be exended for both broadcast and unicast traffic with little change to the current SSN/TGI implementations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.