doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 2 Abstract This document describes some missing features from and proposes a way to add them to IEEE

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 3 Security Services in Key Management –Authentication: A STA can prove its identity to the network and vice versa –Authorization and Access Control: Once authenticated a STA can be given access to the network, or a subset of it, or denied access to the network. –Key derivation: each side derives a key known bound to each other. Ciphers –Data Confidentiality: Data sent between the STA and AP is hidden from all but the source and destination of the data. –Data Integrity: The recipient of a frame is able to verify that the frame was not modified in transit and that a false frame has not been substituted for a valid frame. –Data Source Authentication: The recipient of a frame is able to ascertain the origin of the frame and it is not possible for anyone else to masquerade as the claimed originator.

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 4 How are These Services Provided Today? Wired Equivalent Privacy (WEP) –Key Management Shared key: insecure simple proof-of-possession of a shared key –Cipher WEP: insecure, numerous fundamental flaws in design Robust Security Network (RSN) –Key Management 802.1x: provides mutual authentication, allows for authorization and access control decision making, generates secure and cryptographically strong keys. PSK: provides a limited type of authentication, generates weak keys that void some features of RSN ciphers. –Ciphers TKIP: provides confidentiality, data integrity (sub-optimally), and data source authentication. CCMP: provides confidentiality, data integrity, and data source authentication.

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 5 What’s The Problem? ’s current cryptographically strong security is limited to one particular use case– the enterprise-- where: –a AAA server is used to aggregate security services and policy. –strict roles are enforced: clients obtain network access through APs ’s current cryptographically strong security doesn’t really work for other deployments. –Small office/home office– a stand-alone AAA server is problematic. –Networks of consumer electronics devices– a stand-alone AAA server is a non-starter and there is no real “client” and “AP” role. –Mesh and peer-to-peer applications– there is no “client” and “AP” role. The PSK mode of i is insecure. This is a source of continued bad press for – “ is still not secure”. CCM in software is reaching performance limits with current high-rate PHYs

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 6 What’s the Problem? People right now want to use in ways that are not supported: – bluetooth-sig-liaison-report-may-2009 Need for secure high-speed data transfer between personal devices (non-AP STAs) but doesn’t support that. So, use insecure Bluetooth key management to get a key and then use for data transport. –Wi-Fi Alliance liaison report from May 2009 (verbal) There is a compelling use case for peer-to-peer use of but that isn’t supported in , so WFA is defining a new layer to provide the appearance of peer-to-peer. PSK mode in is insecure but a compelling use case for PSKs still exists so WFA is trying to come up with an adjunct protocol to lessen the security exposure– it does not eliminate it though, the solution does not achieve provable security.. People will soon want to use in ways that are not supported: –“smart grid” applications People trade security for usability because does not give them both (see wng-future-security-activities).

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 7 What’s The Solution? Support currently unsupported use cases in to make hacks by other SDOs unnecessary. Provide security and usability to A Study Group to come up with a PAR & 5C to work on: –Secure, de-centralized, peer-to-peer authentication and key management protocols– address the Bluetooth and WFA issues A password-based key exchange that is resistant to attack A certificate-based key exchange –Definition (not development) of new ciphers AES-GCM: a high-performance, single-pass, cipher for authenticated encryption AES-SIV: a misuse-resistant cipher for authenticated encryption

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 8 A Focus on Enhanced Security Tight focus ensures timely results –Keep a focus on security enhancements to existing functionality and not creation of new security algorithms, ciphers, etc. –Much of this has already been designed– GCM, SIV, SAE– so it’s a problem of defining use in There is a need for de-centralized security in –Use of a PSK/password is widespread and will remain so. Unfortunately it is not secure; we should make it so. –There is market demand as shown by the work of other SDOs. –It makes sense for to provide it instead of hoping other organizations do it (and do it right). Data rates keep increasing, ciphers cannot be bottlenecks! More efficient ciphers consume less power which results in longer battery life, and it’s also green. Do security work in a security group; keep experts focused on their area of expertise.

doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 9 Motion Move to request the Working Group to approve and forward to the IEEE 802 Executive Committee the creation of a new IEEE Study Group, called the Enhanced Security Study Group (ESSG), to investigate ways to provide security enhancements to on the following: –Secure, robust, de-centralized, peer-to-peer key management. –Faster, more robust, or more power-efficient ciphers. Upon confirmation of feasibility and per 802 operating rules, the ESSG shall draft a PAR and 5 criteria to be submitted to the WG. Moved: Seconded: Yes: No: Abstain: