Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Internet Protocol Security (IP Sec)
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Doc.: IEEE /0348r0 Submission March 2015 Lee Armstrong, Armstrong Consulting, Inc.Slide 1 Proposed Tiger Team actions Date: Authors:
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Doc.: IEEE /0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: Authors:
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Wireless and Security CSCI 5857: Encoding and Encryption.
Doc.: IEEE / wng Submission March 2007 Takeshi Nakamura, Trinity Security Systems, Inc.Slide 1 IPN-WLAN: ‘IPN’ enabled Wireless LANs A.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Initial Keying for KeySec John Viega, Russ Housley
Configuring Directory Certificate Services Lesson 13.
Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Doc.: IEEE /0893 r00 Submission July 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Service Discovery Proposal Date: Authors: Previous.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Doc.: IEEE /0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for Date: Authors:
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Doc.: IEEE /1164 r00 Submission September 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Some Par and 5C Requirements Date: Authors:
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Cryptography Readings Encryption, Decryption, & Digital Certificates.
Computer and Network Security - Message Digests, Kerberos, PKI –
Submission doc.: IEEE ai May 2012 Lei Wang, InterDigital CommunicationsSlide 1 Proposed SFD Text for ai AP/STA Initiated FILS Optimizations.
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Key Centric Identity Date: Authors:
Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.
Doc.: IEEE /1468r1 Submission Jan 09 Ashish Shukla, Marvell SemiconductorSlide 1 ERP Protection in IEEE s Mesh Network Date:
Doc.: IEEE xxxxx Submission doc. : IEEE Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P
Doc.: IEEE /1212r0 Submission September 2011 IEEE Slide 1 The Purpose and Justification of WAPI Comparing Apples to Apples, not Apples to.
Doc.: IEEE /1147r1 Submission November 2009 David Halasz, AclaraSlide 1 Path Protection Date: Authors:
Doc.: IEEE /484r0 Submission NameAffiliationsAddressPhone George Cherian Santosh Abraham Qualcomm 5775 Morehouse Dr, San Diego, CA, USA +1.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Doc.: IEEE /322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Doc.: IEEE /0085r1 Submission June 2010 Tuncer Baykas, NICTSlide TG1 and System Design Document Notice: This document has been prepared.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide Simulations Date: Authors:
Proposed SFD Text for ai Link Setup Procedure
Discussions on FILS Authentication
SFD Text for Public Key Cryptography
Generic Mechanism Across Multiple Technologies / SDOs
Discovery of ESS services
Infrastructure Service Discovery
Access distribution in ai
Install AD Certificate Services
Infrastructure Service Discovery
Access distribution in ai
Presentation transcript:

doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:

doc.: IEEE / wng Submission Background IEEE provides cryptographic security using work developed in TGi (2004) –Key Establishment / Authentication Pre-Shared Keys 802.1X / EAP / Radius Authentication –AES-CCMP for link encryption What are we missing? March 2012 Paul A. Lambert (Marvell)Slide 2

doc.: IEEE / wng Submission Strong Device-to-Device Authentication IEEE does not have a “good” solution for device-to-device authentication Preshared keys are problematic: –Difficult to install –Poor authentication (can be reshared) EAP based methods are designed to use a remote server July 2012 Paul A. Lambert (Marvell)Slide 3

doc.: IEEE / wng Submission Device-to-Device Authentication Possible Use Cases and Benefits Simplified secure device discovery –All devices have an provable identity –Enables good peer-to-peer security Easy device enrollment and installation –Provable identity greatly simplifies installation process –Simplified installation of headless devices (sensors, etc) Cost and complexity reduced for systems needing centralized authorization July 2012 Paul A. Lambert (Marvell)Slide 4

doc.: IEEE / wng Submission Proposed Framework Every device has a public / private key – public key is used as identity Raw key or hash of Key Certificate, but not requiring a Certificate Authority (CA’s assign names – this is not necessary) Simple Key Exchange –Preassociation in –4 message exchange –based on well defined cryptographic standards (a few to choose from – ANSI, etc.) –Able to support Suite B July 2012 Paul A. Lambert (Marvell)Slide 5

doc.: IEEE / wng Submission Public Key Based Authentication November 2011 Paul A. Lambert (Marvell)Slide 6 Private Key Public Key Public Keys can be openly shared Key pairs are used in an authentication exchange that proves that an entity “holds” a particular public key K 1 K 2

doc.: IEEE / wng Submission Simple Device Enrollment Devices have a identity out-of-the box –Self generated key pair –Binding of wireless authentication to a specific device Label based on public key Remote enrollment based on knowing identity July 2012 Paul A. Lambert (Marvell)Slide 7

doc.: IEEE / wng Submission Scalable Access Authorization November 2011 Paul A. Lambert (Marvell)Slide 8 Can K 1 enter network? K 1 K 2 Access control servers do NOT need to hold any secrets

doc.: IEEE / wng Submission Straw Poll Would this group support the definition of device-to-device public key authentication mechanisms for IEEE ? yes: no: abstain: July 2012 Paul A. Lambert (Marvell)Slide 9