Doc.: IEEE 802.11-02/230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 Proxied Preauthorized Roaming Robert Moskowitz Trusecure Corporation.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Doc.: IEEE /516r0-I Submission September 2002 Robert Moskowitz, ICSALabsSlide 1 RADIUS Client Kickstart Robert Moskowitz, ICSALabs John Vollbrecht,
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
Doc.: IEEE /431r0 Submission July 2002 Carlos Rios, RiosTek LLC Slide 1 Pre-Shared Key RSN Extensions Enrollment, Authentication and Key Management.
Doc.: IEEE /533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE /492r0-I Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 An Authentication layering model Robert Moskowitz Trusecure.
Wireless and Security CSCI 5857: Encoding and Encryption.
Doc.: IEEE /229r0 Submission Tan Pek-Yew, Panasonic Slide 1 March 2003 Interworking – QoS and Authorization Tan Pek Yew & Cheng Hong Panasonic.
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
IPSec Chapter 3 – Secure WAN’s. Definition IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force,
Doc.: IEEE /0377r1 Submission March 2004 Areg Alimian CMC, Bernard Aboba MicrosoftSlide 1 Analysis of Roaming Techniques Areg Alimian Communication.
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.
Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: Authors:
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /xxxr0 Submission November, 2004 Jim TomcikSlide 1 cdma2000-WLAN Interworking Jim Tomcik Raymond Hsu
Doc.: IEEE /562r1 Submission November 2001 Tim Moore, Bernard Aboba/Microsoft Authenticated Fast Handoff IEEE Tgi Tim Moore Bernard Aboba.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Doc.: IEEE HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0172r4 Submission July 2005 Robert Moskowitz, ICSAlabsSlide 1 A security model for wireless meshs Notice: This document has been prepared.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /0448r0 Submission March, 2007 Srinivas SreemanthulaSlide 1 Joiint TGU : Emergency Identifiers Notice: This document has been.
Doc.: IEEE /1008r0 August 2010Hiroki Nakano, Trans New Technology, Inc.Slide 1 Parallel processing for upper layer Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE /0719r0 Submission July 2004 Marian Rudolf, Juan-Carlos Zuniga, InterDigitalSlide STA-driven / AP-assisted handover Marian.
Doc.: IEEE /1436r0 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 L2 Domain Indication Mike Moreton, STMicroelectronics 15 th.
SubmissionJoe Kwak, InterDigital1 STA disassociation behavior Joe Kwak, Marian Rudolf InterDigital doc: IEEE /106r0January 2004.
Doc.: IEEE /01097r0 Submission November 2005 N. Cam-Winget, K. Sood, and J. WalkerSlide 1 EAPKIE Replay Counters and MIC Notice: This document.
Doc.: IEEE /0467r1 Submission May 2005 Richard Paine, BoeingSlide 1 11k LB73 Security Resolutions Notice: This document has been prepared to assist.
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Robust Security Network (RSN) Service of IEEE
FILS presentation on High Level Security Requirements
Roaming Interval Measurements
TruSecure Corporation
RADIUS Client Kickstart
CAPWAP Architectural Requirements on
A security model for wireless meshs
Roaming Keith Amann, Spectralink
Fast Roaming Compromise Proposal
Link Setup Flow July 2011 Date: Authors: Name Company
A View on s Routing A Framework for a Discussion
Fast Roaming Compromise Proposal
AP-AC communications and Functional Architecture
A security model for wireless meshs
Fast Roaming Compromise Proposal
Fast Roaming Observations
Thinking About the Site Report
Link Setup Flow July 2011 Date: Authors: Name Company
TruSecure Corporation
Presentation transcript:

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 Proxied Preauthorized Roaming Robert Moskowitz Trusecure Corporation ICSALabs

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 2 March 2002 Goal Provide for fast authentication when a Station roams to a new AP –Establish Security Associations BEFORE REassociations –Use SAs to validate REassociations Allow for Stations to bounce between APs –Keep SAs around after DEassociations and IAPP ADDs and Moves Leverage off of 802.1x architecture, but account for complex AAA arrangements –Also work for preshared keyed DSs

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 3 March 2002 Benefits Most authentication done ‘behind the scenes’ Full pairwise session keys in STA and APs – Strict adherence to STA-AP-AS security model

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 4 March 2002 Requirements APs have a knowledge of their neighbors –BSSIDs with IP addresses –Manually entered or ‘learned’ via 11f Mechanism for Associated AP to provide this list to STA –In EAP Identity Request –Mechanism for STA to tell AP which of list to Proxy Auth Protocol for passing EAP packets over IP, e.g. PIC

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 5 March 2002 Process Flow 1 STA ASSOCIATEs and Authenticates (802.1x) with AP AP provides STA with list of its neighbor APs –BSSIDs and DSM IP addresses STA performs EAP auth with neighbor APs –EAP over IP between STA and neighbor AP e.g. PIC UDP with hop-wise protection –STA - local AP is TKIP/ACIP –local AP to neighbor AP is ESP with TGf SAs

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 6 March 2002

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 7 March 2002 Process Flow 2 STA REASSOCIATEs with new AP STA sends EAPOL Start AP sends list of neighbor APs to STA STA and AP enter rekey state using PSK STA uses list of neighbor APs to perform EAP auth with

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 8 March 2002

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 9 March 2002 Risks Excessive number of SAs on APs –Too many neighbor APs on some APs –non-mobile STAs setting up SAs with APs –Unused SAs will eventually time out

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 10 March 2002 Interaction with 11f AP gets its list of neighbors from REASSOCIATE history APs SHOULD complete roam authentication based on PSKs before MOVE Notify

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 11 March 2002 Operation in non-11f environment List of neighbor APs hand configured –BSSIDs and IP addresses

doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 12 March 2002 Discussion???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.