Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel

Published byPatrick Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel"— Presentation transcript:

1 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel (jasmeet.chhabra@intel.com)jasmeet.chhabra@intel.com Anand R Prasad, DoCoMo Euro-Labs (prasad@docomolab-euro.com )prasad@docomolab-euro.com Jesse Walker, Intel (jesse.walker@intel.com )jesse.walker@intel.com Hindenori Aoki, NTT DoCoMo (aokihid@nttdocomo.co.jp )aokihid@nttdocomo.co.jp

2 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 2 2004 Outline Goals Requirements Assumptions Basic security model Distributed Authentication Centralized Authentication Conclusion

3 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 3 2004 Goals/Requirements Reuse/build on top of current 802.11i techniques –802.11s PAR, Clause 18: “The amendment shall utilize IEEE 802.11i security mechanisms, or an extension thereof...” Other requirements –Allow peer-to-peer association/authentication between mesh points/mesh APs –Protect mesh management and control messages exchanged between mesh points/mesh APs (e.g. routing and topology info) –Allow mesh nodes to broadcast to all its neighbors : needed by routing services etc. –Maintain 11i data security for data delivery across multi-hop mesh path –Credentials issued might have to differentiate between a mesh point and a non-mesh point –Allow for both distributed and centralized authentication schemes

4 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 4 2004 Assumptions Authenticated Mesh Points in an administrative domain can be trusted for faithful forwarding of messages. –No selective forwarding like attacks –No eavesdropping

5 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 5 2004 Background 802.11i “Figure 16—Example 4-Way Handshakes in an IBSS”

6 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 6 2004 Basic security model New mesh point ESS Mesh Security bubble Supplicant Authenticator Group key is used for broadcast communications Pair-wise keys are used for unicast communications Authentication server could be distributed or centralized –Does not effect basic security model

7 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 7 2004 Basic security model (Contd.) Each mesh point supports both supplicant and authenticator functionality Each mesh point acts as supplicant and authenticator for each of its neighbors –Similar to IBSS security model in 802.11i After authentication/authorization/4-way handshake: –Mesh point uses its own group key to broadcast/multicast – Pair-wise key for unicast Number of keys is O (num_neighbors)

8 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 8 2004 Advantages Minimal changes required to 802.11i –Mainly language changes –Re-uses the strong and well debated solution Builds on top of current 802.11i standard Key management Complexity is controlled –O(num_neighbors)

9 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 9 2004 Authenticator Security model with stations ESS Mesh Security bubble Supplicant Access Point No change in the current STA operation

10 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 10 2004 Authentication Schemes IEEE 802.11i does not specify where the authentication server resides. –Can be on the AP/Node itself –Only specifies functionality needed As mentioned earlier, the authentication scheme could be –Distributed or –Centralized

11 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 11 2004 Distributed authentication Completely distributed: automatic or manual configuration of nodes Elect: Requires solution for the case where elected AS becomes unavailable –A node is assigned as AS at random –The first node becomes AS –Some other mechanism is used Select: The user selects a node as AS

12 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 12 2004 Centralized Authentication The centralized method involves a ESS mesh AP that has access to a AS The AS could either reside locally or could be placed elsewhere in the network All other ESS mesh APs and STAs will be authenticated via the AP connected to the AS

13 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 13 2004 Open questions 802.11i does not provide management frame security –Could effect routing, topology traffic etc. security –Should align with management frame security study group: Need to submit requirements to the group before November Only language changes needed to 802.11i –Do we need to do any other changes in 802.11i? Are there changes needed for allowing distributed authentication?

14 doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 14 2004 Conclusion Security model builds on top of 802.11i –Minimal language changes Manageable key complexity –O(num_neighbors) Need to submit requirements to the management frame security group

Download ppt "Doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel"

Similar presentations

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: 11-04-0500-00-0mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.

Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.
Doc.: IEEE 802.11-09/0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure 802.11 Authentication Using Only A Password Date: 2009-01-19.

Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for 802.11 ESS.

Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
September 2004Rudolf, Carlton1 802.21 and TGr Marian Rudolf, Alan Carlton - InterDigital doc: IEEE 802.11-04/1052r0.

September 2004Rudolf, Carlton and TGr Marian Rudolf, Alan Carlton - InterDigital doc: IEEE /1052r0.
Doc.: IEEE 802.11-11/0175r2 Submission June 2011 Slide 1 FCC TVWS Terminology Date: 2011-01-14 Authors: Peter Ecclesine, Cisco.

Doc.: IEEE /0175r2 Submission June 2011 Slide 1 FCC TVWS Terminology Date: Authors: Peter Ecclesine, Cisco.
Doc.: IEEE 802.11-08/0357r0 Submission March 2008 Michelle Gong, Intel, et alSlide 1 Enhancement to Mesh Discovery Date: 2008-03-17 Authors:

Doc.: IEEE /0357r0 Submission March 2008 Michelle Gong, Intel, et alSlide 1 Enhancement to Mesh Discovery Date: Authors:
A Bandwidth Scheduling Algorithm Based on Minimum Interference Traffic in Mesh Mode Xu-Yajing, Li-ZhiTao, Zhong-XiuFang and Xu-HuiMin International Conference.

A Bandwidth Scheduling Algorithm Based on Minimum Interference Traffic in Mesh Mode Xu-Yajing, Li-ZhiTao, Zhong-XiuFang and Xu-HuiMin International Conference.
Doc.: IEEE 802.11-08/0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date: 2008-03-15.

Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Similar presentations

Ads by Google