Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some LB 62 Motions January 13, 2003 January 2004

Published byPeregrine Hensley Modified over 6 years ago

Similar presentations

Presentation on theme: "Some LB 62 Motions January 13, 2003 January 2004"— Presentation transcript:

1 Some LB 62 Motions January 13, 2003 January 2004
doc.: IEEE /XXX Nov. 2002 January 2004 Some LB 62 Motions January 13, 2003 Jesse Walker, Intel Corporation David Halasz, Cisco

2 doc.: IEEE /XXX Nov. 2002 January 2004 Motion 1 Motion: IEEE Task Group I adopts 802_11i-D7.1.doc as the basis for further work Note: Adoption of this motion would accept the following editorial changes: 4-22, 25, 27, 29-52, 54-57, 59-74, , , , 163, , , 184, 188, 192, 195, 197, , 210, 214, 215, 225, 226, 238, 241, 257, 300, 316, 330, 333, , 348, 390, 394, 395, 408, 409, , 422, 423, , , , 479, , 491, 492, 494, 497, 501, 503, 504, 508, 514, , , 541, 542, , 556, , 576, 578, 579, 585, 588, 590, 593, 594, 609, 610, 614, , , , 645, 647, 648, 650, 652, 654, 656, , 672, , 688, 689, 691, , 702, 703, 705, 707, 712. Jesse Walker, Intel Corporation David Halasz, Cisco

3 January 2004 Motion 2: Comment 298 Comment 298 observes that 802.1X does not provide key management services. Motion: Address Comment 298 on by adopting the text: In an RSNA, IEEE provides functions to protect Data frames, IEEE 802.1X provides authentication and frame filtering, and IEEE and IEEE 802.1X collaborate to provide key management Jesse Walker, Intel Corporation

4 January 2004 Motion 3: Comment 292 Comment 295 asks that we bring i’s usage of 802.1X into line with 802.1X. Motion: Address Comment 292 on by text it suggests: The first component is an IEEE 802.1X Port Access Entity (PAE). PAEs are present on all STAs in an RSNA and control the forwarding of data to and from the MAC. The PAE in an AP adopts the Authenticator role, while the PAEs in other STAs in the BSS adopt the Supplicant role. In an IBSS, the PAE in each STAs adopts both roles simultaneously Jesse Walker, Intel Corporation

5 January 2004 Motion 4: Comments 284, 285 Motion: Address Comments 284, 285 by replacing the text from Once the IEEE 802.1X AKM completes successfully, the IEEE 802.1X Controlled Port unblocks to allow data traffic with the text: Once the AKM completes successfully, data protection is enabled to prevent unauthorized access, and the IEEE 802.1X Controlled Port unblocks to allow protected Data traffic. Jesse Walker, Intel Corporation

6 January 2004 Motion 5: Comment 295 Motion: Address Comment 295 by replacing the text from with No facilities are provided to move an RSNA during Reassociation, so the old RSNA will be deleted, and a new RSNA will need to be constructed Jesse Walker, Intel Corporation

7 January 2004 Motion 6: Comment 296 Comment 296 observes 1st paragraph we are adding to does not make sense. Motion: Address Comment 296 by replacing 1st paragraph we are adding with: In a WLAN that does not support the establishment of RSNAs, Authentication and Confidentially services were defined with the intention of providing similar security characteristics to those achieved by restricting physical access to a wired LAN. A wired LAN provides a level of Authentication as only users with physical access to the LAN can connect, and a level of Confidentiality as only users with physical access can monitor data flows Jesse Walker, Intel Corporation

8 January 2004 Motion 7: Comments on Motion: Address Comments , 299, and 548 by replacing the body of with the text IEEE attempts to control LAN access via the authentication service. IEEE authentication is an SS. This service may be used by all STAs to establish their identity to STAs with which they communicate, in both ESS and IBSS networks. If a mutually acceptable level of authentication has not been established between two STAs, an association shall not be established. IEEE authentication operates at the link level between IEEE STAs. IEEE does not provide either end-to-end (message origin to message destination) or user-to-user authentication. IEEE defines two authentication methods, Open System Authentication and Shared Key Authentication. Open System Authentication admits any STA to the LAN. Shared Key Authentication relies on WEP to demonstrate knowledge of a WEP encryption key. The IEEE authentication mechanism also allows definition of new authentication methods. An RSNA also supports authentication based on IEEE 802.1X, or Pre-Shared Keys (PSKs). IEEE 802.1X authentication utilizes the Extensible Authentication Protocol (EAP, RFC 2284) to authenticate STAs and the AS with one another. This standard does not specify a mandatory-to-implement EAP method. Clause describes the IEEE 802.1X Authentication and PSK within IEEE IBSS. In an RSNA, IEEE 802.1X Supplicant’s and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port. The IEEE 802.1X Controlled Port is blocked from passing general data traffic between the STA and the AP until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port. The Open System Authentication algorithm is used in both BSS and IBSS RSNA, though Open System Authentication is optional in an RSNA IBSS. RSNA disallows the uses of Shared Key Authentication. Management information base (MIB) functions are provided to support the standardized authentication schemes. A STA may be authenticated with many other STAs at any given instant. Jesse Walker, Intel Corporation

9 Comments 302, 574, 672 Motion: Make 5.4.3.2 read:
January 2004 Comments 302, 574, 672 Motion: Make read: The deauthentication service is invoked when an existing authentication is to be terminated. Deauthentication is an SS. In an ESS, because IEEE authentication is a prerequisite for Association, the act of deauthentication shall cause the STA to be disassociated. The deauthentication service may be invoked by either authenticated party (non-AP STA or AP). Deauthentication is not a request; it is a notification. Deauthentication shall not be refused by either party. When an AP sends a deauthentication notice to an associated STA, the association shall also be terminated. In an RSNA, Deauthentication also destroys any related PTKSAs and GTKSAs that exists in the STA and closes the associated IEEE 802.1X Controlled Port. If PMK caching is not enabled, Deauthentication also destroys the PMKSA from which the deleted PTKSA was derived. Note that the existence of IEEE Authentication is not a pre-requisite for invoking the Deauthentication service in the IBSS case. Jesse Walker, Intel Corporation

10 Comment 225 Motion: In 5.4.3.3, replace:
January 2004 Comment 225 Motion: In , replace: If this default is not acceptable to one party or the other, data frames shall not be successfully communicated between the LLC entities. with If this policy is unacceptable to sender, it shall not send Data frames, and if unacceptable to the receiver, it shall discard received Data frames. Jesse Walker, Intel Corporation

11 January 2004 Comment 303 “Automatic and manual” key management methods discussed in not defined MotionL Reword as: The enhanced confidentiality, data authentication, and replay protection mechanisms require fresh cryptographic keys. The procedures described in this document provide fresh keys by means of the 4-Way and Group Key Handshakes. Jesse Walker, Intel Corporation

12 Comment 304 Motion: In 5.4.3.5, replace: with
January 2004 Comment 304 Motion: In , replace: The data origin authenticity mechanism defines a means by which a STA that receives a Data frame from another STA can determine that the MSDU actually originated from that STA with The data origin authenticity mechanism defines a means by which a STA that receives a Data frame can determine which STA actually transmitted the MPDU. Jesse Walker, Intel Corporation

13 January 2004 Comment 305 Motion: Replace current text of i D7.1 Clause 5.6 with In an IBSS, each STA must enforce its own security policy. In an ESS, the AP can enforce a uniform security policy across all STAs. Jesse Walker, Intel Corporation

14 Comments 308, 309 Motion: replace Figure 11 with Figure on this slide
January 2004 Comments 308, 309 PMD_SAP 802.1X Uncontrolled Port 802.Controlled Port Station Management Entity MAC_SAP 802.1X PAE in Authenticator/Supplicant Role Motion: replace Figure 11 with Figure on this slide Data Link MAC Layer Management Entity MLME_SAP LAYER MAC RSNA Key Management PHY_SAP MLME-PLME_SAP Physical PLCP Phy Layer Management Entity PLME_SAP LAYER PMD Jesse Walker, Intel Corporation

15 Comment 310 Motion: Revise 5.9 as follows:
January 2004 Comment 310 Motion: Revise 5.9 as follows: An RSNA relies on IEEE 802.1X to provide AKM services. The IEEE 802.1X access control mechanisms apply to the association between a STA and an AP, and the IBSS STA to STA peer relationship. The AP performs the Authenticator and, optionally, the Supplicant (for a WDS) and Authentication Server roles. In an ESS, a non-AP STA performs the Supplicant role. In an IBSS, a STA takes on both the Supplicant and Authenticator roles, and may take on the Authentication Server role. Jesse Walker, Intel Corporation

16 Comments 228, 311, 312 from the 1st paragraph of 5.9.1
January 2004 Comments 228, 311, 312 Motion: Delete the sentence: IEEE 802.1X Supplicants and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port. from the 1st paragraph of 5.9.1 Jesse Walker, Intel Corporation

17 Comment 314 Motion: Delete the clause:
January 2004 Comment 314 Motion: Delete the clause: and optionally to transmit and receive unicast packets from the following paragraph of 5.9.2: If the Authenticator later changes the GTK, it sends the new GTK and GTK sequence number to the Supplicant using the Group Key Handshake, to allow the Supplicant to continue to receive broadcast messages, and optionally to transmit and receive unicast frames. EAPOL-Key frames are used to carry out this exchange. See Figure 4. Jesse Walker, Intel Corporation

18 January 2004 Comment 226 Motion: delete the parenthetical clause “(for a WDS) from clause 5.9. Jesse Walker, Intel Corporation

19 Comment 286 Motion: In clause 5.9 replace the text: with:
January 2004 Comment 286 Motion: In clause 5.9 replace the text: An RSNA relies on IEEE 802.1X to provide AKM services. with: An RSNA relies on IEEE 802.1X to provide authentication services, and uses the IEEE AKM defined in clause 8.5 to provide key management services. Jesse Walker, Intel Corporation

20 Comment 310 Motion: Replace the sentence
January 2004 Comment 310 Motion: Replace the sentence In an IBSS, a STA can take on the Supplicant, Authenticator and Authentication Server roles. at the end of the 1st paragraph in with: In an IBSS, a STA takes on both the Supplicant and Authenticator roles, and may take on the Authentication Server role. Jesse Walker, Intel Corporation

21 Comment 316 Motion: Replace the 2nd paragraph of 5.9.3.1 with:
January 2004 Comment 316 Motion: Replace the 2nd paragraph of with: In an IBSS, every STA generates its own GTK which it uses for encrypting the group addressed frames it sends. This GTK is given to the other STAs in the IBSS during the 4-Way Handshake so that they can decrypt the frames. Jesse Walker, Intel Corporation

22 January 2004 Comment 551 Motion: add the blue asterisks and the line in blue to Figure 1 AP STA IEEE Probe Request* IEEE Probe Response (Security Parameters)* IEEE Open System authentication Request IEEE Open System authentication Response IEEE Association Request (Security Parameters) IEEE Association Response IEEE 802.1X Controlled Port Blocked. * A Beacon can report the Security Parameters instead of a Probe Request/Response pair Jesse Walker, Intel Corporation

23 January 2004 Comment 673 Motion: Remove the “extra” vertical line from figure 2, to bring it into conformity with the other figures Jesse Walker, Intel Corporation

24 January 2004 Comment 608 Motion: label the arrows in Figure 5 to indicate who initiates Jesse Walker, Intel Corporation

25 January 2004 Comments 674, 675 Motion: Make the dashed vertical lines in Figures 5 and 6 solid, to bring them into conformity with the other figures Jesse Walker, Intel Corporation

Download ppt "Some LB 62 Motions January 13, 2003 January 2004"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-10/0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date: 2010-01-07.

Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Doc.: IEEE 802.11-04-1180-02-000r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Lecture 24 Wireless Network Security

Lecture 24 Wireless Network Security
Doc.: IEEE 802.11-12/1281r1 Submission NameAffiliationsAddressPhoneemail Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1281r1 Submission NameAffiliationsAddressPhone Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Wireless Network Security CSIS 5857: Encoding and Encryption.

Wireless Network Security CSIS 5857: Encoding and Encryption.
September 2002 doc.: IEEE 802.11-02/568r0 David Skellern, Cisco SystemsSlide 1Submission RRM Architectural Framework David Skellern Wireless Networking.

September 2002 doc.: IEEE /568r0 David Skellern, Cisco SystemsSlide 1Submission RRM Architectural Framework David Skellern Wireless Networking.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Similar presentations

Ads by Google