Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Key Holder Security Association Teardown Mechanism

Published byΕρατώ Αργυριάδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Overview of Key Holder Security Association Teardown Mechanism"— Presentation transcript:

1 Overview of Key Holder Security Association Teardown Mechanism
September 2007 doc.: IEEE /2376r0 September 2007 Overview of Key Holder Security Association Teardown Mechanism Date: Authors: Steve Emeott, Motorola Steve Emeott, Motorola

2 September 2007 doc.: IEEE /2376r0 September 2007 Abstract This submission provides an overview of document 11-07/2372r0, which proposes a protocol for tearing down a mesh key holder security association that had been set up between a mesh authenticator and a mesh key distributor Steve Emeott, Motorola Steve Emeott, Motorola

3 Outline Overview Discussion of questions received
September 2007 doc.: IEEE /2376r0 September 2007 Outline Overview Mesh Key Holder Security Associations Teardown Mechanism Discussion of questions received Steve Emeott, Motorola Steve Emeott, Motorola

4 Mesh Key Holder Security Association
September 2007 Mesh Key Holder Security Association A MP is elevated to a Mesh Authenticator after establishing a Mesh Key Holder Security Association (MKHSA) with an MKD A MKHSA between an MA and its MKD is identified by MPTK-KDShortName The MKHSA state consists of MPTK-KD (session key) Key Replay Counters If an MP moves to a new MKD domain, it should attempt to tear down the MKHSA in its old domain Allows the MKD to delete old state mesh key distributor mesh authenticator Mesh Key Holder Security Handshake message 1 Mesh Key Holder Security Handshake message 2 Mesh Key Holder Security Handshake message 3 Mesh Key Holder Security Handshake message 4 Figure: Mesh Key Holder Security Association Handshake Steve Emeott, Motorola

5 Example of MA behavior when changing MKD domains
September 2007 Example of MA behavior when changing MKD domains MKD 1 MA 1 MA3 MKD 2 MA 2 Initial MSA Authentication In MKDD 1 Key Holder Security HS Initial MSA Authentication Proposed in 07/2372 Key Holder Security HS Key Holder Security Teardown In MKDD 2 After the Key Holder Security Teardown, MA3 has a secure peer link with both MA1 and MA2, but it only has a MKHSA with MKD2. Steve Emeott, Motorola

6 Key Holder Security Teardown protocol details
September 2007 Key Holder Security Teardown protocol details Either MA or MKD may initiate The MKHSA torn down is identified by MPTK-KDShortName The teardown allows the MKD and MA to clean up state The Key Holder Security Teardown protocol permits the MA to delete a prior session, when joining a new MKD domain. The protocol may also be used by an MKD if it must stop its services as an MKD to one or more MAs. Requester Responder Teardown Request Teardown Response Steve Emeott, Motorola

7 Earlier Questions Received
September 2007 Earlier Questions Received Question: What happens if the MA initiates a new security session while the MKD is tearing down a pre-existing security association? Can this lead to livelock, where one side keeps proposing a new security association and the other tears it down Answer: The MKHSA to be torn down is identified in the teardown request message by its MPTK-KDShortName, which will be different than the identifier for the new security session. Of course, the MKD is free to accept or decline a request for the new session Steve Emeott, Motorola

8 Earlier Questions Received (cont.)
September 2007 Earlier Questions Received (cont.) Question: How does it work if the MA and MKD both initiate the teardown simultaneously. Answer: protocol supports timeout and retry features to increase the probability of success Any party sending a teardown request starts a timer, waits for response. When the timer expires it may retransmit request If a teardown response is not received after the teardown retransmission limit is reached, the MKHSA is deleted. Any party receiving a teardown request sends out a teardown response and starts a timer. The identified MKHSA is deleted when the timer expires. Any party receiving a duplicate request while decrementing the timer should send out a duplicate response When a party receives a valid response after sending out a teardown request, it deletes the identified MKHSA Any party receiving a teardown request while waiting for a response to its own teardown request for the same MKHSA should send a teardown response Steve Emeott, Motorola

Download ppt "Overview of Key Holder Security Association Teardown Mechanism"

Similar presentations

Doc.: IEEE 802.11-09/0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: 2009-01-19 Authors:

Doc.: IEEE /0114r1 Submission January 2009 Tony Braskich, MotorolaSlide 1 A vendor specific plan for centralized security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE 802.11-08-0317r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: IEEE 802.11-10/0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: 2010-05-15 Authors:

Doc.: IEEE /0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: Authors:
1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-06-0734-00-0000 Title: MIH Protocol State Machine Date Submitted: September 13, 2006 Presented at IEEE.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol State Machine Date Submitted: September 13, 2006 Presented at IEEE.
Doc.: IEEE 802.11-07/0358r0 Submission March 2007 Zhao and Walker, Intel CorpSlide 1 Thoughts on Peer Capacity Date: 2007-03-15 Authors: Notice: This document.

Doc.: IEEE /0358r0 Submission March 2007 Zhao and Walker, Intel CorpSlide 1 Thoughts on Peer Capacity Date: Authors: Notice: This document.
Doc.: IEEE 802.11-08/0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: 2008-05-13 Authors:

Doc.: IEEE /0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: Authors:
Doc.: IEEE 802.11-09/0232r0 Submission February 2009 Meiyuan Zhao, IntelSlide 1 Suggestions to Clean Up Peering Management Frames Date: 2009-02-10.

Doc.: IEEE /0232r0 Submission February 2009 Meiyuan Zhao, IntelSlide 1 Suggestions to Clean Up Peering Management Frames Date:
Doc.: IEEE 802.11-06/1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.

Doc.: IEEE /1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.
Doc.: IEEE 802.11-08-0317r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Protocol Coexistence Issue in MSA Subsequent Authentication

Protocol Coexistence Issue in MSA Subsequent Authentication
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Doc.: IEEE 802.11-06/1353r0 Submission September 2006 J. Walker, M. Zhao, and S. Conner (Intel) Slide 1 Summary of Security and Link Establishment Protocols.

Doc.: IEEE /1353r0 Submission September 2006 J. Walker, M. Zhao, and S. Conner (Intel) Slide 1 Summary of Security and Link Establishment Protocols.
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.

EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
Architectural Considerations for IEEE s

Architectural Considerations for IEEE s
Relationship between peer link and physical link

Relationship between peer link and physical link
Submission Title: [Proposal for MAC Peering Procedure]

Submission Title: [Proposal for MAC Peering Procedure]
Updates on Abbreviated Handshake

Updates on Abbreviated Handshake

Similar presentations

Ads by Google