Presentation is loading. Please wait.

Presentation is loading. Please wait.

Opportunistic Wireless Encryption

Published byOsborne Townsend Modified over 6 years ago

Similar presentations

Presentation on theme: "Opportunistic Wireless Encryption"— Presentation transcript:

1 Opportunistic Wireless Encryption
September 2015 doc.: IEEE /1128r0 September 2015 Opportunistic Wireless Encryption Date: Authors: Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

2 September 2015 doc.: IEEE /1128r0 September 2015 Abstract This submission presents an idea for addressing a problem with public wi-fi hotspots Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

3 Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi”
September 2015 doc.: IEEE /1128r0 September 2015 The Situation Wireless Internet access as an entitlement– “oh, no wi-fi, let’s go somewhere else” Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi” They want to provide a service but don’t want it to be a pain to configure or use They want to provide some notion of both service and security to customers Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

4 The Problem Perpetual battle: Security vs Ease-of-Use
September 2015 doc.: IEEE /1128r0 September 2015 The Problem Perpetual battle: Security vs Ease-of-Use They want it to be easy-to-use Don’t bug the staff too much– “no I said the L is capital” Don’t irritate the customer– “wait, what? say that again” Don’t require specialized knowledge– “what’s an EAP method? How do I configure an ‘anonymous identity’?” They want some notion of security Want it to be better-than-nothing security Don’t want to have to get/generate/install a certificate Secure access by patrons has to scale (see easy-to-use) Result: Both sides lose Dan Harkins, Aruba Networks (an HP company) Dan Harkins, Aruba Networks (an HP company)

5 Dan Harkins, Aruba Networks (an HP company)
FAIL September 2015 Dan Harkins, Aruba Networks (an HP company)

6 The Solution? OWE Make it simple to provision– just switch it on
September 2015 The Solution? OWE Make it simple to provision– just switch it on Make it virtually impossible to misconfigure– no user entry required Make public wi-fi “suck less” than it does when using a shared PSK Raise the bar that is necessary to perform pervasive monitoring just a bit higher OWE is an outgrowth of an IETF BOF on improving the captive portal experience Dan Harkins, Aruba Networks (an HP company)

7 IETF Proposal Upside Downside
September 2015 IETF Proposal Network appears “open” to the user (no lock icon), uses a Vendor Specific Element in beacons and probe responses to indicate OWE After association in an OWE network, STA and AP do the PSK authentication using the SSID as the password Upside No need to explain/enter anything, just works Code changes AP side are trivial; STA side, manageable Downside Inherits all the security problems of shared PSK Publicly advertises the PSK so arguably worse! Dan Harkins, Aruba Networks (an HP company)

8 Don’t do it in the IETF, let’s do it here AP advertises an OWE AKM
September 2015 My Proposal Don’t do it in the IETF, let’s do it here AP advertises an OWE AKM When associating to an SSID with OWE include Diffie-Hellman exponentials in (Re)Associate Request and Resonse STA and AP perform Diffie-Hellman, use shared secret to derive a PMK Use this (truly pairwise) PMK with 4-way HS Dan Harkins, Aruba Networks (an HP company)

9 Benefits More secure than a shared PSK Easier to set-up than PSK
September 2015 Benefits More secure than a shared PSK Not susceptible to passive attack All those tools downloadable from Internet to crack PSKs won’t work! Easier to set-up than PSK Nothing to provision or describe, no user error Easier to use by customers Absolutely nothing needed to do! It just works. Makes pervasive monitoring harder Easier to use plus better security! Winner, winner! Dan Harkins, Aruba Networks (an HP company)

10 ขอขอบคณ ุ Thank You! September 2015
Dan Harkins, Aruba Networks (an HP company)

11 September 2015 Questions? Dan Harkins, Aruba Networks (an HP company)

12 Option 1: Good idea, we should do it!
September 2015 OWE Straw Poll Option 1: Good idea, we should do it! Option 2: Bad idea, let the IETF do it! Option 3: I was reading my and not paying attention, sorry. Dan Harkins, Aruba Networks (an HP company)

Download ppt "Opportunistic Wireless Encryption"

Similar presentations

Doc.: IEEE 802.11-00/410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.

Doc.: IEEE /410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.
Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Secure Pre-Shared Key Authentication for IKE

Secure Pre-Shared Key Authentication for IKE
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE 802.11-11/0877r0 Submission June 2011 802.11 WG Slide 1 TGs response to CN NB comments Date: 2011-06-17 Authors:

Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
1 C-DAC/Kolkata C-DAC All Rights Reserved www.cdackolkata.in Computer Security.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE 802.11-10/0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: 2010-03-08 Authors:

Doc.: IEEE /0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: Authors:
Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date: 2015-09-13.

Submission doc.: IEEE /1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date:
Doc.: IEEE 802.11-09/0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure 802.11 Authentication Using Only A Password Date: 2009-01-19.

Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Doc.: IEEE 802.11-08/1294r0 Submission November 2008 Kenan Xu, Nortel NetworksSlide 1 Enhancing BSS Transition Management Date: 2008-11-07 Authors:

Doc.: IEEE /1294r0 Submission November 2008 Kenan Xu, Nortel NetworksSlide 1 Enhancing BSS Transition Management Date: Authors:
Doc.: IEEE 802.11-07/2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.

Doc.: IEEE /2215r4 Submission August 2007 Ganesh Venkatesan, Intel CorporationSlide 1 Proposal –Radio Resource Measurement Capability Enabled.
Doc.: IEEE 802.11-12/0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: 2012-05-04 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-07/0448r0 Submission March, 2007 Srinivas SreemanthulaSlide 1 Joiint TGU-802.21: Emergency Identifiers Notice: This document has been.

Doc.: IEEE /0448r0 Submission March, 2007 Srinivas SreemanthulaSlide 1 Joiint TGU : Emergency Identifiers Notice: This document has been.
Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date: 2016-03-16.

Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:
Doc.: IEEE 802.11-10/0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: 2010-07-14 Authors:

Doc.: IEEE /0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: Authors:
Submission doc.: IEEE 11-12-0314r1 March 2012 Dan Harkins, Aruba NetworksSlide 1 The Pitfalls of Hacking and Grafting Date: 2012-03-08 Authors:

Submission doc.: IEEE r1 March 2012 Dan Harkins, Aruba NetworksSlide 1 The Pitfalls of Hacking and Grafting Date: Authors:

Similar presentations

Ads by Google