Presentation is loading. Please wait.

Presentation is loading. Please wait.

TruSecure Corporation

Similar presentations


Presentation on theme: "TruSecure Corporation"— Presentation transcript:

1 TruSecure Corporation
doc.: IEEE s July 2004 July 2004 802.11s Security Proposal Robert Moskowitz ICSALabs a Division of TruSecure Corporation Robert Moskowitz, ICSAlabs Robert Moskowitz, ICSAlabs

2 Topics Mesh Assumptions Mesh security Risks A Security view of a Mesh
July 2004 Topics Mesh Assumptions Mesh security Risks A Security view of a Mesh Two Security Models for a Mesh Not 100% thought out! Robert Moskowitz, ICSAlabs

3 Mesh Assumptions An 802.11s mesh consists of both APs and STAs
July 2004 Mesh Assumptions An s mesh consists of both APs and STAs Per , an AP is a STA with additional functions A mesh is a single IEEE 802 LAN As defined in ISO/IEC The 802 LAN does not extend beyond the mesh Not sure this is necessary, but impacts Security Robert Moskowitz, ICSAlabs

4 Mesh Security Risks Only designated STAs are APs
July 2004 Mesh Security Risks Only designated STAs are APs AP control traffic is secure from non-AP STAs Broadcast/Multicast traffic is encrypted only once for the mesh Unicast traffic is secure between STAs Fast key establishment Robert Moskowitz, ICSAlabs

5 A Security View of a Mesh
July 2004 A Security View of a Mesh Connectivity Association (CA): The relationship between peer entities that allows them to communicate. An ESS provides a CA between STAs. SCA is a Secured CA. Robert Moskowitz, ICSAlabs

6 A Security View of a Mesh
July 2004 A Security View of a Mesh Secure Channel (SC): A security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others There are N SCs within an SCA. SCs are unidirectional All the SCs together in a CA define the SCA An optional Security Association (SA) provides security guarantees for frames transmitted from one member of a CA to another member. Robert Moskowitz, ICSAlabs

7 B CAabcd A C SCA SCB SCC SCD D CA = Secure Connection Association
July 2004 CA = Secure Connection Association SCi = Secure Channel from Station (I) to all stations on CA SAij = Security Association Station (i) to Station (j) B CAabcd A C SCA SCB SCC SCD D Robert Moskowitz, ICSAlabs

8 A Security View of a Mesh
July 2004 A Security View of a Mesh SCA risks Without the optional SAs, any STA can spoof another STA within the SCA And this is an N*(N-1) problem Broadcast/Multicast traffic can always be spoofed within an SCA Cost of scaling Potential large number of keys to track Robert Moskowitz, ICSAlabs

9 A Security View of a Mesh
July 2004 A Security View of a Mesh A STA has multiple Secure Channels and one Unsecure Channel The Unsecure Channel is for passing security establishment traffic An ESS can support multiple SCAs If And Only If there is a way to MUX the SCAs below the MAC security service. Even with MUXing there is one Unsecure Channel Robert Moskowitz, ICSAlabs

10 Model #1 for a Mesh Define 2 SCAs One for APs
July 2004 Model #1 for a Mesh Define 2 SCAs One for APs 32 SCs 32*31 SAs - but just 31 subentries under each SC One for all STAs (including APs) Requires MUXing to distinguish AP control frames from general frames Robert Moskowitz, ICSAlabs

11 Model #1 for a Mesh Benefits Costs
July 2004 Model #1 for a Mesh Benefits No Key management costs after AP or STA has joined the mesh Security-Free mobility No Decryption/Encryption of any frames within mesh for forwarding Costs Potentially complex authentication model Every STA authenticated to all other STAs Many keys to manage Actually not hard to create Robert Moskowitz, ICSAlabs

12 Model #2 for a Mesh For N STAs define N+1 SCAs One for APs
July 2004 Model #2 for a Mesh For N STAs define N+1 SCAs One for APs Same as in Model #1 One SCA per STA Consisting of STA and all APs Requires MUXing to distinguish AP control frames from general frames and one STAs frames from other STAs Robert Moskowitz, ICSAlabs

13 Model #2 for a Mesh Benefits Costs Simpler authentication model
July 2004 Model #2 for a Mesh Benefits Simpler authentication model STAs only authenticated to APs No Key management costs after AP or STA has joined the mesh Security-Free mobility Fewer keys to manage than in Model #1 Costs STA-STA traffic de/re encrypted by last AP in chain No STA-STA confidentially Broadcast traffic de/re encrypted by each AP for all STAs Robert Moskowitz, ICSAlabs

14 Questions! LOTS of work still to do July 2004
Robert Moskowitz, ICSAlabs


Download ppt "TruSecure Corporation"

Similar presentations


Ads by Google