Presentation is loading. Please wait.

Presentation is loading. Please wait.

Motorola TGr Fast Handover Proposal

Published byCody Waters Modified over 6 years ago

Similar presentations

Presentation on theme: "Motorola TGr Fast Handover Proposal"— Presentation transcript:

1 Motorola TGr Fast Handover Proposal
October 2004 Motorola TGr Fast Handover Proposal Authors: Steve Emeott, Tony Braskich, Floyd Simpson, Ruben Formoso, Stephen Wang Motorola, Inc. Date: October 15, 2004 Steve Emeott (Motorola), et. al.

2 Reasons for Pursuing Faster BSS Transitions
October 2004 Reasons for Pursuing Faster BSS Transitions The following are excerpts from the r PAR The purpose of this project is to improve BSS transitions within an ESS and to support real time constraints imposed by applications such as Voice over Internet Protocol (VoIP). With increasing amounts of state being needed before connectivity is allowed as amendments are made to the standard, the time taken to complete a BSS transition is increasing while next generation applications demand decreased BSS transition time. The scope of this project are enhancements to the Medium Access Control (MAC) layer to minimize or eliminate the amount of time data connectivity between the Station (STA) and the Distribution System (DS) is absent during a Basic Service Set (BSS) transition… Security must not be decreased as a result of the enhancement. Steve Emeott (Motorola), et. al.

3 BSS Transition Time Definition
October 2004 BSS Transition Time Definition Authentication Server Traffic Endpoint DS Current AP New AP STA BSS Transition With Security enabled The period between the last possible point in time where STA-TE communication can pass through the current AP, to the point in time where the first MSDU can pass through the controlled port [New AP] Steve Emeott (Motorola), et. al.

4 STA Activities during BSS Transition
October 2004 STA Activities during BSS Transition (Re)association Frame exchange to reconfigure the DS so a supplicant (STA) may communicate with the authentication server (AS) and, eventually, its TE Authentication 10 frames initiating 802.1X authentication between a supplicant and an authentication server for establishing the PMK at a new AP 4-way Handshake 4 frame exchange to test liveness of a new AP and STA and to establish the PTK to be used during a session 802.11e Admissions Control Frame exchange required to ensure that time on the channel is reserved by a QoS-enabled AP for the QoS-enabled STA Steve Emeott (Motorola), et. al.

5 October 2004 Setting Up a PMK Authenticator (AP) Supplicant (STA) AS EAPOL-start EAP-Req/ID EAP-Resp/ID EAP-TLS: start EAP-TLS: client Hello EAP-TLS: server Hello, server Cert, done EAP-TLS: cert, change cipher, finished EAP-TLS: change cipher, finished EAP-TLS: empty EAP-success Transfer PMK 802.11i authentication continues with 4-way handshake Figure illustrates 802.1X EAP-TLS authentication between the station and an authentication server (AS) First message pair sets up EAPOL ID After 4 more message pairs, STA is authenticated and pairwise master key (PMK) has been calculated Finally, in last step, AS forwards PMK to current AP Steve Emeott (Motorola), et. al.

6 4-way Security Handshake
October 2004 4-way Security Handshake Once a PMK has been installed at both the STA and its current AP, the current AP initiates a 4-way handshake with the STA (figure illustrates case where PMK is cached at the new AP) The 4-way handshake ensures liveness by generating a unique pairwise transient key (PTK) to be used during a session The PTK is used for data encryption New AP STA Reassociation Request + PMKID Authentication complete; data traffic may begin. Reassociation Response 4-way H.S. #1 (ANonce) 4-way H.S. #2 (SNonce, MIC, RSN IE) 4-way H.S. #3 (ANonce, MIC, GTK, RSN IE) 4-way H.S. #4 (MIC) Calculate PTK Locate PMK Steve Emeott (Motorola), et. al.

7 Setting up a PMK in Advance
October 2004 Authentication Server Traffic Endpoint DS Current AP New AP STA 2 1 EAPOL and i preauthentication (bottom figure) allows a STA to authenticate with a New AP in advance of a transition A station begins preauthentication by sending an EAPOL-Start message to the New AP Useful when a handover target is known in advance, or the number of neighbors is small The STA will then perform the 4-way handshake with New AP Authentication Authentication Server Traffic Endpoint DS Current AP New AP STA 2 1 Preauthentication Steve Emeott (Motorola), et. al.

8 Shortcomings of Current Procedure
October 2004 Shortcomings of Current Procedure Full 802.1X authentication (e.g. EAP-TLS) involves many messages with a potentially slow AS Preauthentication is only a partial solution Reverts to full authentication if the STA fails to preauthenticate prior to the transition (e.g. STA finds new target around the corner) Load on both the channel and the server grows with number of potential handover targets, unless STA is selective If a group of people move at the same time (e.g. leaving a room), load placed on the authentication server is high May require communication with (slow) AS when the STA is pressed for time, due to an impending handover The handshaking that occurs during the BSS transition requires too many messages The STA must transition blindly, not knowing if the target AP will admit new traffic or not Steve Emeott (Motorola), et. al.

9 Fast Handover Proposal
October 2004 Fast Handover Proposal Fast Handover Key Fast Handover Point (Depository) Split 4-way Handshake Preadmissions Steve Emeott (Motorola), et. al.

10 Fast Handover Key (Part 1)
October 2004 Fast Handover Key (Part 1) A fast handover key is an i PMK It is obtained by a STA, from an authentication server, while the STA is associated with its current AP A fast handover PMKID identifies the fast handover key and is used when the STA transitions to a new AP After each transition, the STA must obtain a new fast handover key Steve Emeott (Motorola), et. al.

11 Establishment of Fast Handover Key
October 2004 Establishment of Fast Handover Key In this example, a STA uses a preauthentication process to establish a fast handover key at its current AP (through paths 1 and 2) EAPOL messages employed by the STA enable the fast handover key to be established at the current AP or at another suitable point (more details to follow) During a transition, a new AP may retrieve a station’s fast handover key from its previous AP (not shown) Authentication Server Traffic Endpoint DS Current AP New AP STA 2 1 BSS Transition Steve Emeott (Motorola), et. al.

12 Use of the Fast Handover Key
October 2004 Use of the Fast Handover Key This figure shows a STA initiating a fast handover by transmitting the fast handover PMKID to the new AP in its reassociation message (step 1) Upon receiving the fast handover PMKID, the new AP obtains the fast handover key from the prior AP and commences the i handshake (steps 2 and 3) If the fast handover key is not available, the STA must go through full authentication Authentication Server Traffic Endpoint DS Prior AP New AP STA 2 3 1 BSS Transition Steve Emeott (Motorola), et. al.

13 Fast Handover Point (Part 2)
October 2004 Fast Handover Point (Part 2) Problem The current AP of each STA is not always the most convenient or efficient location at which to store its fast handover key There are scenarios to consider where centralized storage of the fast handover key is desired or where lightweight APs or WLAN switches are employed Solution: The concept of a fast handover point (FHP), a depository for the fast handover key and related information The FHP is introduced to allow the process of storing and distributing a fast handover key to be abstracted, and centralized A trust relationship established via a shared key permits the depository to hold the fast handover key for future authenticators Supplicant Inter- mediary Authen- tication Server Depository ticator Trust via Shared Secret Trust via 802.1X STA New AP Current AP Fast Handover Point Steve Emeott (Motorola), et. al.

14 Use of the Fast Handover Point
October 2004 Use of the Fast Handover Point Authentication Server Traffic Endpoint DS Current AP New AP STA 2 1 In the upper figure, the STA uses preauthentication to establish a fast handover key at its current AP In the lower figure, the STA establishes the fast handover key at its fast handover point instead If a fast handover point is not present in the network, the new AP should retrieve the fast handover key from the prior AP of the STA If trust relationships exists, the FHP may push the fast handover key out to a set of trusted neighbors APs, foreshortening the handshake Current AP Depository Fast Handover Point Traffic Endpoint DS Current AP New AP STA 2 Authentication Server 1 Fast Handover Point Depository Steve Emeott (Motorola), et. al.

15 Fast Handover Point Implementation
October 2004 Fast Handover Point Implementation The fast handover point is a functional entity and may be implemented any number of ways: Standalone device Embedded within an AP (e.g. current AP) Paired with authentication server Embedded in a WLAN switch Options provide ample opportunity for product differentiation Steve Emeott (Motorola), et. al.

16 Split 4-way Handshake (Part 3)
October 2004 Split 4-way Handshake (Part 3) Proposal splits 4-way handshake into two parts First part Current AP (or if present the fast handover point) generates fast handover Anonce, forwards it to station and neighbor AP Second part When STA transitions to a New AP, it continues the security setup by transmitting second message of the 4-way handshake Steve Emeott (Motorola), et. al.

17 October 2004 Fast Handover Anonce FHP AS STA EAPOL-Start (initiate 802.1X auth.) 802.1X Authentication exchange; communication via the FHP. Optional – Request to distribute PMK PMK Target AP PMK for STA, (unique) ANonce ANonce Table Handover Decision Reassociation Request (PMKID included) Reassociation Response Figure illustrates how FHP generates and distributes fast handover Anonce values Unique Anonce value may be calculated for each neighbor AP FHP provides STA with table of unique Anonce values, one for each neighbor Steve Emeott (Motorola), et. al.

18 Anonce Generation and Distribution
October 2004 Anonce Generation and Distribution Once the fast handover point obtains the fast handover PMK (step 1), it generates a table of Anonce values, one for each neighbor AP It also generates a fast handover Anonce to use for APs not on the neighbor list FHP forwards Anonce table to the STA, and distributes an Anonce value to each neighbor AP (steps 2 & 3) Neighbor APs not receiving an Anonce may query FHP for fast handover Anonce Fast Handover Point Traffic Endpoint DS Current AP New AP STA 2 1 Authentication Server 3 BSS Transition Steve Emeott (Motorola), et. al.

19 Post Transition Handshake
October 2004 Post Transition Handshake Since both the STA and new AP know the Anonce in advance, message #1 of the 4-way handshake may be omitted Message #2 may be piggybacked onto reassociation request The total number of reassociation and authentication messages is reduced from 6 to 3, without giving up liveness checks and without compromising security New AP STA Reassociation Request + PMKID + message 4 intent + H.S. Message 2 (SNonce) Security H.S. Message #4 – Optional Reassociation Response + H.S. Message 3 (GTK) Normal operation resumes. Calculate PTK Locate PMK Steve Emeott (Motorola), et. al.

20 Abbreviated Handshake
October 2004 Abbreviated Handshake The final message in the 4-way handshake serves no cryptographic purpose, and may be eliminated STA may indicate in “message 4 intent” field of fast handover IE in reassociation request that it will not be supplying the ack message End result is that only 2 of 4 messages in 4-way handshake need be exchanged following a transition New AP STA Reassociation Request + PMKID + message 4 intent + H.S. Message 2 (SNonce) Reassociation Response + H.S. Message 3 (GTK) Normal operation resumes. Calculate PTK Locate PMK Steve Emeott (Motorola), et. al.

21 Putting it all Together
October 2004 Putting it all Together The STA obtains a fast handover key, which the AS also deposited in the fast handover point The fast handover point generates an Anonce for each neighbor AP, and forwards it to STA Once these two tasks are completed, the STA is ready to complete a fast BSS transition Steve Emeott (Motorola), et. al.

22 Completing the fast BSS Transition
October 2004 Completing the fast BSS Transition Legacy Open-System Authentication is preserved The STA initiates a fast handover by inserting the fast handover PMKID and Snonce in its reassociation request At this point, both the STA and new AP can calculate the PTK The AP replies with a reassociation response including the contents of handshake message #3 Once the STA receives this reply, normal operation resumes New AP STA Reassociation Request + PMKID + message 4 intent + H.S. Message 2 (SNonce) Security H.S. Message #4 – Optional Reassociation Response + H.S. Message 3 (GTK) Normal operation resumes. Calculate PTK Locate PMK Open System Auth. (Request) Open System Auth. (Response) Steve Emeott (Motorola), et. al.

23 Fast Handover Key Cleanup
October 2004 Fast Handover Key Cleanup The fast handover key is intended for use at one and only one AP Once a STA uses its fast handover key when transitioning to a new AP, the key remains with the new AP and the STA must obtain a new fast handover key prior to the next transition If the FHP takes the initiative to distribute the key to trusted AP, it must also take the initiative to delete the key once a transition is complete (step 2) Fast Handover Point Traffic Endpoint DS Other AP New AP STA 1 2 Authentication Server BSS Transition Steve Emeott (Motorola), et. al.

24 Setting up for the Next Handover
October 2004 Setting up for the Next Handover Once a STA completes a fast transition, it can begin setting up for the next First step is to set up a new fast handover key both at the STA and the FHP Second step is for the FHP to generate fast handover Anonce values and distribute to the STA and potential handover targets Once these steps are completed, the STA is prepared to execute another fast handover Steve Emeott (Motorola), et. al.

25 Preadmissions (Part 4) Problem Solution
October 2004 Preadmissions (Part 4) Problem When the STA transitions between BSS, it does so blindly, not knowing if the new AP will accept the stations TSPECs The time required to a complete TSPEC signaling exchange contributes to unacceptable service interruption time Solution Just prior to making a transition and while still associated with its AP, the STA reserves bandwidth from the new AP via the DS When reassociating with the new AP, the STA piggybacks its TSPEC information to its reassociation message to activate its TSPECs Steve Emeott (Motorola), et. al.

26 October 2004 TSPEC Setup While associated with the current AP, the STA sends a preadmissions message to one or more new APs (paths 1 & 2) The preadmissions message carries TSPECs used by the STA, and specifies a hold times for storing the TSPECs and for keeping a bandwidth reservation The new AP may contact a bandwidth manager (path 3) to reserve resources and/or time on the media for the STA The new AP responds to the request, but otherwise leaves QoS functions such as polling in a suspended mode until after reassociation Fast Handover Point Traffic Endpoint DS Current AP New AP STA Bandwidth Manager BSS Transition 3 2 1 Steve Emeott (Motorola), et. al.

27 Retrieving the Fast Handover PMK
October 2004 Retrieving the Fast Handover PMK Upon receiving a preadmissions request from a STA (paths 1 & 2), the new AP should retrieve the fast handover key from the fast handover point (path 3). Once the fast handover key is cached, the new AP is able to more efficiently process a reassociation request from the STA If the current AP and fast handover point are co-located, the fast handover PMK may be sent along with the preadmissions request Fast Handover Point Traffic Endpoint DS Current AP New AP STA Bandwidth Manager 3 BSS Transition 2 1 Steve Emeott (Motorola), et. al.

28 October 2004 Activating the TSPEC When reassociating, the STA activates its cached TSPEC using a label provided by the new AP during preadmission (step 1) The STA may also piggyback its TSPECs onto the reassociation message in case the information installed during preadmission has timed out Fast handover allows the STA to hold off with preadmissions until immediately before a handover, knowing that the fast handover key is available for any AP Fast Handover Point Traffic Endpoint DS Current AP New AP STA 1 Bandwidth Manager BSS Transition Steve Emeott (Motorola), et. al.

29 Fast Handover Proposal Summary
October 2004 Fast Handover Proposal Summary A means of expediting BSS transitions without compromising security has been proposed and includes the following elements: Fast Handover Key Fast Handover Point (Depository) Split 4-way Handshake Preadmissions Steve Emeott (Motorola), et. al.

30 Pros and Cons Pros Cons STA need not know handover target in advance
October 2004 Pros and Cons Pros STA need not know handover target in advance Reduction in the number of association and authentication messages exchanged during transition from 6 to 2 Procedure built upon preauthentication and handshake procedures already defined by i Make before break admissions Cons Fast handover key shared between four parties instead of three (with the addition of the fast handover point) If there is trust between neighbor APs, fast handover key may be distributed even more widely (each AP uses a different Anonce) Anonce is selected in advance (shared over DS between trusted parties) Steve Emeott (Motorola), et. al.

31 Thank you, and are there any questions?
October 2004 Thank you, and are there any questions? Steve Emeott (Motorola), et. al.

32 October 2004 Straw Poll The TG requests the presenter to provide further details of the proposal at the next step. Yes No Abstain Steve Emeott (Motorola), et. al.

Download ppt "Motorola TGr Fast Handover Proposal"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Shambhu Upadhyaya 1 802.11 Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE 802.11-08/1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: 2008-11-11 Authors:

Doc.: IEEE /1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: Authors:
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN

Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Doc.:11-06-0372-01-000r Submission March 2006 AllSlide 1 A method to refresh the keys hierarchy periodically Notice: This document has been prepared to.

Doc.: r Submission March 2006 AllSlide 1 A method to refresh the keys hierarchy periodically Notice: This document has been prepared to.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-11/1426r00 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,

Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Doc.: IEEE 802.11-05/0874r0 Submission September 2005 C Trecker, et alSlide 1 Test Methodology, Metrics and Test Cases for measuring Fast BSS Transition.

Doc.: IEEE /0874r0 Submission September 2005 C Trecker, et alSlide 1 Test Methodology, Metrics and Test Cases for measuring Fast BSS Transition.
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
802.11k Measurement Frame Proposal

802.11k Measurement Frame Proposal
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report

Similar presentations

Ads by Google