Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Key Management of MP with multiple radios

Published byYuliana Tedja Modified over 6 years ago

Similar presentations

Presentation on theme: "Authentication and Key Management of MP with multiple radios"— Presentation transcript:

1 Authentication and Key Management of MP with multiple radios
Month Year doc.: IEEE yy/xxxxr0 March 2008 Authentication and Key Management of MP with multiple radios Date: Authors: Charles Fan,Amy Zhang, Huawei John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 March 2008 Abstract This presentation states the CID #504 from LB126, the secure association setup problem when the multiple radios MP joins into the mesh network, and the suggested solution including the summary text change of the draft. CID#504: PMK-MKD which is derived after the higher-layer authentication should only be related with the authentication credential and some other device information , not tighten-related with the MAC address of a radio. It would induce multiple authentication problems when the mesh node has two or more radios 解决什么问题 多radio的重复认证问题 Charles Fan,Amy Zhang, Huawei John Doe, Some Company

3 Agenda Problem Statement Resolution March 2008
Charles Fan,Amy Zhang, Huawei

4 Current Secure association setup mechanism
March 2008 Current Secure association setup mechanism Supplicant Step2: After MP authenticates with AS through MKD PMK-MKD and MKDK will be derived using the current hierarchy Mesh Authenticator Step1: Authentication Method & Role & Key Management type Negotiation Probe/Beacon Peer Link Management Step2:Authentication through MKD & The key hierarchy setup Initial Authentication if needed Step3: PTK/GTK distribution 4-Way handshake to build session keys Secure communication Charles Fan,Amy Zhang, Huawei

5 Current 802.11s Key Hierarchy
Month Year doc.: IEEE yy/xxxxr0 March 2008 Current s Key Hierarchy The PMK-MKD and MKDK are bound with SPA. MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) There will be multiple SPAs for a multi-radio Supplicant MP; hence there will be multiple PMK-MKDs and MKDKs Multiple initial authentication procedures should have to be launched. Held by MKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held & Derived by Supplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) PMK-MA PMK-MKD PTK MKDK MPTK-KD Key Distribution branch Link Security Branch Suggestions: MPTK-KD = KDF-256(MKDK, “Mesh PTK-KD Key”, MeshID, MKD-NASID, MKD-ID, Dev_ID, MA-Nonce, MKD-Nonce) Charles Fan,Amy Zhang, Huawei John Doe, Some Company

6 Disadvantages of multiple authentications
March 2008 Disadvantages of multiple authentications Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. The authentication credential may be used by multiple MPs simultaneously. Increase the air cost overhead when launching multiple times initial authentication Charles Fan,Amy Zhang, Huawei

7 Agenda Problem Statement Resolution March 2008
Charles Fan,Amy Zhang, Huawei

8 Solution Requirements
March 2008 Solution Requirements The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. Authentication credential is issued one MP device One PMK-MKD and one MKDK for an MP, shared by all the radios Different radio in the same MP should use different PTK. Distribute keys for radios of the device through one time initial authentication procedure There should be one MPTK-KD between an MA and MKD. The communication between MKD and MP is not tied to a peer link with MAC addresses Less modification, more better. Charles Fan,Amy Zhang, Huawei

9 Possible solution March 2008
Introduce SP-ID which can only identify the supplicant MP to do the initial authentication. SP-ID: the MAC address of the Supplicant MP. It is the one of the MAC address of the Supplicant MP if it has more than one PHY. PMK-MKD and MKDK should bind with SP-ID, which can identify an MP. Using the SP-ID instead of SPA when deriving PMK-MKD and MKDK MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SP-ID) Only one MPTK-KD between an MA and MKD The definition of MA-ID and MKD-ID are confused to a multi-radio MP because of multiple MAC addresses it has; extend the definitions MA-ID: the MAC address of the MA; it is the one of the MAC address of the MA if it has more than one PHY. MKD-ID: the MAC address of the MKD; it is the one of the MAC address of the MKD if it has more than one PHY. Different PTKs are derived for different radios Change the name of ‘MA-ID’ into ‘MAA’ (Mesh Authenticator Address) because the PTK should bind with peer link MAC addresses and the definition of MA-ID is no more just a MAC address. MAA has the same definition of ‘MA-ID’ in s D2.0 Charles Fan,Amy Zhang, Huawei

10 802.11s Key Hierarchy Clarify
Month Year doc.: IEEE yy/xxxxr0 March 2008 802.11s Key Hierarchy Clarify MAA: the authenticator MP’s MAC address SPA: the supplicant MP’s MAC address SP-ID: the MAC address of the Supplicant MP; it is the one of the MAC address of the Supplicant MP if it has more than one PHY. MA-ID: the MAC address of the MA; it is one of the MAC addresses of the MA if it has more than one PHY. MKD-ID: the MAC address of the MKD; it is the one of the MAC address of the MKD if it has more than one PHY MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SP-ID) Bind with Radios Held by MKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MAA|| SPA) MSK/PSK Bind with MPs Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held & Derived by Supplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MAA||SPA||PMK-MAName) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) PMK-MA PMK-MKD PTK MKDK MPTK-KD Key Distribution branch Link Security Branch Suggestions: MPTK-KD = KDF-256(MKDK, “Mesh PTK-KD Key”, MeshID, MKD-NASID, MKD-ID, Dev_ID, MA-Nonce, MKD-Nonce) Charles Fan,Amy Zhang, Huawei John Doe, Some Company

11 SP-ID included in initial authentication
March 2008 SP-ID included in initial authentication Supplicant MP uses Peer Link Open tell the SP-ID to MA MA transfers the SP-ID to MKD Supplicant MP and MKD use SP-ID to derive the PMK-MKD and MKDK AS Sup MP MA MKD 2. EAPOL (EAP-Request Identity) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 7. EAP Transport (EAP-Success, MSK) 9. EAPOL (EAP-Success) 1. EAPOL-Start 4. Mesh EAP encapsulation (SP-ID) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP-Response Accept PMK-MA) 6. EAP-specific (mutual) authentication Peer Link Open (Request Authentication, SP-ID) Charles Fan,Amy Zhang, Huawei

12 Updated text of the Draft
March 2008 Updated text of the Draft New Abbreviations: SP-ID: Mesh Supplicant Identifier MAA: Mesh Authenticator Address Change the SPA into SP-ID when deriving the MKDK and PMK-MKD. Change the MA-ID into MAA when deriving the PMK-MA and PTK. Add the SP-ID subfield in MSA IE in order to send the SP-ID to authenticator MP. Change the SPA into SP-ID in EAP Authentication field to send the SP-ID to MKD. Extend the definition of MA-ID and MKD-ID to support multiple radios MP. Element ID Length Handshake Control MA-ID SP-ID Selected AKM Suite Selected Pairwise Cipher Suite Chosen PMK Local Nonce Peer Nonce Optional Parameters Encapsulation Type Replay Counter SPA SP-ID EAP Message Length EAP Message Charles Fan,Amy Zhang, Huawei

13 Summarization Less modification, more efficiency
March 2008 Summarization Less modification, more efficiency Add the term ‘SP-ID’ to identify the supplicant MP, because the SPA can not identify the MP, especially for the multiple radio MPs. Add the SP-ID(6 bytes) field in MSA IE to transmit it to MA and then to MKD to do the key hierarchy Extend the definition of MA-ID and MKD-ID to be an unique identify of the MP devices, which are more reasonable to be named as an identifier Rename the ‘MA-ID’ to ‘MAA’ in PMK-MA and PTK derivation formula to make the PMK-MA and PTK bind with peer links Charles Fan,Amy Zhang, Huawei

14 Reference Draft_P802.11s_D2.00 March 2008
Charles Fan,Amy Zhang, Huawei

15 March 2008 Straw Poll Would you like to accept the changes presented in this slide and the detailed text update in 11-08/526r0 to s standard amendment. Yes No Abstain Charles Fan,Amy Zhang, Huawei

Download ppt "Authentication and Key Management of MP with multiple radios"

Similar presentations

Doc.: IEEE 802.11-08/1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: 2008-11-04 Authors:

Doc.: IEEE /1267r0 Submission November 2008 L. Chu Etc.Slide 1 Multiple Radio MP Date: Authors:
Doc.: IEEE 802.11-08-0317r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the 802.15.4 Network.

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
Doc.: IEEE 802.11-06/1625r1 Submission November 2006 Braskich, et al Slide 1 Update to Efficient Mesh Security and Link Establishment Notice: This document.

Doc.: IEEE /1625r1 Submission November 2006 Braskich, et al Slide 1 Update to Efficient Mesh Security and Link Establishment Notice: This document.
Doc.: IEEE 802.11-08/0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: 2008-05-13 Authors:

Doc.: IEEE /0617r0 Submission May 2008 Tony Braskich, MotorolaSlide 1 Refining the Security Architecture Date: Authors:
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN

Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Doc.: IEEE 802.11-06/1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.

Doc.: IEEE /1471r0 Submission September 2006 authors Slide 1 Efficient Mesh Security and Link Establishment Notice: This document has been prepared.
Doc.: IEEE 802.11-08-0317r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r1 Submission March 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Relationship between peer link and physical link

Relationship between peer link and physical link
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
Submission Title: [Proposal for MAC Peering Procedure]

Submission Title: [Proposal for MAC Peering Procedure]
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
FILS presentation on High Level Security Requirements

FILS presentation on High Level Security Requirements
Motions to Address Some Letter Ballot 52 Comments

Motions to Address Some Letter Ballot 52 Comments
Overview of Key Holder Security Association Teardown Mechanism

Overview of Key Holder Security Association Teardown Mechanism
Authentication and Key Management of MP with multiple radios

Authentication and Key Management of MP with multiple radios
Mesh Security Proposal

Mesh Security Proposal

Similar presentations

Ads by Google