Presentation is loading. Please wait.

Presentation is loading. Please wait.

Performance Analysis of authentication and authorization

Published byRobyn Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Performance Analysis of authentication and authorization"— Presentation transcript:

1 Performance Analysis of 802.11 authentication and authorization
Jan 2012 doc.: IEEE /0041r0 Jan 2012 Performance Analysis of authentication and authorization Date: Authors: Name Affiliations Address Phone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata, Ontario K2K 3J1 Rob Sun etc, Huawei. Rob Sun, Huawei

2 Jan 2012 doc.: IEEE /0041r0 Jan 2012 Abstract This proposal provides analysis of primary delay contributors within RSNA security protocol in accordance with IEEE i. Rob Sun etc, Huawei. Rob Sun, Huawei

3 Conformance w/ TGai PAR & 5C
Jan 2012 doc.: IEEE /0041r0 Jan 2012 Conformance w/ TGai PAR & 5C Conformance Question Response Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in ? No Does the proposal change the MAC SAP interface? Does the proposal require or introduce a change to the architecture? Does the proposal introduce a change in the channel access mechanism? Does the proposal introduce a change in the PHY? Which of the following link set-up phases is addressed by the proposal? (1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment 3 Rob Sun etc, Huawei. Rob Sun, Huawei

4 IEEE 802.11 EAP Authentication and Authorization Delay Contributors
Jan 2012 IEEE EAP Authentication and Authorization Delay Contributors EAP Authentication Phases EAPOL handshake EAP specific methods Authentication and Key establishment Key Agreement Key Generation Key Transport 4-Way handshake Rob Sun etc, Huawei.

5 Jan 2012 .11 EAPOL Handshake Purpose: To initiate the EAP/802.1X based authentication; Components: - EAPOL Start (STA ->AP) - EAPOL Identity Request (AP ->STA) - EAPOL Identity Response (STA ->AP) - EAPOL success/failure (AP ->STA) Primary Delay Contributors T1: - air time transmission Rob Sun etc, Huawei.

6 Air Time of 802.1X EAPOL messages
Jan 2012 Air Time of 802.1X EAPOL messages DIFS CW Preamble Data SIFS Preamble Data Message Frame ACK Frame SIFS = 16 us; DIFS = 34 us; CW = 67.5 us; (average of CWmin); Preamble:= L-STF (8us)+L-LTF(8us)+L-SIG(4us)+HT-SIG(8us)+HT-STF(4us)+HT-LTF(4us) = 36 us; Data rate = 6.5 Mbps; (MCS0 in n) Results: EAPOL start air time = 369.1us EAPOL identity request = 369.1us EAPOL identity response = us EAPOL success =369.1us Total T1= us =2.5ms Reference: Draft P802.11REVmb_D12.0 Rob Sun etc, Huawei.

7 EAP Authentication and Key establishment
Jan 2012 EAP Authentication and Key establishment Purpose : To provide the mutual authentication and RSNA key establishment Components : EAP Specific Authentication - Different EAP methods are examined for delay comparison Hypothesis : PSK based EAP methods consumes less key establishment time than X.509 certificate based pair-wise key establishment ( reference: RFC 5216, and FIPS SP A) . Primary Delay Contributor T2: - X.509 certificate verification delay - Key generation delay - Handshake Delay (Air time + Wired Delay) Note1: All EAP methods are assumed using 4 message handshake as per RFC 5216 Note 2: Wired Delay is non negligible but wasn’t calculated Rob Sun etc, Huawei.

8 Performance of various EAP methods and EAP-PSK methods
Jan 2012 Performance of various EAP methods and EAP-PSK methods Testing Environment: Server and Client Side: CPU: PIII 550Mhz RAM: 256M OS: Windows XP HD: 40G Simulation Software: OpenSSL (Open source toolkit for TLS) # of Iterations: 100,000 Rob Sun etc, Huawei.

9 Client and Server processing time
Jan 2012 Client and Server processing time Both Client and Server processing time including the following operations Initialization Key Processing Signature Processing Tested Candidates: 1) EAP-PSK (RFC 4764) 2) EAP-TLS w/ cipher suites of DHE-DSS-1024 3) EAP-TLS w/ cipher suites of RSA 1024 (PKCS #1) For DHE-DSS-1024 with mutual authentication For RSA 1024 with server authentication Rob Sun etc, Huawei.

10 Client and Server processing time
Jan 2012 Client and Server processing time EAP Methods Client Processing time (ms) Server Processing Time (ms) EAP-PSK EAP-TLS (DHE-DSS-1024) EAP-TLS (RSA-1024) Rob Sun etc, Huawei.

11 4-Way Handshake Processing Time
Jan 2012 4-Way Handshake Processing Time Purpose: To establish the trust and derive the over-the-air session keys between STA and AP Component: Initialization (Nonce generation) MIC calculation KDF function 4 EAPOL key messages Primary delay contributors T3: - KDF function - Handshake air time Note: same testing environment 4 WAY handshake Processing Time (ms) Initialization KDF functions and MIC Air time 1.22 Total Rob Sun etc, Huawei.

12 Total in Serialized operation (ms)
Jan 2012 Conclusion Total Time consumed by RSNA authentication and key establishment is: 802.1X EAPOL over the air handshake contributes minimum in overall delay ( T1<3ms) 4 way handshake doesn’t contribute major delay (T3<7ms) Major delay contributor is from EAP authentication with chosen methods (T2) Potential Reasons 1) Certificates verification 2) Finite Field Prime number modular calculation and DLC hard problem EAP-PSK demonstrates ideal performance in key establishment and is suitable for FILS authentication (with <20ms) . EAP-TLS with X.509 certificate based authentication options and key establishment imposes tight time budget in satisfying the performance objectives of TGai. RSNA authentication T1 (ms) T2 in Client(ms) T2 in Server(ms) T3(ms) Total in client (ms) Total in Server (ms) Total in Serialized operation (ms) EAP-PSK 2.584 EAP-TLS(DHE-DSS-1024) EAP-TLS(RSA 1024) Rob Sun etc, Huawei.

13 Jan 2012 Further discussion Even though the choice of EAP methods are out of scope of IEEE 802 working group, would it be necessary to promote EAP-PSK as the candidate for the FILS authentication specific method? DHCP and DNS are both the major contributors of the delay, pre-establishment should be ideal for TGai. Rob Sun etc, Huawei.

14 References RFC 5216 RFC 4764 RFC 2246 and RFC 2246-bis-13
Jan 2012 References RFC 5216 RFC 4764 RFC 2246 and RFC 2246-bis-13 Draft P802.11REVmb_D12.0 FIPS SP A FIP annex C RSA PKCS #1 Rob Sun etc, Huawei.

15 Jan 2012 Questions & Comments Rob Sun etc, Huawei.

Download ppt "Performance Analysis of authentication and authorization"

Similar presentations

Doc.: IEEE 802.11-11/1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA

Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE 802.11-11/1436r0 Submission NameAffiliationsAddressPhoneemail Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1436r0 Submission NameAffiliationsAddressPhone Robert Sun Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Doc.: IEEE 802.11-11/0780r1 Submission NameAffiliationsAddressPhoneemail Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.

Doc.: IEEE /0780r1 Submission NameAffiliationsAddressPhone Ping Fang Zhiming Ding Phillip Barber Rob Sun Huawei Technologies Co., Ltd. Bldg.
Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: IEEE 802.11-12/0039r0 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.

Doc.: IEEE /0039r0 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.
Doc.: IEEE 802. 11-12/0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date: 2012-04-21.

Doc.: IEEE /0547r1 Submission May 2012 Dapeng Liu, China MobileSlide 1 Extend 802.1X for higher layer configuration in FILS Date:
Doc.: IEEE 802.11-12/0080r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 AP Admission Control in TGai Date: 2012-01-13 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0080r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 AP Admission Control in TGai Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-11/1426r00 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,

Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.: IEEE 802.11-12/0158r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: 2012-01-19 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0158r0 Submission Jan 2012 Phillip Barber, HuaweiSlide 1 Proposed Additions to SFD Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Higher Layer Packet Container Proposal Presentation

Higher Layer Packet Container Proposal Presentation
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Access Control Mechanism for FILS

Access Control Mechanism for FILS
Omission of Probe Request

Omission of Probe Request
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
AP discovery with FILS beacon

AP discovery with FILS beacon
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
Discussions on FILS Authentication

Discussions on FILS Authentication
TGai Guideline for Submissions to TGai Template Slides

TGai Guideline for Submissions to TGai Template Slides
Triggering the Broadcast Probe Response

Triggering the Broadcast Probe Response

Similar presentations

Ads by Google