Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure WNM Requirements

Published byOskar Viken Modified over 5 years ago

Similar presentations

Presentation on theme: "Secure WNM Requirements"— Presentation transcript:

1 Secure WNM Requirements
Month Year May 2005 May 2005 Secure WNM Requirements Authors: Date: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at Emily Qi, Intel Corporation Emily Qi, Intel Corporation

2 Month Year May 2005 May 2005 Abstract This document provides threat analysis and protection service requirements for Wireless Network Management. Emily Qi, Intel Corporation Emily Qi, Intel Corporation

3 Agenda Possible Service Categories for WNM Threat Analysis for WNM
Month Year May 2005 May 2005 Agenda Possible Service Categories for WNM Threat Analysis for WNM Requirements for TGw Requirements for TGv Emily Qi, Intel Corporation Emily Qi, Intel Corporation

4 Month Year May 2005 May 2005 Purpose of v (from PAR) Enables management of attached stations in a centralized or in a distributed fashion (e.g. monitoring, configuring, and updating) through a layer 2 mechanism. Control and setting MIB parameter over the air have security implications Emily Qi, Intel Corporation Emily Qi, Intel Corporation

5 Possible Service Categories for 802.11v
Month Year May 2005 May 2005 Possible Service Categories for v Configuration Management Performance and Resource Management Operations Management Fault and Security Management Accounting Management Location Services, etc. (refereed to doc.:0076r00 by John Klein, et al) Emily Qi, Intel Corporation Emily Qi, Intel Corporation

6 Threats to Wireless Network Mangements
Month Year May 2005 May 2005 Threats to Wireless Network Mangements Forgery Attack Masquerade Delay Attack Disclosure Denial of Service Traffic Analysis Emily Qi, Intel Corporation Emily Qi, Intel Corporation

7 Month Year May 2005 May 2005 Forgery Attack The essence of this threat is that an unauthorized entity could change any management parameter, including those related to configuration, operations, and accounting WNM management message could be reordered and replay to effect unauthorized management operations For example, unauthorized entity can modify “Direct Roam” message (for load balancing) to direct the STA to another AP Requirement: Need Forgery Protection - TGw Emily Qi, Intel Corporation Emily Qi, Intel Corporation

8 Month Year May 2005 May 2005 Masquerade Management operations that are not authorized for some entity may be attempted by that entity by assuming the identity of an authorized entity For example, an unauthorized AP, who is not authorized for STA’s firmware update, may attempt to update STA’s firmware Requirement: Need to advertise and negotiate the authorized entity for manageable services - TGv Need Authentication and Authorization Protection - TGw STA and AP Emily Qi, Intel Corporation Emily Qi, Intel Corporation

9 Month Year May 2005 May 2005 Delay Attack WNM management message could be delayed to effect invalid management operations. For example, a delayed “Direct Roam” message (for Load Balancing) may not be valid any more. Requirement: Need Delay Protection – TGw ? Need Timeliness protection to protect against message delay - TGv Emily Qi, Intel Corporation Emily Qi, Intel Corporation

10 Disclosure Requirement:  Need Confidentiality Protection - TGw
Month Year May 2005 May 2005 Disclosure An entity could observe exchanges between an AP and a STA and thereby learn the values of managed objects and learn of notify-able events For example, the observation of a set of command of location information and management (for Location Service) would enable an attacker to learn asset tracking Because of privacy concerns, Manager (AP) and Agent (STA) may not want a third party to know their accounting parameter setting (for Accounting Management) Also, need to be consistent with SNMP v3 policy for confidentiality Requirement:  Need Confidentiality Protection - TGw Emily Qi, Intel Corporation Emily Qi, Intel Corporation

11 Denial-of-service An attacker may prevent exchange between AP and STA
Month Year May 2005 May 2005 Denial-of-service An attacker may prevent exchange between AP and STA Wireless Network Connection Failure Disrupt all type of exchanges Forgery management message can create novel denial-of-service attacks #1 and #2 are not a new denial-of-service threat. Accordingly, there can be no requirement to protect against them. #3 needs Forgery protection - TGw Emily Qi, Intel Corporation Emily Qi, Intel Corporation

12 Month Year May 2005 May 2005 Traffic Analysis An attacker may observe the general pattern of management traffic between AP and STA Many Wireless Network traffic patterns are predictable and therefore there is no need significant advantage to protecting against observing these traffic patterns. No need to protect against this attack Emily Qi, Intel Corporation Emily Qi, Intel Corporation

13 Protection Requirements for TGw (summary)
Month Year May 2005 May 2005 Protection Requirements for TGw (summary) Authentication Protection Authorization Protection Forgery Protection Replay Protection Delay Protection Confidentiality Protection Emily Qi, Intel Corporation Emily Qi, Intel Corporation

14 Protection Requirements for TGv (1)
Month Year May 2005 May 2005 Protection Requirements for TGv (1) Requirement: Need to advertise and negotiate the authorized entity for specific manageable services: Provide policy advertisement, discovery, negotiation mechanisms for the manageable services that AP and STA agree upon Indicate the possible reactions that STA could response Preserve design that operates in unlicensed band Usage scenarios should cover for Enterprise, Home, and Hotspot Emily Qi, Intel Corporation Emily Qi, Intel Corporation

15 Protection Requirements for TGv (2)
Month Year May 2005 May 2005 Protection Requirements for TGv (2) Requirement: Timeliness protection to protect against message delay: The manager (sender) should dictates that a message must be received within a reasonable time window, to avoid delay attacks. The time window should be chosen to be as small as possible given the accuracy of the clocks involved and round-trip communication delays The receiver should conduct a timeliness checking when message arrives Emily Qi, Intel Corporation Emily Qi, Intel Corporation

16 May 2005 Feedback? Emily Qi, Intel Corporation

Download ppt "Secure WNM Requirements"

Similar presentations

Use of KCK for TGr Management Frame Protection

Use of KCK for TGr Management Frame Protection
LB84 General AdHoc Group Sept. Closing TGn Motions

LB84 General AdHoc Group Sept. Closing TGn Motions
[ Interim Meetings 2006] Date: Authors: July 2005

[ Interim Meetings 2006] Date: Authors: July 2005
IEEE White Space Radio Contribution Title

IEEE White Space Radio Contribution Title
TGu/TGv Joint Session Date: Authors: July 2005 July 2005

TGu/TGv Joint Session Date: Authors: July 2005 July 2005
LB73 Noise and Location Categories

LB73 Noise and Location Categories
LB73 Noise and Location Categories

LB73 Noise and Location Categories
Waveform Generator Source Code

Waveform Generator Source Code
TGu Closing Report Date: Authors: November 2005

TGu Closing Report Date: Authors: November 2005
March 2014 Election Results

March 2014 Election Results
TGp Closing Report Date: Authors: July 2007 Month Year

TGp Closing Report Date: Authors: July 2007 Month Year
Attendance and Documentation for the March 2007 Plenary

Attendance and Documentation for the March 2007 Plenary
3GPP Extended Date: Authors: July 2005 July 2005

3GPP Extended Date: Authors: July 2005 July 2005
[ Policies and Procedure Summary]

[ Policies and Procedure Summary]
[ Policies and Procedure Summary]

[ Policies and Procedure Summary]
3GPP liaison report May 2006 May 2006 Date: Authors:

3GPP liaison report May 2006 May 2006 Date: Authors:
Motion to accept Draft p 2.0

Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005

Protected SSIDs Date: Authors: March 2005 March 2005
3GPP liaison report July 2006

3GPP liaison report July 2006
[place presentation subject title text here]

[place presentation subject title text here]

Similar presentations

Ads by Google