Presentation is loading. Please wait.

Presentation is loading. Please wait.

FTM Frame Exchange Authentication

Published byGijs Smeets Modified over 5 years ago

Similar presentations

Presentation on theme: "FTM Frame Exchange Authentication"— Presentation transcript:

1 FTM Frame Exchange Authentication
Month Year doc.: IEEE yy/xxxxr0 Nov. 2016 FTM Frame Exchange Authentication Date: Authors: Naveen Kakani, et. al Qualcomm Corporation Jonathan Segev, Intel

2 Background The need for security in FTM protocol:
Nov. 2016 Background The need for security in FTM protocol: Prior contributions to 11az emphasized the need for Security for FTM frame exchange Proposals addressed the solution for the case when the devices are Associated r1 Functional requirement for secure ranging r0 Security Enhancement to FTM Discussion focused on the need for a common solution for both Associated and un- associated case Naveen Kakani, et. al Qualcomm Corporation

3 Need for both FTM Frame, ACK Authentication
Nov. 2016 User With Mobile Device FTM Request It is possible that the Responder STA can be impersonated in the example here: Responding STA: User with Mobile Device Car: Requesting STA Car is computing the Range with the User Once the FTM Request and Response sequence is done, a snooping device can send the FTM Frame 1 and the Car after receiving measurements from FTM Frame 2 can assume the user is near by and can accidentally open the car Solution: Authenticate the FTM Frame as well There will be signaling in FTM Request Frame to allow for: Authenticate Responder, Requester, or both Car ACK FTM Response ACK FTM Frame_1 ACK (Authenticated) FTM Frame_2 ACK (Autheticated) FTM Frame_3 ACK (Authenticated) FTM Frame_4 Responding STA ACK (Authenticated) Requesting STA Naveen Kakani, et. al Qualcomm Corporation

4 Straw Poll Need for authenticating FTM Responder Yes No Abstain
Nov. 2016 Straw Poll Need for authenticating FTM Responder Yes No Abstain Naveen Kakani, et. al Qualcomm Corporation

5 Outline of the Solution 1/2
Nov. 2016 Outline of the Solution 1/2 Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1: Encrypt ToA/ToD fields or use content from FTM Response ACK (FTM Response) FTM Frame_2 ACK (FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) Set up Security Key Setup Security Key: Diffie Hellman FTM Request frame: Diffie Hellman Group (prime numbers), and also the Public Key from Requesting STA FTM Response frame: Includes the Public Key from Responding STA Both Requesting and Responding STA generate shared-secret Key from the Shared Public key from the Peer and the Diffie Hellman Group Naveen Kakani, et. al Qualcomm Corporation

6 Outline of the Solution 2/2
Nov. 2016 Outline of the Solution 2/2 Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1: Encrypt ToA/ToD fields or use content from FTM Response ACK (FTM Response) FTM Frame_2 ACK (FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) Using the Shared-secret key: Authenticating FTM Frame: Encrypt ToA, ToD fields with shared key (or) Generate an Authentication code based on the content of the last successfully frame transmitted by Responding STA (Content + Key = Authentication code) Authenticating ACK Frame: The Shared-secret key is used to generate the Authentication code to be included in the ACK frame and verified at the Responding STA ACK frame carries Authentication Information based on the content of the previous FTM frame received + Security Key Set up Security Key Naveen Kakani, et. al Qualcomm Corporation

7 Protocol Usage for FTM Burst 1/2
Nov. 2016 Protocol Usage for FTM Burst 1/2 Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1 ACK (FTM Trigger frame) FTM Frame_2 ACK (FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) FTM Trigger Requesting STA sends Trigger frame to initiate FTM Burst ACK to the FTM Trigger frame from FTM Initiator is not Authenticated After the Trigger frame, Responding STA transmits FTM frame which is Acknowledged by Requesting STA The Authenticity of FTM frame when not encrypting ToA and ToD fields: Authentication code is generated based on last successfully transmitted frame from by the Responding STA to Initiator STA. FTM Frame_1: Content of FTM Response Frame + Key FTM Frame_2: Content of FTM Frame_1 + Key When encrypting ToA and ToD fields: the first FTM frame (measurement frame) does not carry any valid ToA, ToD values, so First FTM frame is not Authenticated the measurements made during the transmission of the frame are sent in the following FTM frame which is authenticated The initiator determines that the Responder is authentic if the ToA, ToD values yield a RTT value with in certain boundaries Naveen Kakani, et. al Qualcomm Corporation

8 Straw Poll Authenticating FTM frame: Encrypting ToA and ToD Fields
Nov. 2016 Straw Poll Authenticating FTM frame: Encrypting ToA and ToD Fields Adding an Authentication code as shown in earlier slide No option Naveen Kakani, et. al Qualcomm Corporation

9 Protocol Usage for FTM Burst 2/2
Nov. 2016 Protocol Usage for FTM Burst 2/2 Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1 ACK (FTM Trigger frame) FTM Frame_2 ACK (FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) FTM Trigger The Authenticity of ACK frame ACK to First FTM frame after Trigger frame is computed based on the content of the FTM Trigger frame + Key ACK to subsequent FTM frames, use the content of the previous FTM frames i.e., ACK to FTM Frame_n use the content of FTM Frame_n-1 + Key Naveen Kakani, et. al Qualcomm Corporation

10 Nov. 2016 Straw Poll Authenticating ACK frame behavior as proposed in previous slide i.e., include Authentication code in ACK frame based on the content on the previously successfully received FTM frame Yes No Abstain Naveen Kakani, et. al Qualcomm Corporation

11 Error Scenario X Nov. 2016 Loss of frame can be:
Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1 ACK (FTM Response) FTM Frame_2 ACK (FTM Response/FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) X Loss of frame can be: FTM Frame which would mean: missing FTM frame at Requesting STA and a missing ACK frame at Responding STA ACK frame which would mean: missing ACK frame at Responding STA Loss is detected in all cases by Responding STA The responding STA today transmits the next FTM frame with the same values in ToA, ToD, Dialog Token field (as the last FTM frame) On the same lines, the responding STA ignores the measurement on the first successful exchange after loss of frame and the measurement continues from there on. In the Figure, Responding STA will not make measurements on FTM Frame_2, and it will make measurements on the second successfully transmitted frame after the lost frame (in the adjacent Figure it would be FTM Frame_3) Naveen Kakani, et. al Qualcomm Corporation

12 Nov. 2016 Straw Poll Support for error scenarios behavior as proposed in previous slide i.e., take measurements on the second successfully transmitted FTM frame after the frame (or sequence of frames in error) Yes No Abstain Naveen Kakani, et. al Qualcomm Corporation

13 Encoding of Authentication Content
Nov. 2016 Encoding of Authentication Content FTM Request/Response: Separate IE to signal Diffie Hellman Parameters and security setup for the FTM Session FTM Frame Authentication: Possible options Encrypt ToA/ToD fields with Shared-secret: The difference in the RTT estimates from one measurement to the other will help the requesting STA determine that the Responding STA is the wrong STA Carry the Authentication code in FTM frame: New field ACK Frame Authentication: Carry the Authentication code in RA field Naveen Kakani, et. al Qualcomm Corporation

14 Authenticating the Responder
Nov. 2016 Authenticating the Responder Set up Security Key This Exchange is not Authenticated Requesting STA Responding STA FTM Request ACK FTM Response FTM Frame_1: Encrypt ToA/ToD fields or use content from FTM Response ACK (FTM Response) FTM Frame_2 ACK (FTM Frame_1) FTM Frame_3 ACK (FTM Frame _2) FTM Frame_4 ACK (FTM Frame _3) Naveen Kakani, et. al Qualcomm Corporation

15 Authenticating During FTM Setup
Nov. 2016 Authenticating During FTM Setup Man in the middle attack: Potentially man in the middle can respond to FTM Request and hence the STA is communicating with the wrong end device Solution: Applicable to both Associated and Un-associated STAs If the STA was associated earlier with the AP, derive an PMK key from the earlier association and use it to Authenticate the Responder Encrypt the public key (DH Public Key) with preconfigured key (i.e. PMK) and sent out over-the-air while receiver decrypts to get the actual public key for deriving the shared secret Out of band key established: If both Responder and Requester have established a key out-of-band, the key is used to authenticate the Responder Third party public key verification technique: the given public key is sent out in clear and peer can validate via third party Authenticating Responder STA: FTM Response includes an Authentication Code based on the PMK Key / Key established out-of-band and the Content of FTM Request frame (Ex: CRC …etc) Requesting STA will match the Authenticating Code to determine the validity of the Responder STA Naveen Kakani, et. al Qualcomm Corporation

16 Dec. 2015 doc.: IEEE /1466r0 Nov. 2016 Straw Poll Add a 11az SFD requirement to support Security in FTM protocol to support both Associated and Un-Associated STAs Naveen Kakani, et. al Qualcomm Corporation Jonathan Segev, Intel Corporation

Download ppt "FTM Frame Exchange Authentication"

Similar presentations

Doc.: IEEE 802.11-13-1415-00 Submission Nov 2013 Betty Zhao et. al., HuaweiSlide 1 Service Discovery with Association Date: 2013-11-11 Authors:

Doc.: IEEE Submission Nov 2013 Betty Zhao et. al., HuaweiSlide 1 Service Discovery with Association Date: Authors:
Doc.: IEEE 802.11-15/0880r2 Submission Scheduled Trigger frames July 2015 Slide 1 Date: 2015-07-04 Authors: A. Asterjadhi, H. Choi, et. al.

Doc.: IEEE /0880r2 Submission Scheduled Trigger frames July 2015 Slide 1 Date: Authors: A. Asterjadhi, H. Choi, et. al.
Submission November 2010 doc.: IEEE 802.11-10/1236r0 Enhancements to Enablement Procedure Slide 1 Santosh Abraham, Qualcomm Incorporated Date: 2010-11-02.

Submission November 2010 doc.: IEEE /1236r0 Enhancements to Enablement Procedure Slide 1 Santosh Abraham, Qualcomm Incorporated Date:
PHY Security FRD and SRD Text

PHY Security FRD and SRD Text
Security Enhancement to FTM

Security Enhancement to FTM
Submission Title: [Proposal for MAC Peering Procedure]

Submission Title: [Proposal for MAC Peering Procedure]
WUR Negotiation and Acknowledgement Procedure Follow up

WUR Negotiation and Acknowledgement Procedure Follow up
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
Resource Negotiation for Unassociated STAs in MU Operation

Resource Negotiation for Unassociated STAs in MU Operation
Relay Flow Control Date: Authors: May 2013 Month Year

Relay Flow Control Date: Authors: May 2013 Month Year
PHY Security FRD and SRD Text

PHY Security FRD and SRD Text
Passive Location Date: Authors: March 2017

Passive Location Date: Authors: March 2017
WUR Negotiation and Acknowledgement Procedure Follow up

WUR Negotiation and Acknowledgement Procedure Follow up
Relay Threat Model for TGaz

Relay Threat Model for TGaz
Relay Threat Model for TGaz

Relay Threat Model for TGaz
Polling for MU Measurements

Polling for MU Measurements
Security for location determination at a Public Domain

Security for location determination at a Public Domain
Protected LTF Using PMF in SU and MU Modes

Protected LTF Using PMF in SU and MU Modes
Pre-association Security Negotiation for 11az SFD Follow up

Pre-association Security Negotiation for 11az SFD Follow up
Month Year doc.: IEEE yy/xxxxr0 July 2017

Month Year doc.: IEEE yy/xxxxr0 July 2017

Similar presentations

Ads by Google