Presentation is loading. Please wait.

Presentation is loading. Please wait.

Responses to Clause 5 Comments

Published byMoses Paul Modified over 6 years ago

Similar presentations

Presentation on theme: "Responses to Clause 5 Comments"— Presentation transcript:

1 Responses to Clause 5 Comments
Bob Beach Symbol Techologies Bob Beach - Symbol Technologies

2 Comment Summary 175+ Comments Mostly editorial
Nine areas of technical concern Bob Beach - Symbol Technologies

3 Significant Technical Issues
State Diagram Concerns (15) Authentication in IBSS (12) Kerberos applicability (6) Replay Protection for BC/MC (4) AS/AP Trust Issue (3) Legacy Compatibility (3) Deauthentication Frame Usage in ULA (2) What is ESN compliance (2) Security Impact on QoS when roaming (1) Mixed Encrypted/NonEncrypted Streams (1) Disassociation Timeout (1) Deauthentication Question (1) Bob Beach - Symbol Technologies

4 State Diagram Concerns
Comments: 738, 584, 322, 583, 1360, 1151, 28, 711, 1433, 995, 1199,1667,1668,1669,1690 State Diagram is incomplete and/or has formatting errors Some of the problem is that the diagram is for MAC authentication and with ULA there is none Bob Beach - Symbol Technologies

5 Response -1 Purpose of state diagram is only to define which frames are allowed are any given time States 1,2,3 assume MAC authentication State 4 is only ULS Entry is via configuration variable State 4 needs to be split into two states in order to indicates that data frames cannot be send until associated Bob Beach - Symbol Technologies

6 Response -2 Define State 4: ULS, not associated. Allowed frames are:
All Class 1 frames except a-2-iii (authentication) All Class 2 frames State 5: ULS associated All frames allowed in state 4 All frames in Class 3 Entry to state 4 is via configuration variable Bob Beach - Symbol Technologies

7 Response -3 Movement from 4 to 5 is Successful Association
Movement from 5 to 4 is Disassociation Notification Bob Beach - Symbol Technologies

8 Proposed Motion That the Tgi editor prepare text and diagrams that reflect these changes into the working document. Bob Beach - Symbol Technologies

9 Replay Protection Comments: 990, 582, 321, 991
Replay protection using WEP2 (990) Replay protection for BC/MC traffic (582, 321, 991) Bob Beach - Symbol Technologies

10 Response Comments are rejected
BC/MC replay protection not possible in the current Tgi model Bob Beach - Symbol Technologies

11 Authentication in IBSS
Comments: 1006, 1517, 1269,1260,1157, 1517,1551, 1552, 1661, 1662, 1666, 1669, 1688, 1691 Various Problems with proposed mode when using IBSS Essentially not covered Text is very infrastructure oriented Bob Beach - Symbol Technologies

12 Response Contained in separate presentation
Bob Beach - Symbol Technologies

13 Kerberos applicability
Comments ( , 743, 1319) Question whether Kerberos should be mandatory ( , 743) Question applicability of Kerberos for SOHO (1319, 1550, 1665, 1687) Bob Beach - Symbol Technologies

14 Response Contained in separate presentation
Bob Beach - Symbol Technologies

15 AS/AP Trust Issues Comments: 1549, 1664, 1686
Questions concerning whether trust between AS and AP is secure? Bob Beach - Symbol Technologies

16 Response Comments are rejected.
The Tgi security model assumes that the Authentication server is the most trusted entity in the system. All stations, including Access Points, must authenticate with it. It is not a matter of the AP trusting the AS but rather the AP being authenticated by the AS Bob Beach - Symbol Technologies

17 Legacy Compatibility Comments: 1553, 1598, 1670, 1692
Concern about legacy system compatibility with ESN. Specifically, that legacy systems cannot just associate and operate with ESN Bob Beach - Symbol Technologies

18 Response –1 The comments are rejected
Compatibility with legacy systems has been maintained as much as possible. No existing packet formats have been altered and additions have been made in an accepted manner. No new packet types have been defined. Bob Beach - Symbol Technologies

19 Response -2 Legacy stations can scan and probe ESN capable access points. Whether they may associate with such an AP is a site configuration issue. An AP may be configured to support both legacy and ESN stations. An ESN Station can associate with a Legacy AP. Such legacy APs can be easily determined by examining their beacons for the ESN bit. Whether the Station selects to do so is a user decision. Bob Beach - Symbol Technologies

20 What is ESN compliance? Comments: 1258, 1607
Can one implement some elements of ESN or is it an all or nothing choice? Define required elements of Kerberos Bob Beach - Symbol Technologies

21 Response Contained in separate presentation
Bob Beach - Symbol Technologies

22 Security Impact on QoS Comment: 316
Concerned about QoS jitter introduced by authentication delay on roam Bob Beach - Symbol Technologies

23 Response The comment is accepted.
The committee has spent considerable effort to minimize the impact of authentication on QoS devices. The Kerberos authentication sequence on a roam requires fewer packets (3) than does shared key authentication (4). Furthermore the AP may need not communicate with any other entity if suitably configured. Bob Beach - Symbol Technologies

24 Mixed Encrypted/NonEncrypted Streams
Comment: 705 Is it possible for a STA to send both encrypted and nonencrypted streams concurrently? Bob Beach - Symbol Technologies

25 Response The comment is rejected.
Mixed encrypted/nonencrypted data streams are not allowed since there is no way to authenticate identity of sender Bob Beach - Symbol Technologies

26 Disassociation Timeouts
Comment: 336 How long should AP wait for authentication sequence to complete/fail before it disassociates STA? Bob Beach - Symbol Technologies

27 Response The comment is accepted.
When the Tgi MIB is defined, a variable will be added that defines this timeout value Bob Beach - Symbol Technologies

28 Deauthentication Frame Usage
Comments: 601, 602 indicates Deauthentication frames should never be sent with ULA and says the AP should send them when in ULA Bob Beach - Symbol Technologies

29 Response - 1 The comment is accepted
Purpose of text in section 11.3 is to define how a station that was previously MAC authenticated transitions to an ULS authentication. The model is that the AP sends an deauthentication frame to terminate the MAC authentication and then accept the ULS association. Bob Beach - Symbol Technologies

30 Response -2 This approach is reasonable and so the text associated with the state diagram in section 5 will be changed to permit the use of deauthentication frames in states 4 and 5. Bob Beach - Symbol Technologies

31 Deauthentication Frame Usage
Comment: 1598 Question if lack of deauthentication frames at MAC eliminates DOS attacks Bob Beach - Symbol Technologies

32 Response The comment is rejected
DOS attacks may be made at the upper layer. MAC Deauthentication frames are now permitted in an ESN Bob Beach - Symbol Technologies

Download ppt "Responses to Clause 5 Comments"

Similar presentations

Doc.: IEEE 802.11-01/147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503) 712-1849.

Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
Doc.: 11-03-0573r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.

Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Submission doc.: IEEE 802.11-11/1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date: 2011-07-18.

Submission doc.: IEEE /1003r1 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
CWNA Guide to Wireless LANs, Second Edition

CWNA Guide to Wireless LANs, Second Edition
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Doc.: IEEE 802.11-04-1180-02-000r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Wireless security Wi–Fi (802.11) Security

Wireless security Wi–Fi (802.11) Security
Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE 802.11-04/552r0May 2004.

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.
Doc.: IEEE 802.11-04/0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Doc.: IEEE 802.11-07/2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: 2007-12-07 Authors:

Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
Proposed solutions to comments on section 7

Proposed solutions to comments on section 7
Doc.: IEEE /465r0 Submission Wim Diepstraten, Agere Systems July 2002 Slide 1 WiSP Wireless Sidelink Protocol Wim Diepstraten Gerrit Hiddink Agere.

Doc.: IEEE /465r0 Submission Wim Diepstraten, Agere Systems July 2002 Slide 1 WiSP Wireless Sidelink Protocol Wim Diepstraten Gerrit Hiddink Agere.
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Authentication and Upper-Layer Messaging

Authentication and Upper-Layer Messaging
Some LB 62 Motions January 13, 2003 January 2004

Some LB 62 Motions January 13, 2003 January 2004
Proposed solutions to comments on section 7

Proposed solutions to comments on section 7

Similar presentations

Ads by Google