Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for authentication cluster

Published byJune Nichols Modified over 5 years ago

Similar presentations

Presentation on theme: "Proposal for authentication cluster"— Presentation transcript:

1 Proposal for authentication cluster
Februaly 2006 doc.: IEEE /0264r0 February 2006 Proposal for authentication cluster Date: 16th Feb 2006 Authors: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at Zhonghui Yao, Huawei Zhonghui Yao, Huawei

2 Requirements Addressed
Februaly 2006 doc.: IEEE /0264r0 February 2006 Requirements Addressed Cluster Requirement Addressed or No Authenticator A1 (Required) Addressed General G1 (Required) G2 (Required) G3 (Required) Zhonghui Yao, Huawei Zhonghui Yao, Huawei

3 February 2006 Requirement A1 A1: “A STA shall be able to authenticate with different SSPNs simultaneously, in order to gain simultaneous access to multiple Destination Networks.” Notes: None Zhonghui Yao, Huawei

4 Some Scenarios related A1
February 2006 Some Scenarios related A1 Scenarios Benefits for user Benefits for operator Home members shared access Home members can share the Wi-Fi Card to access related services. An operator can issue more than one credentials to a home user to support simultaneously access for home members. Home devices shared access Home devices can share the Wi-Fi card to access different services. E.g. IPTV, Voice, internet, etc. An operator can issue more than one credentials to a home user for different home devices. Personal Multi-services access Use can select different operator that may be based charge policy for different services simultaneously. It’s impossible for a home operator that limit a roaming user to select local operator to get related services. Zhonghui Yao, Huawei

5 February 2006 Solutions for A1 “Virtual STA” approach had been addressed in IEEE /0850r5 In this paper, we propose another solution “Virtual Link” for TGu group to evaluate. Zhonghui Yao, Huawei

6 February 2006 An overview for Link An association hints a link between a STA and AP that identified by STA MAC layer address and AP MAC layer address (i.e. BSSID). Security parameters are negotiated in Association phrase for the link. So, the association procedure is not only to create the related association relationship in DS, but also negotiate the parameters for the related link. The “link creation procedure” is hidden in an association procedure. Zhonghui Yao, Huawei

7 Proposal for A1 One Association , Multi-links:
February 2006 Proposal for A1 One Association , Multi-links: We propose an End Point Address Pair (EPAP) that maybe differ from association address pair (STA MAC address and BSSID ) to identify a link. Below is a multi-links example for an association: We name the link as “base link” that identified by association address pair, and name other links that identified by EPAP as ” virtual link”. Retrieve the link creation procedure from association procedure for multi-links creations: New action management frame for Virtual Link Creation: Virtual Link Create request Virtual Link Create response STA MAC ADDR. STA BSSID AP Base link EPA1 EPA2 Virtual link EPA3 EPA4 Virtual link Zhonghui Yao, Huawei

8 EPAP-IE definition February 2006
We propose that EPAP is allocated by AP, EPAP-IE definition as below: Element ID ( 1 octet) Length (1 octet) FLAG STA-EPA (6 octet) AP-EPA TBD 7 or 13 FLAG: Bit0 Bit1 Bit2 Bit3 Bit4 Bit5 Bit6 Bit7 Whether STA-EPA Is present or not Whether AP-EPA is present or not Reserved (0) When we use the same MAC layer address as the STA side Endpoint address, EPAP only need to include AP-EPA, when we use the BSSID as the AP side Endpoint address, EAPA only need to include STA-EPA. Zhonghui Yao, Huawei

9 Virtual Link Creation Example
February 2006 Virtual Link Creation Example STA AP AS RSN IE negotiation can be removed from Association procedure. So base link security is determined by authentication. Base Link: Association Request Base Link: Association Response Base Link: Link Create Request (RSN IE , SSPN Identifier ) Base Link: Link Create Response (Status Code, RSN IE, EPAP-IE , SSPN identifier) A virtual Link have been created that identified by EPAP Virtual Link: EAP/802.1X EAP/Radius Notes: Container-IE includes those information that related with SSPN. Zhonghui Yao, Huawei

10 AP can also initiate Virtual Link Creation
February 2006 AP can also initiate Virtual Link Creation STA AP AS Base Link: Association Request Base Link: Association Response Base Link: Link Create Request (SSPN Identifier, RSN IE, EPAP-IE) Base Link: Link Create Response (Status Code, SSPN Identifier, RSN IE, EPAP-IE) A virtual Link have been created that identified by EPAP Virtual Link: EAP/802.1X EAP/Radius Zhonghui Yao, Huawei

11 G2: Security Impact Consideration
February 2006 G2: Security Impact Consideration Disassociation and Deauthentication frame process Send by Base Link and protected by 11w according Base link security mechanism. In stage 3 “associated, authenticated”, Disassociation or Deauthentication can occur only when all related virtual links are deleted. We propose a new action management frame “Virtual Link Delete“for virtual link deletion that can be only send by related virtual link and protected by 11w according related virtual link security mechanism. Virtual Link Create request/response can be also protected by 11w according Base Link Security mechanism. The virtual link security mechanism only based the related security parameter that negotiated in virtual link creation phase. So different virtual link for an association can have different security mechanism. Zhonghui Yao, Huawei

12 Virtual Link Deletion February 2006 STA/AP AP/STA
Virtual Link: Virtual Link Delete Zhonghui Yao, Huawei

13 New action management frames
February 2006 New action management frames Action Category Action field value for virtual link management Name Value Spectrum management Virtual Link Management TBD Error Action field value Description Virtual Link Create Request 1 Virtual Link Create Response 2 Virtual Link Delete 3~255 Reserved Zhonghui Yao, Huawei

14 New action management frames
February 2006 New action management frames Virtual Link Create Request Virtual Link Create Response Virtual Link Delete Category Action Dialog Token RSN-IE EPAP-IE Container-IE Category Action Dialog Token Status Code RSN-IE EPAP-IE Container-IE Category Action Reason Code Zhonghui Yao, Huawei

15 G1: Battery Consumption Consideration
February 2006 G1: Battery Consumption Consideration Multi-service flows for a STA will increase the battery consumption that is irrelevant with virtual link mechanism. Because of only one association for multi-links, the existing power-saving mechanism can work well. Zhonghui Yao, Huawei

16 G3: Allow APs to serve legacy STAs
February 2006 G3: Allow APs to serve legacy STAs A new bit is proposed to indicate the virtual-link capability that can be defined in an extended Capability IE; Zhonghui Yao, Huawei

17 Summary Addressed Authenticator Cluster and all general requirements.
February 2006 Summary Addressed Authenticator Cluster and all general requirements. Zhonghui Yao, Huawei

Download ppt "Proposal for authentication cluster"

Similar presentations

Doc.: IEEE 802.11-06/0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 1 Proposal for Online Enrolment Cluster Notice: This document has been prepared.

Doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 1 Proposal for Online Enrolment Cluster Notice: This document has been prepared.
Doc.: IEEE 802.11-05/1006r0 Submission September 2005 Andrew McDonald, Siemens Roke ManorSlide 1 Initial Network Selection Concept Notice: This document.

Doc.: IEEE /1006r0 Submission September 2005 Andrew McDonald, Siemens Roke ManorSlide 1 Initial Network Selection Concept Notice: This document.
Network Sharing Architecture

Network Sharing Architecture
FBMS Termination Date: Name Compay Address Phone

FBMS Termination Date: Name Compay Address Phone
LB84 General AdHoc Group Sept. Closing TGn Motions

LB84 General AdHoc Group Sept. Closing TGn Motions
[ Interim Meetings 2006] Date: Authors: July 2005

[ Interim Meetings 2006] Date: Authors: July 2005
Resource Request/Response Discussion

Resource Request/Response Discussion
TGu/TGv Joint Session Date: Authors: July 2005 July 2005

TGu/TGv Joint Session Date: Authors: July 2005 July 2005
LB73 Noise and Location Categories

LB73 Noise and Location Categories
LB73 Noise and Location Categories

LB73 Noise and Location Categories
Waveform Generator Source Code

Waveform Generator Source Code
3GPP Extended Date: Authors: July 2005 July 2005

3GPP Extended Date: Authors: July 2005 July 2005
[ Policies and Procedure Summary]

[ Policies and Procedure Summary]
Problem & Proposal for User Plane Support for QoS Mapping

Problem & Proposal for User Plane Support for QoS Mapping
3GPP liaison report May 2006 May 2006 Date: Authors:

3GPP liaison report May 2006 May 2006 Date: Authors:
Protected SSIDs Date: Authors: March 2005 March 2005

Protected SSIDs Date: Authors: March 2005 March 2005
Some Operator Requirements on Management

Some Operator Requirements on Management
3GPP liaison report July 2006

3GPP liaison report July 2006
On Coexistence Mechanisms

On Coexistence Mechanisms
TGu-changes-from-d0-02-to-d0-03

TGu-changes-from-d0-02-to-d0-03

Similar presentations

Ads by Google