Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.1X and AKE Comparison Nancy Cam-Winget, Atheros

Published byสุดา พันธุเมธา Modified over 5 years ago

Similar presentations

Presentation on theme: "802.1X and AKE Comparison Nancy Cam-Winget, Atheros"— Presentation transcript:

1 802.1X and AKE Comparison Nancy Cam-Winget, Atheros
November 2001 802.1X and AKE Comparison Nancy Cam-Winget, Atheros Russ Housley, RSA Laboratories Tim Moore, Microsoft Jesse Walker, Intel Cam-Winget,Housley,Moore,Walker

2 802.1X Requirements/Decisions
November 2001 802.1X Requirements/Decisions Security session Management 802.1X owns the security session, decides when to authenticate, re-authenticate abd deauthenticate Encryption is offloaded to MAC but encryption decision is made during 802.1X authentication by the authentication server – whether it gives the master key to the authenticator Liveliness of station/AP via 802.1X authentication or re-associate signature Race Conditions Synchronization done by always having a free KeyID Requires 2 KeyIDs for key mapping keys Rekey at twice the key lifetime Roaming and key hand-off Reuse 802.1X EAPOL-Key message Key messages must be in clear to allow roaming Implies that 802.1X must be unencrypted Fast handoff via IAPP supported Fast handoff enabled by signature in re-association (562) WEP “rapid rekeying” Reuse EAPOL-Key from 802.1X Authenticator “owns” network so stations must obey key messages EAPOL-Key is acknowledged from receiver because it is a data message Authenticator is not told if station cannot obey the message Cam-Winget,Housley,Moore,Walker

3 AKE Requirements/Decisions
November 2001 AKE Requirements/Decisions Security session Management MAC owns the security session, decides when to end session Encryption performed in MAC and encryption enforced by security association setup completion Master Key is provided from external source (802.1X, Manual, Whatever…) No security assumptions of Master Key Different approaches for key-mapping keys and default keys Pre-shared key authentication proves liveness Use management channel message handshakes to Synchronize transition from old key to new key simplify interface with ULA defeats race condition at 802.1X level Roaming and key hand-off Master Key is transferred by extranal source (TGf, Whatever…) Liveness confirmed by security association establishment WEP “rapid rekeying” Arbitrary rekey interval, but default keys must be done on published schedule Cam-Winget,Housley,Moore,Walker

4 Similarities Secure session is required State machine is the same
November 2001 Similarities Secure session is required State machine is the same 2 keys are needed for key roll-over Authenticated exchange used for key roll-over Roaming facilitated Implementation complexity roughly the same for the whole system Implementation will probably in driver or above Likely to be OS specific Cam-Winget,Housley,Moore,Walker

5 Differences 802.1X AKE November 2001 Uses in-band messages
MAC layer must bypass encryption for 802.1X traffic identified by ethertype Secure session resides in 802.1X Authenticator decides when to rekey: MAC to Application Layer interface needed (MIB?) Informational not normative No enforcement of what to do when replay counter is exhausted IBSS complexity KeyMap keys are managed by individual peers Default keys are managed by beacon transmitter Rekey transition has no confirm Old key stays live until next new key Rekey is message based for both keymap and default keys Liveness algo uses MD5 AKE Uses out-of-band messages Secure session resides in MAC MAC decides when to rekey IBSS always managed by beacon transmitter Rekey transition uses confirm Frees key storage for other purpose Rekey is message based for keymap keys and countdown for default keys Liveness algo uses AES Cam-Winget,Housley,Moore,Walker

Download ppt "802.1X and AKE Comparison Nancy Cam-Winget, Atheros"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.:IEEE 802.11-01/540ar0 Submission November 2001 Albert Young, Bob OHara Slide 1 A Re-Key Proposal Albert Young 3Com Corporation Santa Clara, CA

Doc.:IEEE /540ar0 Submission November 2001 Albert Young, Bob OHara Slide 1 A Re-Key Proposal Albert Young 3Com Corporation Santa Clara, CA
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute.

EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
Doc.: 00-03-0022-00-0000 Handoff_WNG_Presentation r3 Submission July. 2003 David Johnston, IntelSlide 1 802 Handoff Presentation to WNG David Johnston.

Doc.: Handoff_WNG_Presentation r3 Submission July David Johnston, IntelSlide Handoff Presentation to WNG David Johnston.
Doc.: IEEE 802.11-10/0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date: 2010-01-07.

Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
1 Implementation and Performance Analysis of SNMP on a TLS/TCP Base X. Du, M. Shayman M. Rozenblit X. Du, M. Shayman M. Rozenblit University of Maryland.

1 Implementation and Performance Analysis of SNMP on a TLS/TCP Base X. Du, M. Shayman M. Rozenblit X. Du, M. Shayman M. Rozenblit University of Maryland.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
Submission August 2001 Nancy Cam-Winget, Atheros Slide 1 Rapid Re-keying WEP a recommended practice to improve WLAN Security Nancy Cam-Winget, Atheros.

Submission August 2001 Nancy Cam-Winget, Atheros Slide 1 Rapid Re-keying WEP a recommended practice to improve WLAN Security Nancy Cam-Winget, Atheros.
Doc.: IEEE 802.11-00/573a Submission November 2001 Cam-Winget, Chesson, Housley, WalkerSlide 1 Authenticated Key Exchange Nancy Cam-Winget, Atheros Greg.

Doc.: IEEE /573a Submission November 2001 Cam-Winget, Chesson, Housley, WalkerSlide 1 Authenticated Key Exchange Nancy Cam-Winget, Atheros Greg.
Doc.: 802_Handoff_Linksec_Presentation Submission May. 2003 David Johnston, IntelSlide 1 802 Handoff LinkSec Handoff Issues? David Johnston

Doc.: 802_Handoff_Linksec_Presentation Submission May David Johnston, IntelSlide Handoff LinkSec Handoff Issues? David Johnston
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Wireless security Wi–Fi (802.11) Security

Wireless security Wi–Fi (802.11) Security
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-04/0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE 802.11-04/1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide 1 2004 802.11s Security concepts Jasmeet Chhabra, Intel

Doc.: IEEE /1115r2 Submission J Chhabra, A. R. Prasad, J. Walker, H. AokiSlide s Security concepts Jasmeet Chhabra, Intel
Doc.: IEEE 802.11-04/0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Similar presentations

Ads by Google