Presentation is loading. Please wait.

Presentation is loading. Please wait.

TruSecure Corporation

Published byBrigitta Borbély Modified over 5 years ago

Similar presentations

Presentation on theme: "TruSecure Corporation"— Presentation transcript:

1 TruSecure Corporation
doc.: IEEE s July 2004 July 2004 802.11s Security Proposal Robert Moskowitz ICSALabs a Division of TruSecure Corporation Robert Moskowitz, ICSAlabs Robert Moskowitz, ICSAlabs

2 Topics Mesh Assumptions Mesh security Goals A Security view of a Mesh
July 2004 Topics Mesh Assumptions Mesh security Goals A Security view of a Mesh Not 100% thought out! Robert Moskowitz, ICSAlabs

3 Mesh Assumptions An 802.11s mesh consists of both APs and STAs
July 2004 Mesh Assumptions An s mesh consists of both APs and STAs Per , an AP is a STA with additional functions A mesh is a single IEEE 802 LAN As defined in ISO/IEC The 802 LAN does not extend beyond the mesh Not sure this is necessary, but impacts Security Robert Moskowitz, ICSAlabs

4 Mesh Security Goals Only designated STAs are APs
July 2004 Mesh Security Goals Only designated STAs are APs AP control traffic is secure from non-AP STAs The security issues addressed by s apply only to the mesh of APs. The attached STAs will continue to use i and mobility addressed by r Traffic through the AP mesh will not be Decrypted/Encrypted at each AP What one AP encrypts to send over the AP infrastructure, all APs can decrypt Robert Moskowitz, ICSAlabs

5 Mesh Security Goals Frames are encrypted at most 3 times
July 2004 Mesh Security Goals Frames are encrypted at most 3 times STA to STA scenario At originating STA to its AP Originating AP to Destination AP Destination AP to Destination STA Broadcast/Multicast encrypted at all APs How to prevent storms Off -mesh to STA Introducing AP to Destination AP STA to off-mesh the opposite Robert Moskowitz, ICSAlabs

6 July 2004 Mesh Security Goals If an AP is detect as compromised it can be forced out of the mesh A STA can determine if an AP is authenticated to the mesh That is can detect rogue APs Fast key establishment Robert Moskowitz, ICSAlabs

7 A Security View of a Mesh
July 2004 A Security View of a Mesh Connectivity Association (CA): The relationship between peer entities (on an IEEE 802 LAN) that allows them to communicate in a secure manner Secure Channel (SC): A security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others There are N SCs within an CA. SCs are unidirectional All the SCs together in a CA define the CA They also define the ‘Controlled Port’ Robert Moskowitz, ICSAlabs

8 B CAabcd A C SCA SCB SCC SCD D CA = Secure Connection Association
July 2004 CA = Secure Connection Association SCi = Secure Channel from Station (I) to all stations on CA SAij = Security Association Station (i) to Station (j) B CAabcd A C SCA SCB SCC SCD D Robert Moskowitz, ICSAlabs

9 A Security View of a Mesh
July 2004 A Security View of a Mesh CA risks Any node can spoof another node within the CA But they are suppose to operate in a trusted manner Cost of scaling Every AP has a key from every AP Robert Moskowitz, ICSAlabs

10 A Security View of a Mesh
July 2004 A Security View of a Mesh AP join AP has pairwise MK with every AP AP sends its TX SAK to all APs protected with each MK AP receives RX SAKs from all APs protected with each MK Join forwarding techniques Annealing techniques AP never officially leaves No rekeying or sync, use a key schedule Robert Moskowitz, ICSAlabs

11 A Security View of a Mesh
July 2004 A Security View of a Mesh AP membership management Each AP has a D-H key Each AP has an ACL of hash of public keys Trusted method of distribution needed Multicast probe for AP in ACL to create MK AP dismissal New ACL distributed Remaining APs drop MK and RX key for dropped AP APs rekey and distribute new SAK to remaining APs Robert Moskowitz, ICSAlabs

12 A Security View of a Mesh
July 2004 A Security View of a Mesh Benefits No Key management costs after AP has joined the mesh Security-Free mobility No Decryption/Encryption of any frames within mesh for forwarding Costs Many keys to manage Actually not hard to create Robert Moskowitz, ICSAlabs

13 Questions! LOTS of work still to do July 2004
Robert Moskowitz, ICSAlabs

Download ppt "TruSecure Corporation"

Similar presentations

Discussion of KaY Key Exchange and Management Interface to SecY

Discussion of KaY Key Exchange and Management Interface to SecY
LinkSec Architecture Attempt 3

LinkSec Architecture Attempt 3
Doc.: IEEE 802.11-04/1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.

Doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Multimedia Broadcast/Multicast Service (MBMS)

Multimedia Broadcast/Multicast Service (MBMS)
Doc.: IEEE 802.11-03/492r0-I Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 An Authentication layering model Robert Moskowitz Trusecure.

Doc.: IEEE /492r0-I Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 An Authentication layering model Robert Moskowitz Trusecure.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.

Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Doc.: 11-04-0500-00-0mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.

Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Doc.: IEEE 802.11-04-1180-02-000r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.

Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.
Doc.: IEEE 802.11-07/2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date: 2007-09-17.

Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:
Doc.: IEEE 802.11-08/1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: 2008-11-11 Authors:

Doc.: IEEE /1378r0 Submission November 2008 Darwin Engwer, Nortel NetworksSlide 1 Improving Multicast Reliability Date: Authors:
Doc.: IEEE 802.11-07/2161r1 Submission July 2007 Slide 1 July 2007 Donald Eastlake 3rd, MotorolaSlide 1 Segregated Data Services in 802.11 Date: 2007-07-17.

Doc.: IEEE /2161r1 Submission July 2007 Slide 1 July 2007 Donald Eastlake 3rd, MotorolaSlide 1 Segregated Data Services in Date:
Dependability in Wireless Networks By Mohammed Al-Ghamdi.

Dependability in Wireless Networks By Mohammed Al-Ghamdi.
Doc.: IEEE 802.11-08/0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date: 2008-03-15.

Doc.: IEEE /0278r5 Submission March 2008 Javier Cardona et al. Avoiding Interactions with Lazy-WDS Equipment Date:
SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE 802.11-04/552r0May 2004.

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.

Similar presentations

Ads by Google