Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Published byIsaiah Shepherd Modified over 11 years ago

Similar presentations

Presentation on theme: "Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10."— Presentation transcript:

1 Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10

2 Primary Goals of 802.10 Develop an interoperable security solution for all 802 MACs – Security solution based on threat analysis (Annex 2A) – Threat analysis determined security requirements Security protocol independent of crypto mechanism & key management Security services selectable (must have either confidentiality or integrity, can have both) Support bridged environments Enable coexistence of protected & non-protected frames

3 Placement of SDE in the 802 Stack LLC MAC SDE Security Applied Security Removed USER STACK 1 USER STACK N SYS MGT KEY MGT

4 Current SDE Header Format DASA CLEAR HEADER PROTECTED HEADER ICV INTEGRITY PROTECTED ENCRYPTED DATAPAD STA ID FLAGS FRAG ID SEC LABEL SDE Des SAID MDF

5 Clear Header Fields M = Mandatory, if Clear Header is selected O = Optional SDE Designator (M)Identify frame as having security protection SAID (M)Identify what security association to use to encrypt, integrity seal, or both MDF (O)Accommodation for a particular vendors proposed implementation

6 Protected Header Fields Station ID (O)Origin authentication mechanism Flags (O)Identifies when fragmentation is enabled Fragment ID (O)Fragment counter Security Label (O)Enables application of access control security labels to frames O = Optional

7 SDE Header Format Modifications DASA CLEAR HEADER PROTECTED HEADER ICV Current Format Revised Format INTEGRITY PROTECTED ENCRYPTED CLEAR HEADER PROTECTED HEADER DATAICV INTEGRITY PROTECTED ENCRYPTED DASA VLAN TAG PAD DATAPAD STA ID FLAGS FRAG ID SEC LABEL Pload EType FLAGS FRAG ID SEC LABEL SDE Des SAID MDF SEQ NO. SAID MDF X XXX X = May be deleted

8 SDE Designator SDE designator is compatible with LLC Going forward, use of an EtherType is more acceptable

9 SDE in a Bridged Environment Non-SDE Bridge 1 Non-SDE Bridge N Unprotected Data Environment Trusted Enclave Unprotected Data Environment Protected Data Environment Untrusted Network SDE Bridge A SDE Bridge B XY

10 Proposed PAR Purpose & Scope

11 Purpose The purpose of this PAR is to update the Secure Data Exchange (SDE) Protocol specified in IEEE Std 802.10-1998, to accommodate newly identified security requirements for all current 802 MACs and delete unneeded header fields.

12 Scope The scope of this PAR is to make changes to the format and processing of SDE PDUs to: – Accommodate replay protection – Integrity protect the Destination MAC address – Integrity protect additional header fields, particularly the VLAN tag, as needed The current PDU format and processing will have to be modified to incorporate a sequence number; the DA will have to be included in the computation of the ICV, and; the VLAN tag (and any other required header fields) will be included in the computation of the ICV, if protection is required by VLAN tagging rules (which are to be specified). In addition, an informative annex will be developed that discusses various scenarios for securing Layer 2 bridged networks and a normative annex will be developed that defines an SDE profile specifying a single interoperable SDE configuration that must be supported by all vendors claiming conformance to the revised SDE specification.

Download ppt "Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
802.1H Kevin Nolish Michael Wright. 802.1H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.

802.1H Kevin Nolish Michael Wright H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
4/1/98Common Generic RTP Payload Format 1 Common Generic RTP Payload Format Anders Klemets.

4/1/98Common Generic RTP Payload Format 1 Common Generic RTP Payload Format Anders Klemets.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security

Cryptography and Network Security
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Similar presentations

Ads by Google