Presentation is loading. Please wait.

Presentation is loading. Please wait.

Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date: 2015-09-13.

Published byWendy Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date: 2015-09-13."— Presentation transcript:

1 Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date: 2015-09-13 Authors:

2 Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 2 Abstract This submission presents an idea for addressing a problem with public wi-fi hotspots

3 Submission doc.: IEEE 802.11-15/1128r1September 2015 Dan Harkins, Aruba Networks (an HP company) Slide 3 The Situation Wireless Internet access as an entitlement– “oh, no wi-fi, let’s go somewhere else” Coffee shop, bar, or restaurant wants to offer patrons “free wi-fi” – They want to provide a service but don’t want it to be a pain to configure or use – They want to provide some notion of both service and security to customers

4 Submission doc.: IEEE 802.11-15/1128r1September 2015 Dan Harkins, Aruba Networks (an HP company) Slide 4 The Problem Perpetual battle: Security vs Ease-of-Use – They want it to be easy-to-use Don’t bug the staff too much– “no I said the L is capital” Don’t irritate the customer– “wait, what? say that again” Don’t require specialized knowledge– “what’s an ‘EAP method’?”, “How do I know what my ‘anonymous identity’ is?”, “Which of these 400 certificates do I need to select?” – They want some notion of security Want it to be better-than-nothing security Don’t want to have to get/generate/install a certificate Secure access by patrons has to scale (see easy-to-use) Result: Both sides lose

5 FAIL September 2015 Dan Harkins, Aruba Networks (an HP company) 5

6 Submission doc.: IEEE 802.11-15/1128r1 The Solution? OWE Make it simple to provision– just switch it on Make it virtually impossible to misconfigure– no user entry required Make public wi-fi “suck less” than it does when using a shared PSK Raise the bar that is necessary to perform pervasive monitoring just a bit higher OWE is an outgrowth of an IETF BOF on improving the captive portal experience Slide 6Dan Harkins, Aruba Networks (an HP company) September 2015

7 Submission doc.: IEEE 802.11-15/1128r1 IETF Proposal https://tools.ietf.org/html/draft-wkumari-owe-00 – Network appears “open” to the user (no “lock icon”) – Uses a Vendor Specific Element in beacons and probe responses to indicate OWE – After association in an OWE network, STA and AP do PSK authentication using the SSID as the password Upside – No need to explain/enter anything, just works – Code changes AP side are trivial; STA side, manageable Downside – Inherits all the security problems of shared PSK – Publicly advertises the PSK so arguably worse! Slide 7Dan Harkins, Aruba Networks (an HP company) September 2015

8 Submission doc.: IEEE 802.11-15/1128r1 My Proposal Don’t do it in the IETF, let’s do it here AP advertises an OWE AKM When associating to an SSID with OWE include Diffie-Hellman exponentials in (Re)Associate Request and Response STA and AP perform Diffie-Hellman, use shared secret to derive a PMK Use this (truly pairwise) PMK with 4-way HS Slide 8Dan Harkins, Aruba Networks (an HP company) September 2015

9 Submission doc.: IEEE 802.11-15/1128r1 Benefits More secure than a shared PSK – Not susceptible to passive attack – All those tools downloadable from Internet to crack PSKs won’t work! Easier to set-up than PSK – Nothing to provision or describe, no user error Easier to use by customers – Absolutely nothing needed to do! It just works. Makes pervasive monitoring that much harder Easier to use plus better security! Winner, winner! Slide 9Dan Harkins, Aruba Networks (an HP company) September 2015

10 Submission doc.: IEEE 802.11-15/1128r1 ุ Slide 10Dan Harkins, Aruba Networks (an HP company) September 2015 ขอขอบคณ Thank You!

11 Submission doc.: IEEE 802.11-15/1128r1 Slide 11Dan Harkins, Aruba Networks (an HP company) September 2015 Questions?

12 Submission doc.: IEEE 802.11-15/1128r1 OWE Straw Poll Option 1: Good idea, we should do it! Option 2: Bad idea, let the IETF do it! Option 3: I was reading my email and not paying attention, sorry. Slide 12Dan Harkins, Aruba Networks (an HP company) September 2015

Download ppt "Submission doc.: IEEE 802.11-15/1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date: 2015-09-13."

Similar presentations

Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-08/1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: 2008-11-10 Authors:

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Secure Pre-Shared Key Authentication for IKE

Secure Pre-Shared Key Authentication for IKE
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Omniran-13-0063-00-0000 1 IEEE 802 Enhanced Network Detection and Selection Date: 2013-08-26 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Doc.: IEEE 802.11-12/0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: 2012-05-04 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0567r1 Submission May 2012 Huawei Slide 1 Multiple Frequency Channel Scanning Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: 2012-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /933r6 Submission July 2012 Fang Xie (CMCC)Slide 1 Access Control Mechanism for FILS Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE 802.11-12/1042 Submission NameAffiliationsAddressPhoneemail Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,

Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: IEEE 802.11-07/0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.

Doc.: IEEE /0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.
1 C-DAC/Kolkata C-DAC All Rights Reserved www.cdackolkata.in Computer Security.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Doc.: IEEE 802.11-11-1250-00-00ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.

Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
Submission doc.: IEEE 11-10/0259r0 March 2013 Jarkko Kneckt (Nokia)Slide 1 CID 266 & CID 281 Date: 2013-03-08 Authors:

Submission doc.: IEEE 11-10/0259r0 March 2013 Jarkko Kneckt (Nokia)Slide 1 CID 266 & CID 281 Date: Authors:
Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE 802.11-10/0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: 2010-03-08 Authors:

Doc.: IEEE /0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: Authors:
Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: 2014-01-15 Authors:

Submission doc.: IEEE 11-14/0062r0 January 2014 Dan Harkins, Aruba NetworksSlide 1 PMK Caching for FILS Date: Authors:
Doc.: IEEE 802.11-13/0692 JUL 2013 doc.: IEEE 802.11-13/0692 JUL 2013 Adding performance parameters to WNM for better network management Date: 2013-07.

Doc.: IEEE /0692 JUL 2013 doc.: IEEE /0692 JUL 2013 Adding performance parameters to WNM for better network management Date:
Doc.: IEEE 802.11-09/0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure 802.11 Authentication Using Only A Password Date: 2009-01-19.

Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:

Similar presentations

Ads by Google