Presentation is loading. Please wait.

Presentation is loading. Please wait.

EPON Technology Team 12/6/2015 Key Management [802.1af - considerations] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute.

Published bySara Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "EPON Technology Team 12/6/2015 Key Management [802.1af - considerations] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute."— Presentation transcript:

1 EPON Technology Team 12/6/2015 Key Management [802.1af - considerations] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute

2 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 Authentication  Between Authentication server and Supplicant by means of EAP and EAPOL  802.1x must be supported in Access Point  Back-end function for EAP packet must be supported on all devices between Access point and Authentication server. secured network Access point (Authenticator) Authentication s erver Supplicant

3 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 Why we need an Authentication server?  Authentication should be need  Key exchange use public-key encryption  Why public-key encryption? In Symmetric key encryption, the number of key distributed in network is so numerous Easy to exchange key  But Authentication process is very complex and expensive Need 802.1x(authenticator, supplicant, authentication server) Need certificates for each devices, if we doesn’t generate it, we communicate with upper layer using management plane. This means that link security does not operate independently Need RSA function(Very complex Algorithm, and no verification so far)

4 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 We need an Authentication server necessarily?  Though we use Symmetric key encryption, the number of key distributed in network is not so numerous  In network? Right  But, no network. Only Two devices connected at one link need the symmetric key  And Master key must install such as a certificate used in public-key encryption as off-line  So, confirm of master key itself can be an authentication

5 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 Authentication server is one?  If there is only one authentication server in whole netw ork, all access points must have back-end function in o rder to relay EAP to authentication server  If there is one device which does not support back-end function in network?  In wireless LAN, mobility must be supported on device s. So, devices can be set on anywhere.  But, In wired LAN, mobility may be supported on devic es. Because if one device has set, it scarcely move. Th e subscriber may move, and IP security is enough. MA C security function is not on subscriber’s device such a s PC. That is, MAC security function usually operate on switch. Switch usually does not have mobility

6 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 There is multi hop to get authentication server?  If there is one authentication server managing several s upplicant, it is not assure that an authenticator place wit hin one hop distance  Although authentication server is in authenticator, it wou ld manage other supplicants  Otherwise, why authentication server is need?

7 EPON Technology Team EPON Technology Team ( 본 발표자료는 대외비임.) 12/6/2015 Authentication server is more?  If so, whenever device is changed to other access point, we must set authentication information within appropri ate authentication server. This is not different that we in stall symmetric key on new device if we use symmetric key encryption

Download ppt "EPON Technology Team 12/6/2015 Key Management [802.1af - considerations] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute."

Similar presentations

Authentication.

Authentication.
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute.

EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the 802.15.4 Network.

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.

Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.

Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.
Method of identifying mobile devices Srinivas Tenneti.

Method of identifying mobile devices Srinivas Tenneti.
LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.

LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.

Similar presentations

Ads by Google