Download presentation
Presentation is loading. Please wait.
1
doc.: IEEE 802.11-13/0133r3 Submission NameAffiliationsAddressPhoneemail Hitoshi MORIOKAAllied Telesis R&D Center 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN +81-92-771-7630 hmorioka@root-hq.com George CherianQualcomm5775 Morehouse Dr, San Diego, CA, USA +1 858 651 6645 gcherian@qti.qualcomm.co m Rene StruikStruik Security Consultancy Toronto, ON, CanadaCell: +1 (647) 867- 5658 Skype: rstruik Rstruik.ext@gmail.com Nehru BhandaruBroadcom nehru@broadcom.com Hiroki NakanoTrans New Technology, Inc. 8F, 62 Tukiboko-cho, Shimogyo, Kyoto 600-8492 JAPAN +81-75-213-1200 cas@gmail4.trans-nt.com January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 1 Higher Layer Setup Ad-hoc Summary Date: 2013-01-17 Authors:
2
doc.: IEEE 802.11-13/0133r3 Submission January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 2 Abstract This document is the summary of higher layer setup ad- hoc held on Tue. PM2, Wed. PM1 and Thu. AM1.
3
doc.: IEEE 802.11-13/0133r3 Submission FILS Authentication/Association (D0.3) January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 3 STA AP Authentication Association Request Association Response Key Derivation Part of the Frame is Encrypted Key Confirmation
4
doc.: IEEE 802.11-13/0133r3 Submission Encryption Part in Assoc. Req./Resp. in D0.3 January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 4 MAC Header Capability IEs FILS Session IE IEs FCS All IEs following FILS Session IE shall be encrypted.
5
doc.: IEEE 802.11-13/0133r3 Submission Problem Description Draft 0.2, section 11.11.2.4 says: –“The input ciphertext shall be the contents of the Association Response frame that follow the FILS Session element” What does it mean? –All vendor specific IEs will need to be encrypted –All IEs added in the future will need to be encrypted –We should remain the ability to add unencrypted, but authenticated IEs in the future.
6
doc.: IEEE 802.11-13/0133r3 Submission Proposal Define a new IE in Association Req/Resp that can be used to carry a set of TLVs (that include higher layer information etc.) –Will need the ability to encrypt the content –Will need the ability to fragment the content Because –Higher Layer Information shall be protected. –Higher Layer Information may be larger than 255 octets.
7
doc.: IEEE 802.11-13/0133r3 Submission Encryption Part in Assoc. Req./Resp. of the Proposal January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 7 Only the value of the Secure Container IE(s) is(are) Encrypted (type and length info is not Encrypted) MAC Header Capability IEs Secure Container IE(s) FCS IEs (future IEs and Vendor Specific IEs) MAC Header Capability IEs FILS Session IE IEs FCS D0.3Proposal FILS Session IE
8
doc.: IEEE 802.11-13/0133r3 Submission Secure Container IE Concept January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 8 DATA2 TagLength TLV is not IE. Length field is 2 octets to accommodate large data. EID Len Frag. Info. Fragment into Container IEs. TLVs EID Len Frag. Info. EID Len Frag. Info. DATA1 TagLength DATA2 EID Encrypted TLVs (may larger than 255 octets) Encrypted TLVs In a Single Frame Encipher entire value of container IE Len Subsequently, do fragmentation
9
doc.: IEEE 802.11-13/0133r3 Submission More Requirements The following information MUST be authenticated –BSSID –STA’s MAC Address –AP Nonce –STA Nonce –Capability field –All IEs January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 9
10
doc.: IEEE 802.11-13/0133r3 Submission Detailed Encryption Sequence (1) January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 10 DATA2 DATA1 TagLen1 DATA1 TagLen2 DATA2 STEP 1: Construct TLVs for each data. TagLen1 DATA1 TagLen2 DATA2 STEP 2: Concatenate all TLVs to a single bundle. Len=Len1 + Len2+2x2x2 Encrypted TLVs STEP 3: Encrypt entire bundle As part of AEAD Forward operation For details, see next slide EID Len EID Len
11
doc.: IEEE 802.11-13/0133r3 Submission Detailed Encryption Sequence (2) January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 11 STEP 3 (detail): Encrypt the TLVs. Key: KEK2 Plaintext: TLVs AAD: BSSID, STA addr, AP Nonce, STA Nonce, Capability, IEs (not to encrypt), IE headers computed in STEP 3. Nonce: (AP->STA) 0, (STA->AP) 1 EID LenA EID LenB EID LenC Encrypted TLVs STEP 4: Fragment the encrypted TLVs. Confirm the headers are same as computed in STEP 3a. MAC Header Capability IEs Secure Container IE(s) MAC Tag IEs (future IEs and Vendor Specific IEs) STEP 5: Prepare the frame to transmit. EID Len Encrypted TLVs FCS
12
doc.: IEEE 802.11-13/0133r3 Submission Start of decryption Sequence (1) January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 12 EID LenA EID LenB EID LenC Encrypted TLVs MAC Header Capability IEs Secure Container IE(s) MAC Tag IEs (future IEs and Vendor Specific IEs) EID Len Encrypted TLVs FCS MAC Header Capability IEs Secure Container IE(s) Without fragmentation MAC Tag IEs (future IEs and Vendor Specific IEs) Etc.
13
doc.: IEEE 802.11-13/0133r3 Submission Straw poll Do you support the suggested changes to the encryption and authentication process by which portions of Association Request/Response frame are authenticated and/or encrypted, as described on these slides? Result –Yes: –No: –Need more info: –Don’t Care: January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 13
14
doc.: IEEE 802.11-13/0133r3 Submission Backup January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 14
15
doc.: IEEE 802.11-13/0133r3 Submission Straw poll 1 Do you support to modify the encryption of Association Request/Response? Result (Y/N/A): 10/2/24 January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 15
16
doc.: IEEE 802.11-13/0133r3 Submission Straw poll 2 Do you support to create container IE for encryption and fragmentation? Result (Y/N/Need more info): 8/2/24 January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 16
17
doc.: IEEE 802.11-13/0133r3 Submission Generic Fragmentation Container IE Concept January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 17 DATA > 255 octets DATA > 255 octets Single IE CANNOT carry data larger than 255 octets. So we’d like to provide generic framework for large data. DATA > 255 octets DATA > 255 octets TagLength TLV is not IE. Length field is 2 octets to accommodate large data. TagLength EID Len Frag. Info. DATA EID Len Frag. Info. DATA EID Len Frag. Info. DATA Fragment into Container IEs. TLV DHCP In Single Frame
18
doc.: IEEE 802.11-13/0133r3 Submission Generic Encryption Container IE Concept January 2013 Hitoshi Morioka, Allied Telesis R&D CenterSlide 18 DATA2 TagLength TLV is not IE. Length field is 2 octets to accommodate large data. EID Len Frag. Info. Fragment into Container IEs. TLVs Encrypt. Info. EID Len Frag. Info. EID Len Frag. Info. DATA1 TagLength DATA2 Encrypt. Info. Encrypted TLVs (may larger than 255 octets) Encrypted TLVs In Single Frame
Similar presentations
