Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 1 Comments on WAPI Date: 2005-02-15 Notice: This document has been prepared to assist IEEE.

Published byBarnaby Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 1 Comments on WAPI Date: 2005-02-15 Notice: This document has been prepared to assist IEEE."— Presentation transcript:

1 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 1 Comments on WAPI Date: 2005-02-15 Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http://stuartpatcom Authors:

2 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 2 Abstract This document contains technical comments regarding JTC1/SC6’s forwarding of the Chinese NB contribution (National Standard of China, GB15629.11) found in 6N12687 to the IEEE 802 (and specifically IEEE 802.11) for information.

3 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 3 Overview Statement There are many issues to be resolved for successful integration of GB15629.11 into 802.11 and 8802-11 We believe that cooperation between China’s experts and the 802.11 Membership can successfully address all of these issues

4 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 4 Backward Compatibility Concerns GB15629.11 omits provisions for backwards compatibility –Its adoption would make all deployed implementations of 8802-11 non-compliant by removing all description of WEP. –While WEP may have many failings, continued support to facilitate migration is essential. –Removing WEP entirely represents an onerous economic burden on both users and vendors of 8802-11

5 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 5 Forward Compatibility Concerns GB15629.11 does not consider forward compatibility –It does not have any signaling mechanism to negotiate which cipher suite and authentication suite is used –This makes future enhancements more difficult –This blocks further innovation in the standard GB15629.11’s known incompatibilities include: –IEEE Draft Std 802.11e –IEEE Draft Stds 802.11k, 802.11u, and 802.11w –IEEE Draft Std 802.11n –IEEE Draft Std 802.11r –IEEE Draft Std 802.11s No mechanism will assure forward compatibility other than collaborating with IEEE 802.11 Working Group

6 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 6 Interoperation Issues Interoperation between equipment built for different jurisdictions prevented by GB15629.11 –Undesirable for a proposed international standard In contrast, IEEE Std 802.11i provides an extensible security mechanism –If a jurisdiction wishes to add new authentication algorithms and encryption algorithms (such as WAPI), they can do so within 802.11i framework Without breaking interoperability with devices built for other jurisdictions Without consent of IEEE 802.11 Working Group And even without waiting for IEEE 802.11 Working Group to allocate one – use a vendor specific OUI

7 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 7 “Secret” Encryption Algorithm Concerns GB15629.11 is incomplete, as it does not specify an encryption algorithm to use –Implementation of the standard by all parties is not possible. Each vendor must be able to implement the encryption scheme –An international standard must specify all the algorithms needed for its implementation In general almost no commercial market will trust or accept unknown ciphers It is infeasible to maintain the secrecy of any algorithm in mainstream commercial products –Methods that effectively hinder reverse engineering of either hardware or software implementations too expensive for products in the consumer space –Private algorithms can only go in controlled products instead of commercial products to remain secret, e.g., military-only Nations can maintain private algorithms, but only for non-standard modes of operation

8 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 8 Authentication Concerns (1) GB15629.11 fails to consider global market requirements for authentication –Different WLAN market segments require different authentication mechanisms Enterprises plan to use EAP-TLS, PEAP, and TTLS, to leverage investment in RADIUS databases 3GPP plans to use EAP-SIM, to leverage investment in GSM- SIM China Mobile plans to use CAVE, to leverage its pre-existing authentication investment Consumer electronics plans to use pre-shared keys, because homes do not have IT departments to manage on-line trusted third party servers

9 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 9 Authentication Concerns (2) JTC1 already has an adopted digital certificate format— X.509. Why does it need another for 8802-11? –No rationale given for GB15629.11 specific certificate formats –Certificate design known to be fraught with difficulty GB15629.11 certificate is missing all the extensions that have been added to X.509 over the last decade to address obvious interoperability and operational problems E.g., design does not consider ASU key expiry E.g., design does not consider cross certification E.g., design does not consider certificate chains longer than two certificates Why is certificate design a WLAN specification issue? Why is back-end infrastructure a WLAN specification issue? –It is true the back-end design must be considered to understand the system security, but it is not part of the WLAN

10 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 10 Other Technical Comments (1) A STA can't distinguish a WAPI-enabled AP from a legacy AP An AP can’t distinguish a WAPI-enabled STA from a legacy STA As in 802.11i, authentication and key negotiation take place after association, leading to service disruption during AP-to-AP transition –GB15629.11 is incompatible with 802.11r, so cannot utilize the fast roaming features developed by IEEE 802.11r

11 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 11 Security Issues In an ad-hoc network, the same key is used by all STAs for all traffic. This is a security defect –All STAs initialize the PN to the same value –Frames sent by different STAs will be protected with the same key and PN. –Since OFB is a stream cipher, this replicates WEP’s known IV reuse defect Uses plain CBC-MAC for MIC, a security defect –CBC-MAC is not secure when used with variable length messages See Bellare, Killian, and Rogaway, “The Security of the Cipher Block Chaining Message Authentication Code,” CRYPTO ’94 Proceedings –Either reverse order of encryption and message integrity (this must be done with care to work), or else need a different message integrity code Transmit and Receive addresses unprotected from forgery

12 doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 12 Summary Forward and backward compatibility have to be provided Interoperation issues needed to be resolved The following concerns should be addressed: –“Secret” Encryption Algorithm Concerns –Performance and Cost Concerns –Authentication Concerns A number of security issues in GB15629.11 must be addressed None of these issues are insurmountable if China’s security experts work with the IEEE 802.11 Working Group to integrate GB15629.11 into ISO/IEC 8802-11 via IEEE 802.11 Working Group

Download ppt "Doc.: IEEE 802.11-05/0122r0 Submission February 2005 DraftSlide 1 Comments on WAPI Date: 2005-02-15 Notice: This document has been prepared to assist IEEE."

Similar presentations

Doc.: IEEE 802.11-07/0300r1 Submission May 2007 Guenael Strutt, MotorolaSlide 1 LB93 Unresolved RFI Comments Notice: This document has been prepared to.

Doc.: IEEE /0300r1 Submission May 2007 Guenael Strutt, MotorolaSlide 1 LB93 Unresolved RFI Comments Notice: This document has been prepared to.
Doc.: IEEE 802.11-07/0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.

Doc.: IEEE /0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.
Doc.: IEEE 802.11-07/0256r0 Submission February 2007 A. Centonza, D. StephensonSlide 1 Limitations on the Use of EBR Notice: This document has been prepared.

Doc.: IEEE /0256r0 Submission February 2007 A. Centonza, D. StephensonSlide 1 Limitations on the Use of EBR Notice: This document has been prepared.
Doc.: IEEE 802.11-05/0866r1 Submission September 2005 Michael Montemurro, Chantry NetworksSlide 1 Mobility Domain Definition and Description Notice: This.

Doc.: IEEE /0866r1 Submission September 2005 Michael Montemurro, Chantry NetworksSlide 1 Mobility Domain Definition and Description Notice: This.
Doc.: IEEE 802.22-12/90r0 Submission Nov., 2012 NICTSlide 1 802.22b NICT Proposal IEEE P802.22 Wireless RANs Date: 2011-10-28 Authors: Notice: This document.

Doc.: IEEE /90r0 Submission Nov., 2012 NICTSlide b NICT Proposal IEEE P Wireless RANs Date: Authors: Notice: This document.
Doc.: IEEE 802.11-06/0930r0 Submission July 2006 Nancy Cam-Winget, Cisco Slide 1 Editor Updates since Jacksonville Notice: This document has been prepared.

Doc.: IEEE /0930r0 Submission July 2006 Nancy Cam-Winget, Cisco Slide 1 Editor Updates since Jacksonville Notice: This document has been prepared.
Doc.: IEEE 802.11-06/1867r1 Submission November 2006 802.11r Security TeamSlide 1 TGr Security Requirements Notice: This document has been prepared to.

Doc.: IEEE /1867r1 Submission November r Security TeamSlide 1 TGr Security Requirements Notice: This document has been prepared to.
Doc.: IEEE 802.19-09/0094r0 Submission November 2009 Steve Shellhammer, QualcommSlide 1 Comments on 802.22.3 PAR Notice: This document has been prepared.

Doc.: IEEE /0094r0 Submission November 2009 Steve Shellhammer, QualcommSlide 1 Comments on PAR Notice: This document has been prepared.
Doc.: IEEE 802.11-06/0121r0 Submission January 2006 S. Bezzateev, A. Fomin, M. WongSlide 1 Broadcast Management Frame Protection Notice: This document.

Doc.: IEEE /0121r0 Submission January 2006 S. Bezzateev, A. Fomin, M. WongSlide 1 Broadcast Management Frame Protection Notice: This document.
Doc.: IEEE 802.11-06/0644r2 Submission May 2006 Päivi Ruuska, NokiaSlide 1 Measurement Pilot Transmission Information as optional information in Probe.

Doc.: IEEE /0644r2 Submission May 2006 Päivi Ruuska, NokiaSlide 1 Measurement Pilot Transmission Information as optional information in Probe.
Doc.: IEEE 802.11-06/1807r2 Submission November 2006 Matthew Fischer (Broadcom)Slide 1 TGN adhoc MAC subgroup report for November 2006 Notice: This document.

Doc.: IEEE /1807r2 Submission November 2006 Matthew Fischer (Broadcom)Slide 1 TGN adhoc MAC subgroup report for November 2006 Notice: This document.
Doc.: IEEE 802.11-05/1212r0 Submission TGT and MEF Liaison Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for.

Doc.: IEEE /1212r0 Submission TGT and MEF Liaison Notice: This document has been prepared to assist IEEE It is offered as a basis for.
Doc.: IEEE 802.11-10/86r2 Submission March, 2010 Gabor BajkoSlide 1 Location Proxy Notice: This document has been prepared to assist IEEE 802.11. It is.

Doc.: IEEE /86r2 Submission March, 2010 Gabor BajkoSlide 1 Location Proxy Notice: This document has been prepared to assist IEEE It is.
Doc.: IEEE 802.11-05/0667r0 Submission July 2005 Mike Moreton, STMicroelectronicsSlide 1 Multiple Networks Notice: This document has been prepared to assist.

Doc.: IEEE /0667r0 Submission July 2005 Mike Moreton, STMicroelectronicsSlide 1 Multiple Networks Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-05/0028r0 Submission January 2005 Eleanor Hepworth, Siemens Roke ManorSlide 1 Definitions and Terminology Notice: This document has been.

Doc.: IEEE /0028r0 Submission January 2005 Eleanor Hepworth, Siemens Roke ManorSlide 1 Definitions and Terminology Notice: This document has been.
Doc.: IEEE 802.11-06/1528r0 Submission 22 September 2006 Naveen Kakani, Nokia, IncSlide 1 TGn PSMP adhoc Group September Closing Report Notice: This document.

Doc.: IEEE /1528r0 Submission 22 September 2006 Naveen Kakani, Nokia, IncSlide 1 TGn PSMP adhoc Group September Closing Report Notice: This document.
Doc.: IEEE 802.11-05/0197r0 Submission March 2005 Nancy Cam-Winget et alSlide 1 TAP & JIT Merge Process Notice: This document has been prepared to assist.

Doc.: IEEE /0197r0 Submission March 2005 Nancy Cam-Winget et alSlide 1 TAP & JIT Merge Process Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-05/0460r1 Submission March 2006 Fujio Watanabe, DoCoMo USA LabsSlide 1 Japanese Emergency Call Regulation Notice: This document has been.

Doc.: IEEE /0460r1 Submission March 2006 Fujio Watanabe, DoCoMo USA LabsSlide 1 Japanese Emergency Call Regulation Notice: This document has been.
Doc.: IEEE 802.11-11/0295r0 Submission March 15, 2011 Fei Tong, CSRSlide 1 Reference waveform generator for 11ac Notice: This document has been prepared.

Doc.: IEEE /0295r0 Submission March 15, 2011 Fei Tong, CSRSlide 1 Reference waveform generator for 11ac Notice: This document has been prepared.
Doc.: IEEE 802.11-07/0652r1 Submission May 2007 Emily Qi, Intel CorporationSlide 1 TGv Redline D0.12 Insert and Deletion Notice: This document has been.

Doc.: IEEE /0652r1 Submission May 2007 Emily Qi, Intel CorporationSlide 1 TGv Redline D0.12 Insert and Deletion Notice: This document has been.

Similar presentations

Ads by Google