Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:

Similar presentations


Presentation on theme: "Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:

2 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Background IEEE 802.11 provides cryptographic security using work developed in TGi (2004) –Key Establishment / Authentication Pre-Shared Keys 802.1X / EAP / Radius Authentication –AES-CCMP for link encryption What are we missing? March 2012 Paul A. Lambert (Marvell)Slide 2

3 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Strong Device-to-Device Authentication IEEE 802.11 does not have a “good” solution for device-to-device authentication Preshared keys are problematic: –Difficult to install –Poor authentication (can be reshared) EAP based methods are designed to use a remote server July 2012 Paul A. Lambert (Marvell)Slide 3

4 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Device-to-Device Authentication Possible Use Cases and Benefits Simplified secure device discovery –All devices have an provable identity –Enables good peer-to-peer security Easy device enrollment and installation –Provable identity greatly simplifies installation process –Simplified installation of headless devices (sensors, etc) Cost and complexity reduced for systems needing centralized authorization July 2012 Paul A. Lambert (Marvell)Slide 4

5 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Proposed Framework Every device has a public / private key – public key is used as identity Raw key or hash of Key Certificate, but not requiring a Certificate Authority (CA’s assign names – this is not necessary) Simple Key Exchange –Preassociation in 802.11 –4 message exchange –based on well defined cryptographic standards (a few to choose from – ANSI, etc.) –Able to support Suite B July 2012 Paul A. Lambert (Marvell)Slide 5

6 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Public Key Based Authentication November 2011 Paul A. Lambert (Marvell)Slide 6 Private Key Public Key Public Keys can be openly shared Key pairs are used in an authentication exchange that proves that an entity “holds” a particular public key K 1 K 2

7 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Simple Device Enrollment Devices have a identity out-of-the box –Self generated key pair –Binding of wireless authentication to a specific device Label based on public key Remote enrollment based on knowing identity July 2012 Paul A. Lambert (Marvell)Slide 7

8 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Scalable Access Authorization November 2011 Paul A. Lambert (Marvell)Slide 8 Can K 1 enter network? K 1 K 2 Access control servers do NOT need to hold any secrets

9 doc.: IEEE 802.11-11/12-0766-00-0wng Submission Straw Poll Would this group support the definition of device-to-device public key authentication mechanisms for IEEE 802.11? yes: no: abstain: July 2012 Paul A. Lambert (Marvell)Slide 9


Download ppt "Doc.: IEEE 802.11-11/12-0766-00-0wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: 2012-07-17 Authors:"

Similar presentations


Ads by Google