170 likes | 302 Views
Overview of Improvements to Key Holder Protocols. Authors:. Date: 2007-06-27. Abstract.
E N D
Overview of Improvements to Key Holder Protocols Authors: Date: 2007-06-27 Steve Emeott, Motorola
Abstract This submission provides an overview of document 11-07/1987r1, which proposes improvements to the key holder communications protocols defined for use in the mesh security architecture. The proposed changes are include expanded error handling features, revisions to the key holder handshake and key transport push protocol, and new MLME-SAP interface primitives. 20 comments are addressed by the proposed changes. Steve Emeott, Motorola
Outline • Mesh key holder architecture • Improvements: Key holder communications • Summary of comments received • Overview of proposed changes • Additional details Steve Emeott, Motorola
RSNA Key Management PMK-MKD-KH / Local PMK-MKD-KH PMK-MA-KH / Local PMK-MA-KH Mesh Key Holder Architecture Mesh Key Distributor • Mesh key holders are part of MP SME RSNA key management • Architecture defines the keys computed by each key holder • Computation of PMK-MKD, PMK-MA and MKDK • Restricted to PMK-MKD-KH for peer MP keys • Restricted to Local PMK-MKD-KH for local MP keys • Computation of PTK-MA and MPTK-KD • Restricted to PMK-MA-KH for peer MP keys • Restricted to Local PMK-MA-KH for local MP keys Scope of submission: improving communications between key holders Mesh Authenticator Steve Emeott, Motorola
Key Holder Exchanges • Key holder handshake • Used to derive a fresh key delivery key, negotiate EAP message transport protocol to use • Key transfer • Pull Mode • Push Mode • Delete • EAP message transport • Used to transport EAP messages between 802.11s Authenticator and NAS Client entities when they are not co-located Steve Emeott, Motorola
Comments Received • Questions about processing steps and status code that should be included for error handling • Question about whether key holder handshake should be extended to 4 messages for better error handling • Request to make key transfer protocol optional • Request to identify key used to integrity protect messages • Questions about message token and sequence number fields included to prevent replay attacks Steve Emeott, Motorola
Overview of Changes • Explicitly defined processing steps and status codes for error handling in all key holder exchanges • Conditions for silently discarding messages • Conditions for retrying key holder handshake messages • Values of status codes for indicating failures • Defined MLME primitives and MIB variables • Primitives defined in support of key holder architecture • Also need primitives and MIB variables to define error handling • Made key transport protocol optional • Key transport protocol can be negotiated during key holder handshake • Defined key name field to identify MIC key Steve Emeott, Motorola
Overview of Changes (cont.) • Added 4th message to key holder handshake • Permits aspirant MA to manage retries of handshake messages, enabling MKD to simply respond to messages it receives • Permits negotiation of optional EAP and Key transport protocol during key holder handshake • Named replay counters and replaced message token in EAP encapsulation field with replay counter • Improved the key transport protocol • Renamed pull mode messages to request and response • Reused pull mode messages in the push mode protocol, and added 3rd message to combat delay attacks Steve Emeott, Motorola
MA SME MAC Additional Details • Mesh Key Holder Security Handshake MKD Multihop Action Frame MAC SME MLME-MeshKeyHolderHandshake.request Handshake Msg 1 MLME-MeshKeyHolderHandshake.indication MLME-MeshKeyHolderHandshake.confirm MLME-MeshKeyHolderHandshake.request Handshake Msg 2 MLME-MeshKeyHolderHandshake.indication MLME-MeshKeyHolderHandshake.confirm … Steve Emeott, Motorola
MA SME MAC Additional Details (cont.) • Key Transport – Pull Mode MKD Multihop Action Frame MAC SME MLME-MeshKeyTransport.request Request MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Response MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm Steve Emeott, Motorola
Additional Details (cont.) • Key Transport – Push Mode MA MKD Multihop Action Frame SME MAC MAC SME MLME-MeshKeyTransport.request Notify MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Request MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Response MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm Steve Emeott, Motorola
MA SME MAC Additional Details (cont.) • EAP Transport MKD Multihop Action Frame MAC SME MLME-MeshEAPTransport.request EAP Encapsulation Request MLME-MeshEAPTransport.indication MLME-MeshEAPTransport.confirm MLME-MeshEAPTransport.request EAP Encapsulation Response MLME-MeshEAPTransport.indication MLME-MeshEAPTransport.confirm Steve Emeott, Motorola
Backup Steve Emeott, Motorola
Review of Recent Changes • Highlights of improvements already made to MSA • Improvements to PLM (11-07/0440r0: 106 comments) • Definition of MIB variables for MSA (11-07/0436r1: 25 comments) • Simplification of frame formats for key holder messages (11-07/0286r0: & 11-07/0287r1: 35 comments) • Addition of AES-128-MAC MIC algorithm (11-07/0435r1: 4 comments) • Upgrades to better support co-located MKD/MA (11-07/0437r1: 3 comments) • Integration of PLM into MSA authentication handshake (11-07/0564r2: 16 comments) • Clean up of key derivation clause (11-07/0618r0: 21 comments) Steve Emeott, Motorola
Work in Progress • Areas where unresolved comments are still under discussion • Key holder communications – document 07/1987 (20 comments) • Cleanup of high level architecture description (15 comments) • Pre-shared keys (8 comments) • Abbreviated handshake (5 comments) • Other (40 comments) Steve Emeott, Motorola
Authentication Server Radius Multihop Action PLM & EAPOL Network Access Server (AAA Client) 802.1X Authenticator (Controlled Port) 802.1X Supplicant Local PMK-MKD-KH Local PMK-MA-KH PMK-MKD-KH PMK-MA-KH Optionally mesh key holders may be co-located Exemplary Implementation of Initial MSA Authentication Steve Emeott, Motorola