50 likes | 69 Views
Proposed Modifications to 802.11e-D4.0 Direct Link Protocol. Carlos Rios, RiosTek LLC. D4.0 DLP Summary. DLP per 802.11e-D4.0 is a simple protocol to allow non-AP QSTAs to communicate directly while actively maintaining a BSS association .
E N D
Proposed Modifications to 802.11e-D4.0 Direct Link Protocol • Carlos Rios, RiosTek LLC
D4.0 DLP Summary • DLP per 802.11e-D4.0 is a simple protocol to allow non-AP QSTAs to communicate directly while actively maintaining a BSS association . • Adds just three new Action Frames to 802.11-1999DLP-Request, relayed through AP, lets QSTA1 ask QSTA2 to dance DLP-Response, relayed through AP, provides QSTA1 with an answerDLP-Probe optionally allows QSTAs to gauge the direct link • The AP serves as a “Gatekeeper and Facilitator” in setting up the DLP • However, this protocol has several flaws • DLP functionality should be available to all non-AP stations • Essential security elements are not incorporated • DLP-Probe functionality can be provided with existing 802.11-1999 frames
Proposed DLP Modifications DLP Request/Response AP 1b 1a • (Not necessarily Q)STA-1 sends DLP-Request to (Not necessarily Q)STA-2 via AP (1a) • DLP-Request contains STA-1 Capabilities, Supported Rates, RSN Information Element • AP forwards the DLP-Request to STA-2 (1b) • If WSTA-2 is in Power Save mode, then AP buffers the frame, and announces pending traffic to STA-2 in the TIM, so that STA-2 can retrieve it as desired • Else: If BSS policy disallows DLP, AP returns DLP-Response to STA-1 with status code “Not Allowed” • Else: If STA-2 not in the BSS, then AP returns DLP-Response to STA-1 with status code “Not Present” • STA-2, agreeing to DLP, transmits a DSP-Response to AP with Status Code “Success” (2a) • DLP-Response contains STA-2 Capabilities, Supported Rates, RSN IE • Else: If WSTA-2 refuses to DLP, returns DLP-Response with status code “Refused” • AP forwards the DLP-Response frame to STA-1 (2b) 2b 2a STA-1 STA-2
More DLP Protocol Modifications AP DLP-Request/Response 2b 1b 1a DLP-Key 2a • DLP enabled, but STAs don’t possess keys to establish a secure RSN session • The AP, knowing both STAs’ RSNIEs, selects highest-security-level common authentication and cipher suites • The AP calculates an appropriate STA-1/STA-2 DLP Pairwise Master Key • The AP distributes selected authentication and cipher suites, DLP PMK to STA-1 (3a) and STA-2 (3b) in (encrypted!) DLP-Key messages • The AP then promptly clears its DLP PMK register and “forgets” the key • STA-1 and STA-2 then immediately execute direct mutual authentication and encryption key derivation/management hnadshake, and establish a secure DLP link • “Link Quality” can be gauged during the authentication handshake, dispensing with the need for separate DLP-Probe frames • STAs shall stay awake for a “no-activity” timeout period following every reception. • If either STA times out further data exchange shall be routed through the AP until and if another DLP session is established • Stations maintain a cache with the side channel capabilities on a per destination STA basis Authentication 3a 3b 4 STA-1 STA-2
Proposed DLP Modifications Summary • The modified DLP remains a simple protocol, but now allows non-AP STAs to communicate directly while actively maintaining a BSS association . • Adds just three new Action Frames to 802.11-1999DLP-Request, relayed through AP, lets QSTA1 ask QSTA2 to dance DLP-Response, relayed through AP, provides QSTA1 with an answerDLP-Key, from the AP, provides essential security elementsRedundant DLP-Probe has been eliminated • The AP still serves as a “Gatekeeper and Facilitator” in setting up the DLPNow even more so, as “Security Chief” • The herein modified DLP is a more comprehensive and robust solution • Candidate normative text revisions to 802.11e-D4.0 are contained in document 03/x02r0