1 / 7

PMF, take one A simple 802.11i extension

PMF, take one A simple 802.11i extension. Fabrice Stevens, Sébastien Duré France Telecom March 2005. Goals of this presentation. This is not a proposal! Show that a very simple extension of 802.11i could provide some security features in a post-802.11i scheme. Overall mechanism.

cdarryl
Download Presentation

PMF, take one A simple 802.11i extension

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PMF, take oneA simple 802.11i extension Fabrice Stevens, Sébastien Duré France Telecom March 2005 Fabrice Stevens, Sébastien Duré

  2. Goals of this presentation • This is not a proposal! • Show that a very simple extension of 802.11i could provide some security features in a post-802.11i scheme Fabrice Stevens, Sébastien Duré

  3. Overall mechanism • 802.11i derives PTK, GTK • Use them! • GTK used in encrypting/signing broadcast management frames • Keys derived from PTK used in encrypting/signing unicast management frames • Define a new management frame type • Define a new IE Fabrice Stevens, Sébastien Duré

  4. More specifically… • Define a new IE • EID Length ANonce Signature • Add this IE to management frames that only need integrity/authenticity (and replay protection) • For confidentiality, one possibility: • Define a new management frame, that encapsulates an encrypted management frame • Frame body • ANonce (counter incremented by 1 at every frame) • Encrypted management frame • Signature of the whole frame (brings integrity/authenticity too…) Fabrice Stevens, Sébastien Duré

  5. Other security features • Replay protection • last_ANonce set to 0 after 802.11i exchange • When client receives a PMF • If (ANonce > last_ANonce) • If the signature is valid, update ANonce • Else drop the frame • Else • Drop the frame Fabrice Stevens, Sébastien Duré

  6. Pros and cons • Pros • Simple, very limited changes to 802.11 • Data origin authentication, confidentiality, and replay protection provided • Cons • Limitation : assumes 802.11i was performed before… • No initial protection for management frames • Of course has a lot of open issues… • Once again, it's not a proposal! Fabrice Stevens, Sébastien Duré

  7. Conclusion • Post-802.11i solutions benefit from existing keying material • Proposals for 802.11k have been presented, e.g. • Radio Measurement Action Protection – 802.11-04/685r0 & 686r1, Jesse Walker • Frame Encapsulation – 802.11-04/737r0, Mike Moreton • On the other hand, there is no existing pre-802.11i solution at this point. This leaves a lot of work to do… Fabrice Stevens, Sébastien Duré

More Related