180 likes | 331 Views
Higher Layer Setup Ad-hoc Summary. Authors:. Date: 2013-01-17. Abstract. This document is the summary of higher layer setup ad-hoc held on Tue. PM2, Wed. PM1 and Thu. AM1. FILS Authentication/Association (D0.3). STA. AP. Authentication. Key Derivation. Authentication. Key Derivation.
E N D
Higher Layer Setup Ad-hoc Summary Authors: Date: 2013-01-17 Hitoshi Morioka, Allied Telesis R&D Center
Abstract This document is the summary of higher layer setup ad-hoc held on Tue. PM2, Wed. PM1 and Thu. AM1. Hitoshi Morioka, Allied Telesis R&D Center
FILS Authentication/Association (D0.3) STA AP Authentication Key Derivation Authentication Key Derivation Association Request Key Confirmation Part of the Frame is Encrypted Association Response Hitoshi Morioka, Allied Telesis R&D Center
Encryption Part in Assoc. Req./Resp. in D0.3 MAC Header Capability IEs FILS Session IE IEs All IEs following FILS Session IE shall be encrypted. FCS Hitoshi Morioka, Allied Telesis R&D Center
Problem Description • Draft 0.2, section 11.11.2.4 says: • “The input ciphertext shall be the contents of the Association Response frame that follow the FILS Session element” • What does it mean? • All vendor specific IEs will need to be encrypted • All IEs added in the future will need to be encrypted • We should remain the ability to add unencrypted, but authenticated IEs in the future.
Proposal • Define a new IE in Association Req/Resp that can be used to carry a set of TLVs (that include higher layer information etc.) • Will need the ability to encrypt the content • Will need the ability to fragment the content • Because • Higher Layer Information shall be protected. • Higher Layer Informationmay belarger than 255 octets.
Encryption Part in Assoc. Req./Resp. of the Proposal D0.3 Proposal MAC Header MAC Header Capability Capability IEs IEs FILS Session IE Secure Container IE(s) FILS Session IE Only the value of the Secure Container IE(s) is(are) Encrypted (type and length info is not Encrypted) IEs IEs (future IEs and Vendor Specific IEs) FCS FCS Hitoshi Morioka, Allied Telesis R&D Center
Secure Container IE Concept Subsequently, do fragmentation Encipher entire value of container IE In a Single Frame TLVs EID Len EID Len Frag. Info. Tag Length Encrypted TLVs (may larger than 255 octets) DATA1 Encrypted TLVs DATA1 EID Len Frag. Info. Encrypted TLVs Tag Length DATA2 DATA2 EID Len Frag. Info. Encrypted TLVs TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center
More Requirements • The following information MUST be authenticated • BSSID • STA’s MAC Address • AP Nonce • STA Nonce • Capability field • All IEs Hitoshi Morioka, Allied Telesis R&D Center
Detailed Encryption Sequence (1) EID Len Tag Len1 Tag Len1 EID Len DATA1 DATA1 DATA1 Encrypted TLVs Encrypted TLVs Tag Len2 Tag Len2 DATA2 DATA2 DATA2 Encrypted TLVs STEP 1: Construct TLVs for each data. STEP 2: Concatenate all TLVs to a single bundle. Len=Len1 + Len2+2x2x2 STEP 3: Encrypt entire bundle As part of AEAD Forward operation For details, see next slide Hitoshi Morioka, Allied Telesis R&D Center
Detailed Encryption Sequence (2) EID Len MAC Header Encrypted TLVs EID LenA Capability Encrypted TLVs IEs Encrypted TLVs EID LenB Encrypted TLVs Secure Container IE(s) Encrypted TLVs EID LenC Encrypted TLVs STEP 3 (detail): Encrypt the TLVs. Key: KEK2 Plaintext: TLVs AAD: BSSID, STA addr, AP Nonce, STA Nonce, Capability, IEs (not to encrypt), IE headers computed in STEP 3. Nonce: (AP->STA) 0, (STA->AP) 1 STEP 4: Fragment the encrypted TLVs. Confirm the headers are same as computed in STEP 3a. IEs (future IEs and Vendor Specific IEs) MAC Tag FCS STEP 5: Prepare the frame to transmit. Hitoshi Morioka, Allied Telesis R&D Center
Start of decryption Sequence (1) MAC Header MAC Header EID Len EID LenA Capability Capability Encrypted TLVs Encrypted TLVs IEs IEs EID LenB Encrypted TLVs Encrypted TLVs Secure Container IE(s) Without fragmentation Secure Container IE(s) EID LenC Encrypted TLVs Encrypted TLVs IEs (future IEs and Vendor Specific IEs) IEs (future IEs and Vendor Specific IEs) Etc. MAC Tag MAC Tag FCS Hitoshi Morioka, Allied Telesis R&D Center
Straw poll • Do you support the suggested changes to the encryption and authentication process by which portions of Association Request/Response frame are authenticated and/or encrypted, as described on these slides? • Result • Yes: • No: • Need more info: • Don’t Care: Hitoshi Morioka, Allied Telesis R&D Center
Backup Hitoshi Morioka, Allied Telesis R&D Center
Straw poll 1 • Do you support to modify the encryption of Association Request/Response? • Result (Y/N/A): 10/2/24 Hitoshi Morioka, Allied Telesis R&D Center
Straw poll 2 • Do you support to create container IE for encryption and fragmentation? • Result (Y/N/Need more info): 8/2/24 Hitoshi Morioka, Allied Telesis R&D Center
Generic Fragmentation Container IE Concept Single IE CANNOT carry data larger than 255 octets. So we’d like to provide generic framework for large data. In Single Frame TLV EID Len Frag. Info. Tag Length DHCP Tag Length DATA > 255 octets DATA > 255 octets DATA EID Len Frag. Info. DATA EID Len Frag. Info. DATA TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center
Generic Encryption Container IE Concept In Single Frame EID Len Frag. Info. TLVs Encrypt. Info. Encrypt. Info. Tag Length Encrypted TLVs (may larger than 255 octets) DATA1 Encrypted TLVs DATA1 EID Len Frag. Info. Encrypted TLVs Tag Length DATA2 DATA2 EID Len Frag. Info. Encrypted TLVs TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center