1 / 7

Secure Moderated Random MAC Addresses

This study group submission explores a protocol for securely moderating random MAC addresses in local scope, addressing the issues of address collisions and potential attacks. The protocol involves client moderation, digital signing of address requests, and secure exchange using ECDH.

delreal
Download Presentation

Secure Moderated Random MAC Addresses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robert Moskowitz, Verizon Project: IEEE 802 EC Privacy Recommendation Study Group Submission Title: Secure Moderated Random MAC Addresses Date Submitted: Dec 10, 2014 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) 968-9809, e-mail: rgm@labs.htt-consult.com Re: KMP TG9 Closing Report for Sept 2014 Session Abstract: Secure Moderated Random MAC Addresses Purpose: To Securely Moderate Random MAC Addresses Notice: This document has been prepared to assist the IEEE P802 EC. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802 EC.

  2. Robert Moskowitz, Verizon Conference Call Dec 10, 2014 Secure Moderated Random MAC Addresses

  3. Robert Moskowitz, Verizon Problem Statement • Free for all in Local Scope MAC address space • Randomized address selection has no method of dealing with collisions • Even if full 46 bits remain available • 802 architecture calls out for use of an address moderator if Local Scope is used • A moderator should introduce yet another attack point

  4. Robert Moskowitz, Verizon A simple Moderator Protocol • Client informs moderator of MAC address it will use • Moderator either accepts or rejects • What constitutes a reject. • How does the moderator know? • No way for Moderator to recognize duplicates • Sounds a bit like DHCP

  5. Robert Moskowitz, Verizon And crypto signing of request • The client can digitally sign the address request • The moderator can now recognize different clients using the same address and reject the late-comer • But what design won't add yet another attack point? • Replay attacks for signed requests • Resource attacks against the crypto operations • Probably more

  6. Robert Moskowitz, Verizon A simple secure exchange • Use ECDH • Moderator BEACONs its ECDH key • Client derives address from its ECDH key • Client MICs its request with ECDH shared secret • Including ECDH key • Moderator ACK/NAKs request • MICed with ECDH shared secret • Fits well within 802.11 BEACON/ASSOCIATE mechanism • Fits well within DHCP • Devil is in the Details

  7. Robert Moskowitz, Verizon DISCUSSION

More Related