1 / 21

2004-0 6 - 28 IEEE C802.20-04/ 62

2004-0 6 - 28 IEEE C802.20-04/ 62. 2004-0 6 - 28 IEEE C802.20-04/ XX. What this presentation is about:. The previous contributions to MBWA on security The way the security of MBWA is perceived by a newbie

Download Presentation

2004-0 6 - 28 IEEE C802.20-04/ 62

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 2004-06-28 IEEE C802.20-04/62

  2. 2004-06-28 IEEE C802.20-04/XX What this presentation is about: • The previous contributions to MBWA on security • The way the security of MBWA is perceived by a newbie • How security could/should be handled by MBWA

  3. 2004-06-28 IEEE C802.20-04/XX What this presentation is not about: • The state of the art on the security for wireless communication technologies

  4. 2004-06-28 IEEE C802.20-04/XX Caveat (1/2) • When you listen to a presentation on security: be paranoid and use your brain! • Never trust a speaker that is not recognized as a security expert, for instance, do not trust this presentation ;-) • Even if the speaker is recognized as a security expert, make sure there are no misunderstandings with him and that his position reflects a consensus

  5. 2004-06-28 IEEE C802.20-04/XX Caveat (2/2) • This presentation is not made by: • A security expert • A networking expert • An IEEE 802 expert • Feel free to correct or interrupt!

  6. 2004-06-28 IEEE C802.20-04/XX The security contributions to 802.20 so far (1/2) • IEEE C802.20-03/06&07 - Wireless Security Threats • A tentative threat model and some solutions? • IEEE C802.0-03/21 - Distributed Security Proposal Certicom • Distributed vs. Centralized security architecture • IEEE C802.20-03/74&88 - An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption • Physical layer encryption

  7. 2004-06-28 IEEE C802.20-04/XX The security contributions to 802.20 so far (2/2) • IEEE C802.20-04/09 - DoD Wireless Security Requirements for Sensitive but Unclassified information • Prompting 802.20 to meet US DoD requirements • IEEE C802.20-04/41- IEEE 802.20 MBWA Security Architecture • Security Requirements and proposed solutions • IEEE C802.20-04/56r1 - On Security Issues In Wireless Communications Systems • Selection of cryptographic primitives (AES and/or RC4)

  8. 2004-06-28 IEEE C802.20-04/XX The way 802.20 security is perceived by a newbie (1/5) • The PAR: • « Security Support AES (Advanced Encryption Standard) » • The 802.20 requirements document: • « 4.1.11 Network Security • Network security in MBWA systems shall protect the service provider from theft of service, the user’s privacy and mitigate against denial of service attacks. Provision shall be made for authentication of both base station and mobile terminal, for privacy, and for data integrity consistent with the best current commercial practice. 802.20 security is expected to be a partial solution complemented by end-to-end solutions at higher protocol layers such as EAP, TLS, SSL, IPSec, etc. »

  9. 2004-06-28 IEEE C802.20-04/XX The way 802.20 security is perceived by a newbie (2/5) • The 802.20 requirements document (continued): • «  • 4.1.11.1 Access Control • Access control shall be provided using a cryptographic method. • 4.1.11.2 Privacy Methods • A method that will provide message integrity across the air interface to protect user data traffic, as well as signaling messages from unauthorized modification will be specified. • Encryption across the air interface to protect user data traffic, as well as signaling messages, from unauthorized disclosure will be incorporated. • 4.1.11.3 User Privacy • The system will prevent the unauthorized disclosure of the user identity. »

  10. 2004-06-28 IEEE C802.20-04/XX The way 802.20 security is perceived by a newbie (3/5) • The 802.20 requirements document (continued): • «  • 4.1.11.4 Denial of Service Attacks • It shall be possible to prevent replay attacks by minimizing the likelihood that authentication signatures are reused. • It shall be possible to provide protection against Denial of Service (DOS) attacks. • 4.1.11.5 Security Algorithm • The authentication and encryption algorithms shall be publicly available on a fair and non-discriminatory basis. • National or international standards bodies shall have approved the algorithms. • The algorithms shall have been extensively analysed by the cryptographic community to resist all currently known attacks. »

  11. 2004-06-28 IEEE C802.20-04/XX The way 802.20 security is perceived by a newbie (4/5) • The security contributions • A collection of motley documents: • Large tutorials vs. concrete propositions • Correct vs. Incorrect assertions* • Low level vs. High level preoccupations * The latter is really a major concern!!!

  12. 2004-06-28 IEEE C802.20-04/XX The way 802.20 security is perceived by a newbie (5/5) • Yet another standard that does not take into account: • The lessons of the past? • IPsec (http://www.schneier.com/paper-ipsec.html*) • IEEE 802.11 (http://www.drizzle.com/~aboba/IEEE/wep-draft.zip*) • The work that is going/has gone on elsewhere? • IEEE 802.1AE&AF (http://www.ieee802.org/1/pages/802.1ae.html) • IEEE 802.16&IEEE 802.11i… * among others

  13. 2004-06-28 IEEE C802.20-04/XX How security could/should be handled by MBWA • Further refine the security requirements so that they can fed as unique input to security experts, in an ad-hoc group? • Organize the security experts group that will be fed the input requirements and the proposed solution outputs? • Keep up the good work and the positive attitude demonstrated so far towards security , e.g. • Taking security into account right from the start • Requiring « standard » and public security solutions

  14. 2004-06-28 IEEE C802.20-04/XX Example questions to be discussed (1/7) • What is the target architecture? • Ad-hoc networks, e.g. IBSS in 802.11 jargon (only STAs) • Infrastructure networks, e.g. BSS in 802.11 jargon (STAs communicating thanks to an AP) • What is the time-line for 802.20? • Tentative answer in IEEE C802.20-04/59 • Necessary if 802.20 wishes to reuse security standards that are not yet finished like .1ae&.1af

  15. 2004-06-28 IEEE C802.20-04/XX Example questions to be discussed (2/7) • How much flexibility in the security? • Supporting many cipher suites and versions • Expected performances of the cryptographic&security algorithms: • Latency, Throughput, Resource consumption (on which devices?) • Ease of deployment&ease of use

  16. Example questions to be discussed (3/7) • Placement of the of the security sublayer and interface to it • Where does the security sublayer fit in? • Below the MAC, at the PHY? C802.20-03/74&88 • Just below LLC? – see e.g. IEEE 802.10-1998* • Integrated to the MAC? • Which frames shall be protected? • Data • Control • Management • Which different types of protection will be available? • Confidentiality and Integrity/Replay protection • Only Integrity/Replay protection *withdrawn standard

  17. Example questions to be discussed (4/7) • Broadcast/multicast handling • Many ways to secure this trafic: how to compare them: • Bandwidth consumption • Resource requirements • Security/Functional issues (e.g., synchronization) • Handover impacts • Delay possibly added to handover by security • Various ways to deal with this (architectural, protocolary,…)

  18. Example questions to be discussed (5/7) • Security architecture: « . 802.20 security is expected to be a partial solution complemented by end-to-end solutions at higher protocol » • To what extent is the solution partial? • Denial of service attacks • Be prepared to much discussion on what is a serious DoS attack and what is not • Anyway, there still is the bovine jamming attack

  19. Example questions to be discussed (6/7) • Identity protection: « system will prevent the unauthorized disclosure of the user identity » • Current wording allows protocol that prompt authorized disclosure of identity ;-) • Anyway what is the user’s identity? • MAC address? See the debate on this in 802.1 Link Sec • Other, e.g., NAI for EAP? • How many bytes per frame can be sent on security? • Security typically needs a Nonce, a MIC tag, a SPI… • Can be problematic, see discussions between 802.1ae and 802.3ah!

  20. Example questions to be discussed (7/7) • Random numbers vs. Counters/timestamps • Any preference? • Key management is currently not evoked in the requirements document !  • It MUST be included with the corresponding requirements… • What are the requirements on a key management scheme?

  21. 2004-06-28 IEEE C802.20-04/XX Questions?

More Related