80 likes | 105 Views
Dynamic Generation of Password Identifier. Date: 2018-05-04. Authors:. Abstract. This submission provides a solution to dynamically generate Password ID. The submission also provides a solution to address LB232 CID 1056 and CID 1057. Agenda. Problem Statement Proposed Solutions
E N D
Dynamic Generation of Password Identifier Date: 2018-05-04 Authors: Emily Qi, et al
Abstract This submission provides a solution to dynamically generate Password ID. The submission also provides a solution to address LB232 CID 1056 and CID 1057. Emily Qi, et al
Agenda • Problem Statement • Proposed Solutions • Solution Details Emily Qi, et al
Problem Statements • Background • Password Identified was proposed in doc 18/0202r2, and adopted in TGmd D1.0 in the January meeting • However, it is not clear how password ID is distributed or derived. An out-of-band deliver method is assumed ? • Issues: • Usability limitation on entering the password ID offline - a new UI for typing Password ID is required. • The Password Identifier element is included in the unprotected authentication frame. It may violate the privacy of users (household). • For example, it exposes a group of devices and number of devices that are sharing the same password. Particularly, when these devices belongs to the same household (apartment) in an apartment building, it violates the privacy of users/residents Emily Qi, et al
Proposed Solution • Implicit Password ID advertisement • AP advertises “SALT” that can be used for password ID derivation. The SALT can be changed and the hacker is unable to track the password ID. • STAs use the SALT and password with hash algorithm to generate the Password ID • The Password ID is generated dynamically by the STA, without user intervention Emily Qi, et al
Solution Details • Define a new IE: Password Salt IE contains a 16-octet random number generated by the AP as “SALT” • Specify password ID derivation, For example: Password ID = Truncate-32(HMAC-SHA-256 (Password, Password Salt)) Emily Qi, et al
AP and STA’s behaviours • For AP • If AP supports dynamic generation of Password ID, AP shall include Password Salt IE in the Beacon and/or Probe Response frame. Otherwise, an out-of-band mechanism is assumed. • When a new Password Salt is advertised, AP will update its password ID database • For non-AP STA • During the authentication, the STA shall use the Password Salt received in the latest Beacon or Probe Response frame to calculate Password ID if the Password Salt IE is included in the frames. Emily Qi, et al
Backup Emily Qi, et al