1 / 11

Extended Keymap ID

Explore a comprehensive guide on implementing an advanced encryption key mapping solution to optimize data security. Learn how to enhance encryption efficiency in broadcast and unicast traffic while ensuring robust network protection.

jknapp
Download Presentation

Extended Keymap ID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extended Keymap ID Martin Lefkowitz Trapeze Networks Martin Lefkowitz, Trapeze Networks

  2. Extended Keymap ID • Current Encryption key Technology • Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS per STA • Only 2 bits for 4 different key slots leaving a total of 4 keys per BSS for multicast/broadcast Martin Lefkowitz, Trapeze Networks

  3. What if? • We added a mechanism whereby we could use more than 4 keys per STA for either Unicast or Broadcast traffic. • A STA can receive secure multicast traffic based on application while still able to respond to multicast IP traffic like arp. Martin Lefkowitz, Trapeze Networks

  4. Why • Premium Subscriptions in the WISP, or carrier area • Pay Per view • Subscription broadcast data service • An Administrator can determine if errors are caused by configured events or unconfigured events. • A heterogenous environment can support multiple group keys for a more graceful transition to stronger encryption. Martin Lefkowitz, Trapeze Networks

  5. How • Add a field to the EAPOL Key Descriptor that indicates the value of the 12 bit field in the encryption header of the MPDU format. • 802.11 EAPOL Key messages have an 8 byte field that is reserved to zero. • 802.1x already has a Key ID f field that is used for multiple group keys. • Proposal is to make two of those bytes the Key ID fields Martin Lefkowitz, Trapeze Networks

  6. How • Assign some reserved bits in the encryption header to map a Key Id to a particular encryption key • There are 12 bits available between the key ID and TSC/IV fields of TKIP and CCMP • WRAP would need to change • WRAP needs to change anyway to be consistent with the other RSN modes. Martin Lefkowitz, Trapeze Networks

  7. How • Add Key Id field to MPDU format. • There are enough bits in the reserved field with 48 bit counter format • Noted Differences between CCMP and TKIP Martin Lefkowitz, Trapeze Networks

  8. TKIP MPDU Format • KID EX = Key ID Extension Martin Lefkowitz, Trapeze Networks

  9. CCMP MPDU Format Martin Lefkowitz, Trapeze Networks

  10. How • Add SNMP MIB: • dot11numKeymapID • Number of different key map IV a STA needs to keep track of. • dot11recievedFramesNoKeymap • Indicates how many frames a STA has received for which it did not have the keymap ID. • A normal situation. • Add appropriate logic to Pseudo code after the key has been looked up if that entry contains a key that is null discard the frame body and increment dot11WEPUndecryptableCount else if there is no key entry for keymap field in MPDU Increment dot11recievedFramesNoKeymap else attempt to decrypt with that key, incrementing dot11WEPICVErrorCount if the ICV check fails Martin Lefkowitz, Trapeze Networks

  11. Conclusion • Key IDs can be exended for both broadcast and unicast traffic with little change to the current SSN/TGI implementations Martin Lefkowitz, Trapeze Networks

More Related