160 likes | 345 Views
802.11s Security Proposal. Robert Moskowitz ICSALabs a Division of TruSecure Corporation. Topics. Mesh Assumptions Mesh security Risks A Security view of a Mesh Two Security Models for a Mesh Not 100% thought out!. Mesh Assumptions. An 802.11s mesh consists of both APs and STAs
E N D
802.11s Security Proposal Robert Moskowitz ICSALabs a Division of TruSecure Corporation Robert Moskowitz, ICSAlabs
Topics • Mesh Assumptions • Mesh security Risks • A Security view of a Mesh • Two Security Models for a Mesh • Not 100% thought out! Robert Moskowitz, ICSAlabs
Mesh Assumptions • An 802.11s mesh consists of both APs and STAs • Per 802.11, an AP is a STA with additional functions • A mesh is a single IEEE 802 LAN • As defined in ISO/IEC 15802-1 • The 802 LAN does not extend beyond the mesh • Not sure this is necessary, but impacts Security Robert Moskowitz, ICSAlabs
Mesh Security Risks • Only designated STAs are APs • AP control traffic is secure from non-AP STAs • Broadcast/Multicast traffic is encrypted only once for the mesh • Unicast traffic is secure between STAs • Fast key establishment Robert Moskowitz, ICSAlabs
A Security View of a Mesh • Connectivity Association (CA): The relationship between peer entities that allows them to communicate. An ESS provides a CA between STAs. • SCA is a Secured CA. Robert Moskowitz, ICSAlabs
A Security View of a Mesh • Secure Channel (SC): A security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others • There are N SCs within an SCA. • SCs are unidirectional • All the SCs together in a CA define the SCA • An optional Security Association (SA) provides security guarantees for frames transmitted from one member of a CA to another member. Robert Moskowitz, ICSAlabs
SCA SCB SCC SCD CA = Secure Connection Association SCi= Secure Channel from Station (I) to all stations on CA SAij = Security Association Station (i) to Station (j) B CAabcd A C D Robert Moskowitz, ICSAlabs
A Security View of a Mesh SCA risks Without the optional SAs, any STA can spoof another STA within the SCA And this is an N*(N-1) problem Broadcast/Multicast traffic can always be spoofed within an SCA Cost of scaling Potential large number of keys to track Robert Moskowitz, ICSAlabs
A Security View of a Mesh • A STA has multiple Secure Channels and one Unsecure Channel • The Unsecure Channel is for passing security establishment traffic • An ESS can support multiple SCAs If And Only If there is a way to MUX the SCAs below the MAC security service. • Even with MUXing there is one Unsecure Channel Robert Moskowitz, ICSAlabs
Model #1 for a Mesh • Define 2 SCAs • One for APs • 32 SCs • 32*31 SAs - but just 31 subentries under each SC • One for all STAs (including APs) • Requires MUXing to distinguish AP control frames from general frames Robert Moskowitz, ICSAlabs
Model #1 for a Mesh • Benefits • No Key management costs after AP or STA has joined the mesh • Security-Free mobility • No Decryption/Encryption of any frames within mesh for forwarding • Costs • Potentially complex authentication model • Every STA authenticated to all other STAs • Many keys to manage • Actually not hard to create Robert Moskowitz, ICSAlabs
Model #2 for a Mesh • For N STAs define N+1 SCAs • One for APs • Same as in Model #1 • One SCA per STA • Consisting of STA and all APs • Requires MUXing to distinguish AP control frames from general frames and one STAs frames from other STAs Robert Moskowitz, ICSAlabs
Model #2 for a Mesh • Benefits • Simpler authentication model • STAs only authenticated to APs • No Key management costs after AP or STA has joined the mesh • Security-Free mobility • Fewer keys to manage than in Model #1 • Costs • STA-STA traffic de/re encrypted by last AP in chain • No STA-STA confidentially • Broadcast traffic de/re encrypted by each AP for all STAs Robert Moskowitz, ICSAlabs
Questions! • LOTS of work still to do Robert Moskowitz, ICSAlabs