1 / 5

Key Management [802.1af - Issues]

Key Management [802.1af - Issues]. 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute. 802.1af. This is a project of the 802.1 MAC Security Task Group. It is not an amendment to IEEE std 802.1X

lane-avery
Download Presentation

Key Management [802.1af - Issues]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Key Management[802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute

  2. 802.1af • This is a project of the 802.1 MAC Security Task Group. • It is not an amendment to IEEE std 802.1X • This standard need not extends 802.1X to establish security associations for 802.1ae MAC Security

  3. Authentication problem • Link security is between access point and access device • Authentication is between access point and access device, too. • In order to authenticate access device, we need not use 802.1x • We can use symmetric key encryption between access point and access device because of many reasonable reason. • And, we need symmetric key. Master key generating session keys must set before security process. • The confirm of Master key is authentication • This method is very simple, and low cost.

  4. Problems of 802.1x authentication • The use of IEEE Std 802.1X, already widespread and supported by multiple vendors, in additional applications. • This is just assumption. If not so • who assure that EAP message is relayed to authentication server? • we must implement 802.1x. • This is very complex, and high cost if we develop an low cost switch. • And we need an authentication server in case of absent • Supplicant, Authenticator, Authentication server state machine • For example, if there is a bridge, the bridge must have above all three state machines. Because bridge can be supplicant or authenticator or authentication server. • There is two security channel. One is for MAC security, the other is for key security • And, Need two configuration protocols for each, too • As you know, key security was made for MAC security.

  5. Authentication as the confirm of Master key • very simple • If encrypted message can be decrypt, the receiver can transmit ack message encrypted • Low cost • Need not authentication server • Need not KDC • Symmetric key is available for access point, access device • can get secured channel as only an authentication • Key exchange through the secured channel • need not get information such as certificate from upper layer. • Link security can be operated independently

More Related