40 likes | 178 Views
Discussion Points for 802.21 Security [Input to 802.1AF]. Security in the MAC is more about wireless than wired today Some (proposed) link events today have different qualities for wired vs. wireless worlds: Link up (wired link vs. wireless association completed (or open port?))
E N D
Discussion Points for 802.21 Security [Input to 802.1AF] • Security in the MAC is more about wireless than wired today • Some (proposed) link events today have different qualities for wired vs. wireless worlds: • Link up (wired link vs. wireless association completed (or open port?)) • Link down (wired no data vs. wireless beacons etc) • Link_Going_Up (wired not possible? vs. Port in the making / tentative association) • Link changed bandwidth (wired went from 100 to 10 vs. wireless slow man on channel?)) • Link changed mode (wired duplex transition vs. wireless ack to block ack?) • Some events are wireless only: • Link changed QoS (wireless HCCA to EDCA transition, wired ?) • Link_Quality_Crosses_Threshold (wireless signal quality, wired ?) • Better_Signal_Quality_AP_Available • Some events are the same for both wired and wireless: • Link_Going_Down • Trigger_Rollback
Discussion Points for 802.21 Security[Input to 802.1AF] • Some proposed link events could be asymmetric… • Link up (OPER up on one end only) • Link down (OPER down on one end only) • Link_Going_Up (OPER…) • Link_Quality_Crosses_Threshold (better antennae?) • Link_Going_Down (OPER…) • Better_Signal_Quality_AP_Available (sent one way only) • Might want to transmit any of these as status report from other end ? (Should there be remote registered client for push or pull model?) • … vs. the same on both ends of link • Link up (both ends fully plugged in, • Link down (failure of cable, one end fails) • Link changed bandwidth (negotiated) • Link changed mode (negotiated) • Link changed QoS (negotiated) • Trigger_Rollback (transmitted)
Discussion Points for 802.21 Security[input to 802.1AF] • Might want to report any of these locally up from L2 to registered client • Current local registration for link events identifies client, logical interface and particular event • Current local delivery of link events provides report of event occuring, sometimes a data value (never the source MAC) • Current local delivery of link events can be gated by OPER state • Source of link events is not authenticated or authorized by local delivery mechanism • No need for security?
Discussion Points for 802.21 Security[input to 802.1AF] Apply to transmitted signals or triggers (i.e. end to end). Generic threat analysis here due to lack of approved use cases. • DoS attacks • In wireless there is always PHY based DoS • So why spend energy preventing MAC based DoS • Protocol attacks • No new security protocols introduced, no increase in attacks • Association • Authentication • Heavyweight, only for association • Authorization • Heavyweight, only for association • Integrity • Relevant to wired side (yet less needed), not so on wireless? • Privacy / confidentiality • Must use existing encryption methods if used at all, due to scope; Hard to set up w/out latency inducing authentication