140 likes | 267 Views
Authentication and Key Management of MP with multiple radios. Date: 2008-03-14. Authors:. Abstract. This presentation states the secure association setup problem when the MP with multiple radios joins into the mesh network. Agenda. Problem Statement Suggestions.
E N D
Authentication and Key Management of MP with multiple radios Date: 2008-03-14 Authors: Charles Fan,Amy Zhang, Huawei
Abstract This presentation states the secure association setup problem when the MP with multiple radios joins into the mesh network. Charles Fan,Amy Zhang, Huawei
Agenda • Problem Statement • Suggestions Charles Fan,Amy Zhang, Huawei
Current Secure association setup mechanism Supplicant Mesh Authenticator Step2: • Authenticate with AS through MKD • Build the root of trust, i.e., MSK/PSK. • Key derivation mechanism • Derive PMK-MKD to distribute session keys between MPs. • Derive MKDK to establish secure link between MP and MKD. Step1: Authentication Method & Role & Key Management type Negotiation Probe/Beacon Peer Link Management Step2:Authentication through MKD & The key hierarchy setup Initial Authentication if needed Step3: PTK/GTK distribution 4-Wayhandshaketobuildsessionkeys Securecommunication Charles Fan,Amy Zhang, Huawei
Link Security Branch Key Distribution branch MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) PMK-MKD MKDK Held byMKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) PMK-MA Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) MPTK-KD Held & Derived bySupplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) PTK 802.11s Key Hierarchy • According to the current Key derivation mechanism • There will be multiple PMK-MKDs and MKDKs when the multiple radios MPs join the mesh network, because theMPs should have to use different SPA corresponding to different radio to differ the radios in order to derive PMK-MKD and MKDK. • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) • Multiple initial authentication procedures should have to be launched. Charles Fan,Amy Zhang, Huawei
Disadvantages of multiple authentications • Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. • The authentication credential may be used by multiple MPs simultaneously. • Increase the air cost overhead when launching multiple times initial authentication Charles Fan,Amy Zhang, Huawei
Agenda • Problem Statement • Suggestions Charles Fan,Amy Zhang, Huawei
Solution Requirements • The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. • Authentication credential is issued one per device • Authenticate the device to produce trust credential secrecy • Doesn’t rely on the concrete authentication credential and authentication methods • Different radio in the same MP should use different session key. • Distribute keys for radios of the device through One time initial authentication procedure • Follow the 802.11s security requirements • Authentication process is to build the root of trust relationship and authorize the device to use the trust credential; such as MSK etc • The key management has to work at the MAC layer • The SAs has to be tied to the MAC addresses • Less modification, more better Charles Fan,Amy Zhang, Huawei
MA MKD AS Sup MP 1. EAPOL-Start 2. EAPOL (EAP-Request Identity) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 4. Mesh EAP encapsulation (EAP-Response Identity) 6. EAP-specific (mutual) authentication 7. EAP Transport (EAP-Success, MSK) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP-Response AcceptPMK-MA) 9. EAPOL (EAP-Success) Possible solution • Only one PMK-MKD and one MKDK for an MP, shared by all the radios • Introduce device ID which can only identify the MP, i.e., prime address • Using the Dev_ID instead of SPA when deriving MeshTopLevelKeyData • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, Dev_ID) • No modification to the derivation formulas of the PMK-MA, PTK and MPTK-KD • Different Session Keys is derived for different radios • The SPA is the communication radio’s MAC address of the MPs • No modification of the 4-way handshake. Charles Fan,Amy Zhang, Huawei
Mesh key holder security handshake Modification • The MKDK is indexed the MA_ID in the MKD according to the current mechanism • The transmission address of handshake message 1 • It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID • Using the MKDKName to index the MKDK to establish secure association between MP and MKD. Charles Fan,Amy Zhang, Huawei
Mesh key holder security handshake Modification • The MKDK is indexed the MA_ID in the MKD according to the current mechanism • The transmission address of handshake message 1 • It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID • Using the MKDKName to index the MKDK to establish secure association between MP and MKD. Charles Fan,Amy Zhang, Huawei
Straw Poll • Would you like to use Dev_ID for deriving PMK-MKDs and MKDKs to enhance the authentication procedure of multiple radios MPs? • Yes No Charles Fan,Amy Zhang, Huawei
Reference • Draft_P802.11s_D1.09 Charles Fan,Amy Zhang, Huawei
MKD MP MP MP 1 , MANonce , MA - ID MKD - ID MKDKName , , 1 , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName 2 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , 2 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , MIC 3 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , 3 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , MIC 4 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , MIC 4 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , Back Up • The radios can use MIC to prove its legality • To MKD when doing the Mesh key holder security handshake • ONLY the authorized device have the MPTK-KD to compute the MIC. • To other MPs when doing the 4-Way handshake • ONLY the authorized device have the AKCK derived from PMK-MA to compute the MIC. a. Mesh key holder security handshake b. 4-Way handshake Charles Fan,Amy Zhang, Huawei