1 / 8

PANA bootstrapping IEEE 802.11 security ( draft-marin-pana-ieee80211doti-00.txt)

PANA bootstrapping IEEE 802.11 security ( draft-marin-pana-ieee80211doti-00.txt). R. Marín-López Y.Ohba J.Bournelle. Objective of the work. The purpose of this I-D is to complement PANA framework in terms of 802.11i bootstrapping (PSK mode) by adding more details. Two cases are considered:

socorrod
Download Presentation

PANA bootstrapping IEEE 802.11 security ( draft-marin-pana-ieee80211doti-00.txt)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PANA bootstrapping IEEE 802.11 security(draft-marin-pana-ieee80211doti-00.txt) R. Marín-López Y.Ohba J.Bournelle IETF65 PANA WG

  2. Objective of the work • The purpose of this I-D is to complement PANA framework in terms of 802.11i bootstrapping (PSK mode) by adding more details. • Two cases are considered: • PANA over IEEE 802.1X Uncontrolled Port • PANA over non-RSN (open) Access Points IETF65 PANA WG

  3. PANA over 802.1XUncontrolled Port (Case 1) • IEEE 802.11i does not preclude to process restricted IP traffic over Uncontrolled Port. ARP, DHCP , IPv6 Neighbour Discovery and PANA. • This solution implies driver level modification: IP filter needs to be implemented in the Uncontrolled Port. IETF65 PANA WG

  4. PANA over non-RSN (open) AP (Case 2) IETF65 PANA WG

  5. PSK derivation & 4-way handshake • PSK = The first 32 bytes of PaC-EP-Master-Key • PSK’s lifetime is bounded to PaC-EP-Master-Key • When new PSK is installed in the AP, 4-way handshake is run immediately. (?¿) IETF65 PANA WG

  6. Capability Discovery • PANA Framework classifies access point as four types (a,b,c,d): • a) AP without IEEE 802.11i • b) AP with IEEE 802.11i using PSK mode bootstrapped from PANA • b1) PANA over Uncontrolled Port (Case 1) • b2) PANA over non-RSN AP (Case 2) • c) AP with IEEE 802.11i using native PSK mode • d) AP with IEEE 802.11i using 802.1X/EAP mode • Type b1 and b2 are newly added by this I-D to complement the classification in PANA framework I-D. • Type b1), b2) and c) are not distinguisable fromBeacon/Probe Response (PSK mode is announced in RSN IE). It leads PaC to associate and some cases to configure IP address and run PANA to discover them. IETF65 PANA WG

  7. 802.11i bootstrapping from PANA pre-authentication PAA PANA preauth PSK-1 PSK-2 IEEE 802.11i pre-authentication AP AP1 AP2 PaC PSK-1/PSK-2 IETF65 PANA WG

  8. Questions? • Should this I-D be a WG item? Informational? • ?? IETF65 PANA WG

More Related