1 / 17

Higher Layer Setup Ad-hoc Summary

Higher Layer Setup Ad-hoc Summary. Authors:. Date: 2013-01-15. Abstract. This document is the summary of higher layer setup ad-hoc held on Tue. PM2, Wed. PM1 and Thu. AM1. FILS Authentication/Association ( D0.3). STA. AP. Authentication. Key Derivation. Authentication. Key Derivation.

zaza
Download Presentation

Higher Layer Setup Ad-hoc Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Higher Layer Setup Ad-hoc Summary Authors: Date: 2013-01-15 Hitoshi Morioka, Allied Telesis R&D Center

  2. Abstract This document is the summary of higher layer setup ad-hoc held on Tue. PM2, Wed. PM1 and Thu. AM1. Hitoshi Morioka, Allied Telesis R&D Center

  3. FILS Authentication/Association (D0.3) STA AP Authentication Key Derivation Authentication Key Derivation Association Request Key Confirmation Part of the Frame is Encrypted Association Response Hitoshi Morioka, Allied Telesis R&D Center

  4. Encryption Part in Assoc. Req./Resp. in D0.3 MAC Header Capability IEs FILS Session IE IEs All IEs following FILS Session IE shall be encrypted. FCS Hitoshi Morioka, Allied Telesis R&D Center

  5. Problem Description • Draft 0.2, section 11.11.2.4 says: • “The input ciphertext shall be the contents of the Association Response frame that follow the FILS Session element” • What does it mean? • All vendor specific IEs will need to be encrypted • All IEs added in the future will need to be encrypted • We should remain the ability to add unencrypted IE in the future.

  6. Proposal • Define a new IE in Association Req/Resp that can be used to carry a set of TLVs (that include higher layer information etc.) • Will need the ability to encrypt the content • Will need the ability to fragment the content • Because • Higher Layer Information shall be protected. • Higher Layer Information is larger than 255 octets.

  7. Encryption Part in Assoc. Req./Resp. of the Proposal D0.3 Proposal MAC Header MAC Header Capability Capability IEs IEs FILS Session IE Secure Container IE(s) FILS Session IE Only the Secure Container IE(s) is(are) encrypted. IEs IEs (future IEs and Vendor Specific IEs) FCS FCS Hitoshi Morioka, Allied Telesis R&D Center

  8. Secure Container IE Concept Encryption Algorithm selector etc… In a Single Frame EID Len Frag. Info. TLVs Encrypt. Info. Encrypt. Info. Tag Length Encrypted TLVs (may larger than 255 octets) DATA1 Encrypted TLVs DATA1 EID Len Frag. Info. Encrypted TLVs Tag Length DATA2 DATA2 EID Len Frag. Info. Encrypted TLVs TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center

  9. More Requirements • The following information MUST be authenticated • BSSID • STA’s MAC Address • AP Nonce • STA Nonce • Capability field • All IEs Hitoshi Morioka, Allied Telesis R&D Center

  10. Detailed Encryption Sequence (1) EID Len Frag. Info. Tag Length Tag Length Encrypt. Info. DATA1 DATA1 DATA1 Encrypted TLVs EID Len Frag. Info. Encrypted TLVs Tag Length Tag Length DATA2 DATA2 DATA2 EID Len Frag. Info. Encrypted TLVs STEP 1: Construct TLVs for each data. STEP 2: Concatinate all TLVs to a single bundle. STEP 3a: Compute the final IE headers (EID, Length, Frag. Info. and Encrypt Info.). To STEP 3b (next slide) Hitoshi Morioka, Allied Telesis R&D Center

  11. Detailed Encryption Sequence (2) Encrypt. Info. MAC Header EID Len Frag. Info. Encrypted TLVs (may larger than 255 octets) Encrypt. Info. Capability Encrypted TLVs IEs EID Len Frag. Info. Encrypted TLVs Secure Container IE(s) EID Len Frag. Info. Encrypted TLVs STEP 3b: Encrypt the TLVs. Key: KEK2 Plaintext: TLVs AAD: BSSID, STA addr, AP Nonce, STA Nonce, Capability, IEs (not to encrypt), IE headers computed in STEP 3a. Nonce: (AP->STA) 0, (STA->AP) 1 STEP 4: Fragment the encrypted TLVs. Confirm the headers are same as computed in STEP 3a. IEs (future IEs and Vendor Specific IEs) FCS STEP 5: Prepare the frame to transmit. Hitoshi Morioka, Allied Telesis R&D Center

  12. Straw poll • Do you supportto change the encryption portion of Association Request/Response frame as described in this slide? • Result • Yes: • No: • Need more info: • Don’t Care: Hitoshi Morioka, Allied Telesis R&D Center

  13. Backup Hitoshi Morioka, Allied Telesis R&D Center

  14. Straw poll 1 • Do you support to modify the encryption of Association Request/Response? • Result (Y/N/A): 10/2/24 Hitoshi Morioka, Allied Telesis R&D Center

  15. Straw poll 2 • Do you support to create container IE for encryption and fragmentation? • Result (Y/N/Need more info): 8/2/24 Hitoshi Morioka, Allied Telesis R&D Center

  16. Generic Fragmentation Container IE Concept Single IE CANNOT carry data larger than 255 octets. So we’d like to provide generic framework for large data. In Single Frame TLV EID Len Frag. Info. Tag Length DHCP Tag Length DATA > 255 octets DATA > 255 octets DATA EID Len Frag. Info. DATA EID Len Frag. Info. DATA TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center

  17. Generic Encryption Container IE Concept In Single Frame EID Len Frag. Info. TLVs Encrypt. Info. Encrypt. Info. Tag Length Encrypted TLVs (may larger than 255 octets) DATA1 Encrypted TLVs DATA1 EID Len Frag. Info. Encrypted TLVs Tag Length DATA2 DATA2 EID Len Frag. Info. Encrypted TLVs TLV is not IE. Length field is 2 octets to accommodate large data. Fragment into Container IEs. Hitoshi Morioka, Allied Telesis R&D Center

More Related