1 / 6

Paul A. Lambert

Enabling Encryption in Hotspots by Decoupling the Privacy Field from the RSN Information Element. Paul A. Lambert. Privacy Field Current Usage. Current specification requires the “Privacy Field” in the IE to always be set when there is an RSN IE: 7.3.1.4 Capability Information field

gordonhenderson
Download Presentation

Paul A. Lambert

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enabling Encryption in Hotspots by Decoupling the Privacy Field from the RSN Information Element Paul A. Lambert Paul Lambert, Airgo Networks

  2. Privacy Field Current Usage • Current specification requires the “Privacy Field” in the IE to always be set when there is an RSN IE: 7.3.1.4 Capability Information field STAs (including APs) that include the RSN IE in beacons and probe responses shall set the Privacy subfield to 1 in any frame that includes it. 7.3.2.17 ...A STA sets the Privacy bit set in the same way as WEP. Paul Lambert, Airgo Networks

  3. Background • “Privacy Field/Bit” is the legacy WEP encryption negotiation • RSN IE is the new cipher suite negotiation • Setting Privacy Field on with RSN forces all legacy (WEP) devices to only use WEP if they are not RSN capable Paul Lambert, Airgo Networks

  4. What’s Wrong with Always Setting the Privacy Field • A client STA may not always have a key! • Hotspot example: • “New users’ will never have existing keys or credentials and must join with no authentication or encryption • It would be desirable to encrypt the traffic of users (over the same AP) that have credentials. • Since the Privacy bit must be set for RSN, there can be no RSN security and all users must have no encryption. Paul Lambert, Airgo Networks

  5. Privacy Field Recommendations • Make WEP/legacy negotiation be independent from RSN IE negotiation • Allow mixed mode traffic (encrypted an non-encrypted) • Mixed mode (encrypted/unencrypted) need not be insecure since traffic can be segregated at the AP (e.g. VLAN tags) Paul Lambert, Airgo Networks

  6. Motion • Replace the first paragraph in section "7.3.1.4 Capability Information field” with: "STAs (including APs) that include the RSN IE in beacons and probe responses may set the Privacy Subfield to 0 or 1 independent of the RSN IE. STAs that are only IEEE 802.11 1999 compatible will not recognize the RSN IE and will continue to use the Privacy Subfield to determine if the WEP algorithm must be used." Paul Lambert, Airgo Networks

More Related