Context blockleasing
1 / 11

Context BlockLeasing - PowerPoint PPT Presentation

  • Uploaded on

Context BlockLeasing. Martin Lefkowitz, Texas Instruments. Context Block Leasing Definition. A mechanism to facilitate fast handoff The STA “pushes” the Security Information to the new AP before association.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Context BlockLeasing' - kalani

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Context blockleasing

Context BlockLeasing

Martin Lefkowitz, Texas Instruments

Martin Lefkowitz, Texas Instruments

Context block leasing definition
Context Block Leasing Definition

  • A mechanism to facilitate fast handoff

  • The STA “pushes” the Security Information to the new AP before association.

    • The Old AP sends the Security Information to the New AP based on the STA’s request while it is still associated with the Old AP

Martin Lefkowitz, Texas Instruments

Context block leasing benefits
Context Block Leasing Benefits

  • Context Block Leasing is an incremental step over Current TGi key Key derivation.

  • Relies on TGf, with some modifications

  • Uses the security of the current association, as well as AP to AP TBD security.

  • No new protocol requirements on STA during scan.

  • No new protocol requirements on AP accepting unicast traffic from a unassociated STA

Martin Lefkowitz, Texas Instruments

Context block leasing benefits continued
Context Block Leasing Benefits Continued

  • Does not require any new centralized entity, to perform fast handoff.

  • Does not matter whether the STA is sends an Associate or Reassociate message to the new AP.

  • STA may use security policy of new AP candidate in roaming selection

Martin Lefkowitz, Texas Instruments

Context block leasing overview
Context Block Leasing Overview

  • When a STA associates an DMK is generated to encrypt current traffic.

  • A second “transfer” DMK is generated.

    • Roaming consideration at Santa Barbara.

  • After a Scan an Associated and Authenticated STA may decide to tell the AP to send it’s transfer DMK as a context block to another AP for a specific amount of time.

    • Time related to STA manufacturer’s roaming and scanning algorithm (~15 seconds * 2)

  • AP’s verify credentials, then the transfer DMK is passed from the old AP to new AP using the Context Block of TGf.

Martin Lefkowitz, Texas Instruments

Context block leasing overview cont
Context Block Leasing Overview Cont.

  • Potential New APs sends confirmation back to Current AP.

    • Potential New AP has the option of denying the lease.

      • Potential new AP may not have the resources to keep the context block for the period of time specified in the message

      • Potential New AP may not support Context Leasing.

      • Potential New AP fails security check.

  • Current AP sends back results to STA.

    • STA uses results in it’s roaming decision.

      • The STA may decide to roam to a less desirable signal strength, but more desirable security policy.

Martin Lefkowitz, Texas Instruments

Context block leasing does not
Context Block Leasing Does Not:

  • Negate the need for New AP to “pull” Security context from old AP.

    • STA’s can abruptly disassocate at any time

      • before Context Lease process has started or finished.

      • Best, or only, AP candidate may deny lease.

    • To facilitate fast handoff in any fashion the Reassociate message must be used.

  • Confine the key handoff or secure roaming algorithm.

Martin Lefkowitz, Texas Instruments

Implementation overview
Implementation Overview

  • STA scans and finds best possible candidate(s) to roam to.

  • STA sends context lease request message with destination of RSN enabled AP.

    • Containing:

      • Mac Address of AP Candidate

      • Context Lease Time

Martin Lefkowitz, Texas Instruments

What needs to be done
What Needs to Be Done?

  • New Messages defined between AP and STA for context Lease.

    • Management?

    • Data?

    • Time limitations for context lease

  • New Messages need to be defined in TGf to support Context Leasing

  • Ensure that TGf maintains the level of security required via lobbying for modifications where necessary

Martin Lefkowitz, Texas Instruments

Discussion questions

  • Preshared security context for non radius installations?

  • AP to STA Context lease communication

    • Management or Data messages?

  • How secure is key handoff?

    • Can this fit into other secure roaming schemes?

Martin Lefkowitz, Texas Instruments