1 / 21

Next Generation Security for 802.11

Next Generation Security for 802.11. What is 21 st Century Security? 802.11 Responsibilities VOIP/VoWLAN Reality Identity Solutions 802.11 Architecture. What is Security?. Security comes from certainty about "Who, What, Where, When, How and Why".

moesha
Download Presentation

Next Generation Security for 802.11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next Generation Security for 802.11 • What is 21st Century Security? • 802.11 Responsibilities • VOIP/VoWLAN Reality • Identity Solutions • 802.11 Architecture

  2. What is Security? Security comes from certainty about "Who, What, Where, When, How and Why". Whatever adds to that certainty increases security, and whatever obscures that certainty decreases security. Certainty is about knowing the neighborhood, including identity, the regulatory domains, location, and surrounding equipment.

  3. Today’s 802.11 Wireless Security Low Quality X High Quality X Insecure on WLAN Secure on WLAN X Insecure on non-802.11 Secure on non-802.11 Fear Knowledge Near Future 802.11 Wireless Security (w 11k, 11n, 11r, 11s, 11u, 11w, 11y, 11z) X High Quality Low Quality X Secure on WLAN Insecure on WLAN X Secure on non-802.11 Insecure on non-802.11 Tomorrow’s Security (for P2P VOIP) X Low Quality High Quality X Insecure on WLAN Secure on WLAN X Insecure on non-802.11 Secure on non-802.11

  4. Shared medium (all wireless in regulatory domains) Identity Assurance Location Knowledge with Location Privacy Transition from Fear to Safety Assurance From Spoofing to Identity Protection Uncertainty Protection and Minor Risk Acceptance Weapons of Internet Offense and Defense Reliability Assurance (protection from DOS attacks) 21st Century Security

  5. Leading network standard (11ma, 11k,11n,11r, 11s, 11T, 11u, 11v, 11w, 11y, and 11z) Should be primary to deliver mobility/identity/location privacy/identity protection/uncertainty protection/independent from 802.3 and the Internet Reliability assurance during handoffs (11k and 11r) How 802.11 Fits in 21st Century Security

  6. 802.11 leadership in an unwired world Independence from previous wired thought VoWLAN – 802.11 issues (QoS, DOS, etc) Transition from ESS to P2P Enabling seamless secure wireless to wired (P2P as in VoWLAN) Enabling identity-based security wireless to wired (P2P as in VoWLAN) 802.11 Responsibilities

  7. 802.11 secure wireless (WPA and RSN) Transition to the wired network insecure AP is the source of the transition to the wired 802.11 Leadership

  8. Security for wireless enough Applications must handle their own security Not the responsibility of the wireless realm 802.11 in prime position to solve the problem Previous Thought

  9. Security end-to-end will require IEEE 802.11 protocols (mobility and identity) VoWLAN will change the world IETF security not enough (HIP part of SMA) Transition to new thinking about Internet security (P2P) 802.11 should step up to new thinking Future Thinking

  10. 11u VoWLAN projects ENUM ECRIT 11e/WMM discrepancies Not adequate for widespread VoWLAN Failure of the QSE proposed 802.11 work 802.11 security only addresses ESS Must address wireless to wired security VoWLAN - 802.11 Issues

  11. VOIP Reality • VOIP will operate over both wired and wireless • SIP reality is over both wired and wireless • Secure communications is BSS/ESS and VPN (not secure past the VPN server) • VOIP to demand secure voice comm • IETF working on securing P2P (P2PSIP)

  12. VoWLAN entering the BSS and ESS via wire VOIP requiring peer-to-peer or end-to-end secure voice communications 802.11 must have an end-to-end and peer-to-peer transition and handoff solution VoWLAN Reality

  13. End-to-End/Peer-to-Peer • Tunnels • SSL • SIP/HIP (Host Identity Protocol)

  14. Naming and Addressing IP Addresses vulnerable MAC addresses vulnerable PKI Identity-based security associations OK IETF Middlebox Capabilities Potential Solution: AP must have middlebox features HIP Middlebox possibilities or SSL Tunnel Handoffs Transition from ESS to P2P

  15. Possible Solutions HIP Secure Tunnels Security Solutions IPv6/MIPv6 Identity Based HIP 802.1x Enabling Secure P2P – Wired and Wireless

  16. HIP Cryptographic Names/Identifiers Security Associations HIP-enabled communications Parity Need ongoing parity Overlap in BSS Changing keys by symbol Identity-Based P2P

  17. VPN HTTP PROXY SMA Big Picture AP Middlebox AP Middlebox SCADAnet Plane Overlay Network Cellular WiMAX WiMAX Subnet Cell Subnet Subnet A Intranet Plane Subnet B VPN Internet Plane HIP MB

  18. AP AP Router AP AP … … AP AP Boeing 2007 SMA/HIP Implementation Boeing Intranet AAAServer Boeing PKI Msg Brkr Msg Brkr WiFi Switch WiFi Switch Robots Directory Directory TempCert RA TempCert RA HIP SA DNS DNS LPDD LPDD Robot Controller LocationServer LocationServer HIP SA SMAx VOIP smaX HIP SA DNS Namespace: mobile.tl.boeing.com HIP SA HIP SA HIP SA HIP SA HIP SA Smamobiles VOIP HIP SA smamobiles Cellular Smamobile Internet

  19. AP Middlebox HIP Names/Identifiers Security Associations HIP-enabled communications Rendezvous Server Tunnels + AP Middlebox

  20. Do Nothing Concede an 802.1 P2P enhancement 802.11 SG on P2P 802.11 enhancements 802.11 SG on NG security 11u address P2P in amendment 11u address VoWLAN in E911 Combination of 802.1 and 802.11 802.11 Possibilities

  21. Q&A

More Related