Different mkd domain mps communication method
Download
1 / 10

Different MKD domain MPs communication method - PowerPoint PPT Presentation


  • 92 Views
  • Uploaded on

Different MKD domain MPs communication method. Authors:. Date: 2008-07-09. Abstract. CID#1069,1070 , 505 bring forward the problem that two neighbor MPs authenticated through different MKD node could NOT build a secure link

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Different MKD domain MPs communication method' - tejano


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Different mkd domain mps communication method
Different MKD domain MPs communication method

Authors:

Date: 2008-07-09

Changdong Fan, Amy Zhang, Huawei


Abstract
Abstract

CID#1069,1070 , 505 bring forward the problem that two neighbor MPs authenticated through different MKD node could NOT build a secure link

We present a method the distribute the keys for the two neighbor MPs to build up the secure link

Changdong Fan, Amy Zhang, Huawei


Agenda
Agenda

  • Problem statement

  • Assumption

  • Solution

Changdong Fan, Amy Zhang, Huawei


Problem statement

Authentication through MKD B

Problem statement

AS

wired network

  • MP ONLY binds with the MKD to do the key management

    • MKD could distribute the keys to MP which should do the initial authentication through the corresponding MKD

  • Multiple MKD may exist in the mesh network

    • Merging & faster startup

    • Distribution of load

MKD A

MKD B

MP

MP

MP

MP

MP

MP

MP

Changdong Fan, Amy Zhang, Huawei


Assumption
Assumption

AS

wired network

  • MKD could communicate with each other through mesh network

  • MKDs constitute ONE key management group

    • MKDs share one group key GK

MKD B

MKD A

MP

MP

MP

MP

MP

MP

MP

Changdong Fan, Amy Zhang, Huawei


Possible solution
Possible solution

MKD1

MKD2

REQ:MeshID || req || LocalNonce ||

LocalMKDD-ID || PeerMKDD-ID||GKID

  • Add multi-hop communicating protocol between MKDs to do the key distribution

    • May reuse the abbreviated Handshake protocol

  • Result

    • Key Negotiation

      • LDK-MKD||PTK-MKD=PRF-length(GK,min(LocalNonce,PeerNonce)||max(LocalNonce,PeerNonce)|| min(LocalMKDD-ID,PeerMKDD-ID)||max(LocalMKDD-ID,PeerMKDD-ID)…)

    • LDK-MKD as the root key to compute PMK-MA

    • PTK-MKD as the key to protect the communication between MKDs ,

REQ:MeshID || req || LocalNonce || PeerNonce

|| LocalMKDD-ID || PeerMKDD-ID||GKID

RESP:MeshID || resp || LocalNonce || PeerNonce

|| LocalMKDD-ID || PeerMKDD-ID || GKID || MIC

RESP:MeshID || resp || LocalNonce || PeerNonce

|| LocalMKDD-ID || PeerMKDD-ID ||GKID|| MIC

Changdong Fan, Amy Zhang, Huawei


Pmk ma distribution between mps in different mkd domain
PMK-MA distribution between MPs in different MKD domain

MKD2

MKD1

2b PMK Res

2 aPMK Req

  • Procedure

    • MP invokes the PLM protocol

    • MPs both request the PMK-MA to the corresponding MKD node, when they find they are not in the same MKD domain

    • MKD separately compute the PMK-MA using the same LDK-MKD to distribute the key to MP

    • Both MP could do the normal 4-way handshake to derive PTK after getting the PMK-MA

2b PMK Res

2 aPMK Req

1 PLM

MP1

MP2

3 4-way Handshake

Changdong Fan, Amy Zhang, Huawei


The cross domain key management
The cross domain key management

GK

  • GK, shared BY MKD group

  • LDK-MKD , Link distribution Key shared by MKD

    • Compute the PMK-MA to distribute the keys to authenticated MPs

  • PTK-MKD

    • Shared by MKD, update when LDK-MKD updates

  • PMK-MA

    • Pair-wise Master Key, shared by authenticated MPs

  • PTK

    • Pair-wise Transient Key

LDK-MKD

PTK-MKD

PMK-MA

PTK

Changdong Fan, Amy Zhang, Huawei


Conclusion
Conclusion

  • The management of GK shared by MKDs

    • Not be suitable to define the GK management in 802.11

  • The communicating protocol between MKDs

    • Need to be defined more clearly

    • need to design the state machine

  • Change to the PMK-MA negotiating procedure

Changdong Fan, Amy Zhang, Huawei


References
References

  • IEEE 802.11s D2.0

Changdong Fan, Amy Zhang, Huawei


ad