1 / 16

Overview of Improvements to Key Holder Protocols

Overview of Improvements to Key Holder Protocols. Authors:. Date: 2007-06-27. Abstract.

buffy-gardner
Download Presentation

Overview of Improvements to Key Holder Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of Improvements to Key Holder Protocols Authors: Date: 2007-06-27 Steve Emeott, Motorola

  2. Abstract This submission provides an overview of document 11-07/1987r1, which proposes improvements to the key holder communications protocols defined for use in the mesh security architecture. The proposed changes are include expanded error handling features, revisions to the key holder handshake and key transport push protocol, and new MLME-SAP interface primitives. 20 comments are addressed by the proposed changes. Steve Emeott, Motorola

  3. Outline • Mesh key holder architecture • Improvements: Key holder communications • Summary of comments received • Overview of proposed changes • Additional details Steve Emeott, Motorola

  4. RSNA Key Management PMK-MKD-KH / Local PMK-MKD-KH PMK-MA-KH / Local PMK-MA-KH Mesh Key Holder Architecture Mesh Key Distributor • Mesh key holders are part of MP SME RSNA key management • Architecture defines the keys computed by each key holder • Computation of PMK-MKD, PMK-MA and MKDK • Restricted to PMK-MKD-KH for peer MP keys • Restricted to Local PMK-MKD-KH for local MP keys • Computation of PTK-MA and MPTK-KD • Restricted to PMK-MA-KH for peer MP keys • Restricted to Local PMK-MA-KH for local MP keys Scope of submission: improving communications between key holders Mesh Authenticator Steve Emeott, Motorola

  5. Key Holder Exchanges • Key holder handshake • Used to derive a fresh key delivery key, negotiate EAP message transport protocol to use • Key transfer • Pull Mode • Push Mode • Delete • EAP message transport • Used to transport EAP messages between 802.11s Authenticator and NAS Client entities when they are not co-located Steve Emeott, Motorola

  6. Comments Received • Questions about processing steps and status code that should be included for error handling • Question about whether key holder handshake should be extended to 4 messages for better error handling • Request to make key transfer protocol optional • Request to identify key used to integrity protect messages • Questions about message token and sequence number fields included to prevent replay attacks Steve Emeott, Motorola

  7. Overview of Changes • Explicitly defined processing steps and status codes for error handling in all key holder exchanges • Conditions for silently discarding messages • Conditions for retrying key holder handshake messages • Values of status codes for indicating failures • Defined MLME primitives and MIB variables • Primitives defined in support of key holder architecture • Also need primitives and MIB variables to define error handling • Made key transport protocol optional • Key transport protocol can be negotiated during key holder handshake • Defined key name field to identify MIC key Steve Emeott, Motorola

  8. Overview of Changes (cont.) • Added 4th message to key holder handshake • Permits aspirant MA to manage retries of handshake messages, enabling MKD to simply respond to messages it receives • Permits negotiation of optional EAP and Key transport protocol during key holder handshake • Named replay counters and replaced message token in EAP encapsulation field with replay counter • Improved the key transport protocol • Renamed pull mode messages to request and response • Reused pull mode messages in the push mode protocol, and added 3rd message to combat delay attacks Steve Emeott, Motorola

  9. MA SME MAC Additional Details • Mesh Key Holder Security Handshake MKD Multihop Action Frame MAC SME MLME-MeshKeyHolderHandshake.request Handshake Msg 1 MLME-MeshKeyHolderHandshake.indication MLME-MeshKeyHolderHandshake.confirm MLME-MeshKeyHolderHandshake.request Handshake Msg 2 MLME-MeshKeyHolderHandshake.indication MLME-MeshKeyHolderHandshake.confirm … Steve Emeott, Motorola

  10. MA SME MAC Additional Details (cont.) • Key Transport – Pull Mode MKD Multihop Action Frame MAC SME MLME-MeshKeyTransport.request Request MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Response MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm Steve Emeott, Motorola

  11. Additional Details (cont.) • Key Transport – Push Mode MA MKD Multihop Action Frame SME MAC MAC SME MLME-MeshKeyTransport.request Notify MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Request MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm MLME-MeshKeyTransport.request Response MLME-MeshKeyTransport.indication MLME-MeshKeyTransport.confirm Steve Emeott, Motorola

  12. MA SME MAC Additional Details (cont.) • EAP Transport MKD Multihop Action Frame MAC SME MLME-MeshEAPTransport.request EAP Encapsulation Request MLME-MeshEAPTransport.indication MLME-MeshEAPTransport.confirm MLME-MeshEAPTransport.request EAP Encapsulation Response MLME-MeshEAPTransport.indication MLME-MeshEAPTransport.confirm Steve Emeott, Motorola

  13. Backup Steve Emeott, Motorola

  14. Review of Recent Changes • Highlights of improvements already made to MSA • Improvements to PLM (11-07/0440r0: 106 comments) • Definition of MIB variables for MSA (11-07/0436r1: 25 comments) • Simplification of frame formats for key holder messages (11-07/0286r0: & 11-07/0287r1: 35 comments) • Addition of AES-128-MAC MIC algorithm (11-07/0435r1: 4 comments) • Upgrades to better support co-located MKD/MA (11-07/0437r1: 3 comments) • Integration of PLM into MSA authentication handshake (11-07/0564r2: 16 comments) • Clean up of key derivation clause (11-07/0618r0: 21 comments) Steve Emeott, Motorola

  15. Work in Progress • Areas where unresolved comments are still under discussion • Key holder communications – document 07/1987 (20 comments) • Cleanup of high level architecture description (15 comments) • Pre-shared keys (8 comments) • Abbreviated handshake (5 comments) • Other (40 comments) Steve Emeott, Motorola

  16. Authentication Server Radius Multihop Action PLM & EAPOL Network Access Server (AAA Client) 802.1X Authenticator (Controlled Port) 802.1X Supplicant Local PMK-MKD-KH Local PMK-MA-KH PMK-MKD-KH PMK-MA-KH Optionally mesh key holders may be co-located Exemplary Implementation of Initial MSA Authentication Steve Emeott, Motorola

More Related