1 / 9

PMK Caching for FILS

PMK Caching for FILS. Authors:. Date: 2014-01-15. Abstract. This slide deck describes an enhancement for faster authentication of non-initial FILS connections using PMK caching. . FILS Use Case– Tokyo Train Station. What About When They Start Moving?.

dyllis
Download Presentation

PMK Caching for FILS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PMK Caching for FILS Authors: • Date:2014-01-15 Dan Harkins, Aruba Networks

  2. Abstract • This slide deck describes an enhancement for faster authentication of non-initial FILS connections using PMK caching. Dan Harkins, Aruba Networks

  3. FILS Use Case– Tokyo Train Station Dan Harkins, Aruba Networks

  4. What About When They Start Moving? Dan Harkins, Aruba Networks

  5. Can Subsequent Link Setup be Fast(er)? Dan Harkins, Aruba Networks

  6. PMK Caching with FILS • The I in FILS is initial • The result of the Fast InitialLink Setup is a PMKSA • PMKSA represents authenticated state, including a key (the PMK) • PMKSA can be reused to enable Fast Subsequent Link Setup • Many 802.11 deployments use a switch/controller • MAC on AP is split, non-real time portion resides on controller • 802.1X authenticator is non-real time part of MAC • Makes sense to put FILS functionality on controller as well • A multitude of APs can be part of a single controller • A STA can quickly roam among the multitude of APs, reusing the same PMKSA– PMK Caching Dan Harkins, Aruba Networks

  7. PMK Caching ISP Subsequent FILS exchanges only go to controller PMK SA First FILS exchange goes back to ISP Dan Harkins, Aruba Networks

  8. PMK Caching with FILS • PMKSA can be created by public or shared key FILS • Once created, a PMKSA is cached • Many PMKSAs can be cached at once • PMKSAs are identified by a PMKID • PMKSAs can be deleted at any time by either STA or AP • Should make PMKSAs created by FILS be somewhat short lived • STA and AP agree on PMKSA during Auth exchange • STA includes (list of) PMKID(s) • AP selects (one of) the PMKID(s) • FILS “shared key” exchange (but not ERP) • PMK from cached PMKSA is used to authenticate FILS exchange • PFS is supported! Dan Harkins, Aruba Networks

  9. References • 11-14/0052r*-- PMK Caching with FILS Dan Harkins, Aruba Networks

More Related