Vff roaming
Download
1 / 5

VFF Roaming - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

VFF Roaming. Keith Amann, Spectralink Pat Calhoun, Airespace Darwyn Engwer, Nortel Networks Kevin Hayes, Atheros Haixiang He, Nortel Networks Bob O’Hara, Airespace Dorothy Stanley, Agere Henry Ptasinski, Broadcom. Design Principle. Follows 802.11r scope/definition

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' VFF Roaming' - josette-roux


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Vff roaming

VFF Roaming

Keith Amann, Spectralink

Pat Calhoun, Airespace

Darwyn Engwer, Nortel Networks

Kevin Hayes, Atheros

Haixiang He, Nortel Networks

Bob O’Hara, Airespace

Dorothy Stanley, Agere

Henry Ptasinski, Broadcom

Calhoun et al.


Design principle
Design Principle

  • Follows 802.11r scope/definition

    • Transition time = first packet on new AP – last packet on old AP

Calhoun et al.


Key circle
Key Circle

EKC

AAA

KC 1

KC 3

Controller

D-PMK

Controller

PMK

DB-PMK

D-PMK

KC 2

PMK

AP

AP

D-PMK

AP

AP

AP

DB-PMK

D-PMK

PTK

PTK

PTK

PTK

PTK

Tightly coupled AP

Loosely coupled AP

Derived Key

via PRF

Calhoun et al.


Key exchange
Key Exchange

STA

AP

PMK Established

<Roaming Event Occurs>

AUTH (VFF, M1, ContextReq)

AUTH (VFF, Come Back, MinTime, MaxTime)

<AP fetches STA context>

AUTH (VFF, M1, ContextReq)

AUTH (VFF, OK, M2, MaxTime)

AUTH (VFF, M3)

AUTH (VFF, OK, M4, MaxTime, Key Lifetime, ContextAck)

<PTK Established – Start of secure window>

Authenticated

(optional) Action()

Assoc-Req (PTKID, RSNIE, Nonce, GTK, MIC)

Assoc-Resp(PTKID, RSNIE, Nonce, MIC)

XID

Calhoun et al.


Benefits
Benefits

  • Pre-computation of Derived PMK values by both peers at each AP

    • Each BSSID has a cryptographically separate PMK for the same station (No PMK Sharing)

    • Introduces a hierarchy

  • Pre-computation of PTK prior to (re)association

  • STA driven authentication

    • Power saving & QOS benefits

  • Decoupling key exchange from associated state

    • Minimizes packet loss

  • Provides a framework for protected mgmt frames

  • Association is bound to the PTK

    • Association messages are MIC’ed

    • Provides key liveness

  • PMK lifetime is controlled by the AP and communicated to the STA

    • Bounds key liveness

  • Maintains the 4 way hand-shake

    • Optimizations are possible, but not described at this time

Calhoun et al.