1 / 6

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IKEv2 over TG9 Date Submitted: 15 May, 2012 Source: Tero Kivinen, Company: AuthenTec Address: Eerikinkatu 28, FI-00180 Helsinki, Finland

moke
Download Presentation

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tero Kivinen, AuthenTec Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IKEv2 over TG9 Date Submitted: 15 May, 2012 Source: Tero Kivinen, Company: AuthenTec Address: Eerikinkatu 28, FI-00180 Helsinki, Finland Voice:+358 20 500 7800, FAX: +358 20 500 7801, E-Mail: kivinen@iki.fi Re: KMP documents for TG9 Abstract: IKEv2 KMP over TG9 Purpose: To add IKEv2 as one of the KMPs to the 15.4 and 15.7 Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

  2. Tero Kivinen Atlanta, GA May 15, 2012 IKEv2 KMP over TG9 Tero Kivinen, AuthenTec

  3. Tero Kivinen, AuthenTec The IKEv2 Protocol • Specified in the IETF document RFC5996 for KMP for IPsec • Key management between peers • Exchange of secure identities • 4 packet session key establishment • SIGMA compliant • Multiple authentication methods • Shared secrets • Public Keys (either certificates or raw keys) • EAP • Secure password methods

  4. Tero Kivinen, AuthenTec The IKEv2 Protocol Flow Initiator Responder HDR, SAi1, KEi, Ni → ← HDR, SAr1, KEr, Nr HDR, SK{IDi, AUTH, SAi2, TSi, TSr} → ← HDR, SK{IDr, AUTH, SAr2, TSi, TSr} HDR = Header SAi1, SAr1, SAi2, SAr2 = Security Association Payloads KEi, KEr = Key Exchange Payloads Ni, Nr = Nonce Payloads IDi, IDr = Identification Payloads AUTH = Authentication Payloads TSi, TSr = Traffic Selector Payloads

  5. Tero Kivinen, AuthenTec Profile and Additions to IKEv2 • Need to add group key distribution • Need to define what kind of Traffic selectors are used • any ↔ any? • Specify which features are not needed • NAT-T

  6. Tero Kivinen, AuthenTec Use Cases for IKEv2 • Use Cases • Most likely in devices which already need strong cryptographic operations (Diffie-Hellman, Public Key operations) and need to have those on hardware anyways • Devices which can share KMP for all layers • MAC, IP, and where application layer can use IPsec as IP layer protection (for example core)

More Related