discussion points for 802 21 security input to 802 1af
Download
Skip this Video
Download Presentation
Discussion Points for 802.21 Security [Input to 802.1AF]

Loading in 2 Seconds...

play fullscreen
1 / 4

Discussion Points for 802.21 Security [Input to 802.1AF] - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

Discussion Points for 802.21 Security [Input to 802.1AF]. Security in the MAC is more about wireless than wired today Some (proposed) link events today have different qualities for wired vs. wireless worlds: Link up (wired link vs. wireless association completed (or open port?))

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Discussion Points for 802.21 Security [Input to 802.1AF]' - napua


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
discussion points for 802 21 security input to 802 1af
Discussion Points for 802.21 Security [Input to 802.1AF]
  • Security in the MAC is more about wireless than wired today
  • Some (proposed) link events today have different qualities for wired vs. wireless worlds:
    • Link up (wired link vs. wireless association completed (or open port?))
    • Link down (wired no data vs. wireless beacons etc)
    • Link_Going_Up (wired not possible? vs. Port in the making / tentative association)
    • Link changed bandwidth (wired went from 100 to 10 vs. wireless slow man on channel?))
    • Link changed mode (wired duplex transition vs. wireless ack to block ack?)
  • Some events are wireless only:
    • Link changed QoS (wireless HCCA to EDCA transition, wired ?)
    • Link_Quality_Crosses_Threshold (wireless signal quality, wired ?)
    • Better_Signal_Quality_AP_Available
  • Some events are the same for both wired and wireless:
    • Link_Going_Down
    • Trigger_Rollback
discussion points for 802 21 security input to 802 1af1
Discussion Points for 802.21 Security[Input to 802.1AF]
  • Some proposed link events could be asymmetric…
    • Link up (OPER up on one end only)
    • Link down (OPER down on one end only)
    • Link_Going_Up (OPER…)
    • Link_Quality_Crosses_Threshold (better antennae?)
    • Link_Going_Down (OPER…)
    • Better_Signal_Quality_AP_Available (sent one way only)
  • Might want to transmit any of these as status report from other end ? (Should there be remote registered client for push or pull model?)
  • … vs. the same on both ends of link
    • Link up (both ends fully plugged in,
    • Link down (failure of cable, one end fails)
    • Link changed bandwidth (negotiated)
    • Link changed mode (negotiated)
    • Link changed QoS (negotiated)
    • Trigger_Rollback (transmitted)
discussion points for 802 21 security input to 802 1af2
Discussion Points for 802.21 Security[input to 802.1AF]
  • Might want to report any of these locally up from L2 to registered client
  • Current local registration for link events identifies client, logical interface and particular event
  • Current local delivery of link events provides report of event occuring, sometimes a data value (never the source MAC)
  • Current local delivery of link events can be gated by OPER state
  • Source of link events is not authenticated or authorized by local delivery mechanism
  • No need for security?
discussion points for 802 21 security input to 802 1af3
Discussion Points for 802.21 Security[input to 802.1AF]

Apply to transmitted signals or triggers (i.e. end to end). Generic threat analysis here due to lack of approved use cases.

  • DoS attacks
    • In wireless there is always PHY based DoS
    • So why spend energy preventing MAC based DoS
  • Protocol attacks
    • No new security protocols introduced, no increase in attacks
  • Association
    • Authentication
      • Heavyweight, only for association
    • Authorization
      • Heavyweight, only for association
  • Integrity
    • Relevant to wired side (yet less needed), not so on wireless?
  • Privacy / confidentiality
    • Must use existing encryption methods if used at all, due to scope; Hard to set up w/out latency inducing authentication
ad