1 / 14

Authentication and Key Management of MP with multiple radios

Authentication and Key Management of MP with multiple radios. Date: 2008-03-14. Authors:. Abstract. This presentation states the secure association setup problem when the MP with multiple radios joins into the mesh network. Agenda. Problem Statement Suggestions.

ravi
Download Presentation

Authentication and Key Management of MP with multiple radios

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication and Key Management of MP with multiple radios Date: 2008-03-14 Authors: Charles Fan,Amy Zhang, Huawei

  2. Abstract This presentation states the secure association setup problem when the MP with multiple radios joins into the mesh network. Charles Fan,Amy Zhang, Huawei

  3. Agenda • Problem Statement • Suggestions Charles Fan,Amy Zhang, Huawei

  4. Current Secure association setup mechanism Supplicant Mesh Authenticator Step2: • Authenticate with AS through MKD • Build the root of trust, i.e., MSK/PSK. • Key derivation mechanism • Derive PMK-MKD to distribute session keys between MPs. • Derive MKDK to establish secure link between MP and MKD. Step1: Authentication Method & Role & Key Management type Negotiation Probe/Beacon Peer Link Management Step2:Authentication through MKD & The key hierarchy setup Initial Authentication if needed Step3: PTK/GTK distribution 4-Wayhandshaketobuildsessionkeys Securecommunication Charles Fan,Amy Zhang, Huawei

  5. Link Security Branch Key Distribution branch MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) PMK-MKD MKDK Held byMKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) PMK-MA Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) MPTK-KD Held & Derived bySupplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) PTK 802.11s Key Hierarchy • According to the current Key derivation mechanism • There will be multiple PMK-MKDs and MKDKs when the multiple radios MPs join the mesh network, because theMPs should have to use different SPA corresponding to different radio to differ the radios in order to derive PMK-MKD and MKDK. • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) • Multiple initial authentication procedures should have to be launched. Charles Fan,Amy Zhang, Huawei

  6. Disadvantages of multiple authentications • Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. • The authentication credential may be used by multiple MPs simultaneously. • Increase the air cost overhead when launching multiple times initial authentication Charles Fan,Amy Zhang, Huawei

  7. Agenda • Problem Statement • Suggestions Charles Fan,Amy Zhang, Huawei

  8. Solution Requirements • The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. • Authentication credential is issued one per device • Authenticate the device to produce trust credential secrecy • Doesn’t rely on the concrete authentication credential and authentication methods • Different radio in the same MP should use different session key. • Distribute keys for radios of the device through One time initial authentication procedure • Follow the 802.11s security requirements • Authentication process is to build the root of trust relationship and authorize the device to use the trust credential; such as MSK etc • The key management has to work at the MAC layer • The SAs has to be tied to the MAC addresses • Less modification, more better Charles Fan,Amy Zhang, Huawei

  9. MA MKD AS Sup MP 1. EAPOL-Start 2. EAPOL (EAP-Request Identity) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 4. Mesh EAP encapsulation (EAP-Response Identity) 6. EAP-specific (mutual) authentication 7. EAP Transport (EAP-Success, MSK) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP-Response AcceptPMK-MA) 9. EAPOL (EAP-Success) Possible solution • Only one PMK-MKD and one MKDK for an MP, shared by all the radios • Introduce device ID which can only identify the MP, i.e., prime address • Using the Dev_ID instead of SPA when deriving MeshTopLevelKeyData • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, Dev_ID) • No modification to the derivation formulas of the PMK-MA, PTK and MPTK-KD • Different Session Keys is derived for different radios • The SPA is the communication radio’s MAC address of the MPs • No modification of the 4-way handshake. Charles Fan,Amy Zhang, Huawei

  10. Mesh key holder security handshake Modification • The MKDK is indexed the MA_ID in the MKD according to the current mechanism • The transmission address of handshake message 1 • It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID • Using the MKDKName to index the MKDK to establish secure association between MP and MKD. Charles Fan,Amy Zhang, Huawei

  11. Mesh key holder security handshake Modification • The MKDK is indexed the MA_ID in the MKD according to the current mechanism • The transmission address of handshake message 1 • It is not suitable in our solutions, because the MA_ID has been changed to Dev_ID • Using the MKDKName to index the MKDK to establish secure association between MP and MKD. Charles Fan,Amy Zhang, Huawei

  12. Straw Poll • Would you like to use Dev_ID for deriving PMK-MKDs and MKDKs to enhance the authentication procedure of multiple radios MPs? • Yes No Charles Fan,Amy Zhang, Huawei

  13. Reference • Draft_P802.11s_D1.09 Charles Fan,Amy Zhang, Huawei

  14. MKD MP MP MP 1 , MANonce , MA - ID MKD - ID MKDKName , , 1 , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName 2 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , 2 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , MIC 3 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , 3 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , MIC 4 , SPANounce , MANonce , SPA , MA - ID , MKDD - ID , PMK - MKDName , MIC 4 , MANonce , MKDNonce , MA - ID MKD - ID MKDKName , MIC , , Back Up • The radios can use MIC to prove its legality • To MKD when doing the Mesh key holder security handshake • ONLY the authorized device have the MPTK-KD to compute the MIC. • To other MPs when doing the 4-Way handshake • ONLY the authorized device have the AKCK derived from PMK-MA to compute the MIC. a. Mesh key holder security handshake b. 4-Way handshake Charles Fan,Amy Zhang, Huawei

More Related