doc IEEE 802 11 100853 r 1 July

  • Slides: 8
Download presentation
doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Some Concerns about FIA

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Some Concerns about FIA Authors: Submission Date: 2010 -7 -15 Slide 1 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Agenda • Some Concerns

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Agenda • Some Concerns about FIA functions – Problem Statement – Technical Feasibility – Deployment Requirement: Legacy Support • Some Suggestions Submission Slide 2 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 What is the Link

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 What is the Link Setup Cost? • Discover an appropriate AP – 60 ms – 3. 4 s – Active Scanning or Passive Scanning: 11 channels for 2. 4 GHz, and 23 channels for 5. GHz – Active Scanning Range: 60 ms - 680 ms, assume 20 ms per channel – Passive Scanning Range: 300 ms - 3400 s, assume 100 ms per channel • WLAN Association - 15 ms - 2 s ? – Association, Authentication, Key Distribution, and 4 -Way Handshake – It is possible to go down to 15 ms for 802. 11 i with a good implementation – Depending on EAP method, and dominated by the performance of the back end server. • Upper layer setup - 100 ms - ? – DHCP… No Evidence Protocol Dominates Setup Cost Submission Slide 3 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Technical Feasibility? • Proposed

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Technical Feasibility? • Proposed FIA focuses on doing all link setup in a single round trip – But WLAN setup only a small portion of link establishment. • Mutual authentication requires at least 3 messages – Both parties must confirm session instance identifier of the other to defeat “man-in-the-middle” attacks – Association provides only 2 messages • Many (most? ) legacy authentication protocols utilize more than 3 messages to accomplish other functions as well Submission Slide 4 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Deployment Requirement: Support Legacy

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Deployment Requirement: Support Legacy Authentication • Enterprises and operators rarely switch authentication technology – Because changing authentication usually requires an overhaul of the entire AAA infrastructure • EAP is the de facto standard extending legacy authentication technologies into networked contexts • Therefore, to be acceptable to enterprises and operators, FIA must continue to use EAP Submission Slide 5 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Re-engineering EAP or Optimize

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Re-engineering EAP or Optimize the use of EAP ? • EAP can be re-engineered to meet FIA’s requirements: – New, lower overhead synchronization? – feasibility unknown; in scope for IETF, not 802. 11 – Re-engineering 802. 1 X to accommodate new EAP formats? – in scope for 802. 1, not 802. 11 – Changes to the RADIUS backend to support new EAP formats? – in scope for IETF, not 802. 11 – Define how to utilize a re-engineered EAP – the only item within IEEE 802. 11 scope – No plausible path forward unless IETF and 802. 1 agree to do this work • Optimizations can be made in the use of EAP without involving the IETF – The benefits of optimizations need to be evaluated. Submission Slide 6 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Some Suggestions • Minimizing

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Some Suggestions • Minimizing connection time is a good goal, but – Identify market segment and use cases that FIA would address – Provide justification that proposed optimizations • Are feasible • Do not compromise security (e. g. , enable Mi. TM attacks) • Makes a difference performance-wise – Optimizing discovery and address assignment seems a bigger problem than WLAN association, which is out of the scope of FIA. • Security review must be conducted by outside security experts • If 802. 1 X and EAP are required to be modified, work postponed until complementary 802. 1 and IETF work chartered Submission Slide 7 Emily Qi (Intel Corp) et al

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Thank You ! Submission

doc. : IEEE 802. 11 -10/0853 r 1 July 2010 Thank You ! Submission Slide 8 Emily Qi (Intel Corp) et al