Discussion on Identifiable Random MAC Address in IEEE 802.11-21

This presentation explores the concept of Identifiable Random MAC Addresses (IRMA) and their role in preventing tracking by unauthorized parties while enabling identification by trusted sources in wireless communication networks. The discussion covers the use of IRMs, IRMKs, and IRM KDF functions to enhance security and protect against spoofing attempts. Various elements and indicators related to IRMs are explained, along with potential enhancements to increase security measures.

• Identifiable Random MAC Address
• IEEE 802.11-21
• Security
• Wireless Communication
• Spoofing

sirmi Follow

Uploaded on Feb 26, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Jan 2022 doc.: IEEE 802.11-21/0085r0 TG bh Identifiable Random MAC Address Discussion - Protection against Spoofing Date: 2022-01 Authors: Name Company Address Phone email Graham Smith SRT Group Sunrise , FL gsmith@srtrl.com Submission Slide 1 Graham Smith, SR Technologies

2. Jan 2022 doc.: IEEE 802.11-21/0085r0 Intro This is a presentation and discussion on Identifiable Random MAC Address , IRMA and spoof STA and spoof AP. Submission Slide 2 Graham Smith, SR Technologies

3. Jan 2022 doc.: IEEE 802.11-21/0085r0 Identifiable Random MAC Basic idea: First time association: 1. STA associates to AP with a random MAC address (IRMA) and indicates support for IRM 2. AP requests and receives a private key (IRMK). This IRMK is stored. Subsequent associations: 1. STA associates with a new IRMA, indicates Known and includes an IRM KDF (where IRM KDF is a function of the IRMA and IRMK). 2. AP searches through stored IRMKs to find IRMK that produces the same IRM KDF. 3. AP then requests a new IRMK. (This step prevents any spoof STA) 4. STA sends new IRMK. Submission Slide 3 Graham Smith, SR Technologies

4. Jan 2022 doc.: IEEE 802.11-21/0085r0 Terms Identifiable Random MAC (IRM) : a scheme where a non-AP STA uses identifiable random medium access control (MAC) addresses (IRMA) to prevent third parties from tracking the non-AP STA while still allowing trusted parties to identify the non-AP STA. Identifiable Random MAC Address (IRMA) a random MAC address used by a STA using IRM Identifiable Random MAC Key (IRMK) aKey used to resolve an IRMA IRM KDF function of IRMA and IRMK : where IRM KDF = HDKF-Expand (IRMK, IRMA, 9) Note: This is new. The IRMK is reduced from 128 bits to 72. This is sufficient as is shown in following slides. Submission Slide 4 Graham Smith, SR Technologies

5. Jan 2022 doc.: IEEE 802.11-21/0085r0 IRM element STA can use private address IRM element sent in Association Request AP then knows if STA IRMK already known (stored) or not Element ID Length Element ID Extension 1 Figure 9-yyy IRM element format IRM Indicator IRM OKM (Present only if IRM Indication is Known ) (9) IRMK Check (Optional) Octets: 1 1 1 (2) Table 9 zzz IRM Indicator IRM Indicator bit 0 Field name Notes Private A non-AP STA sets the IRM Indicator field bit 0 to 1 to indicate that the non-AP STA is using a private random MAC address, i.e., is not using an IRMA. Otherwise bit 0 is set to 0 A non-AP STA sets the IRM Indicator field bit 1 to 1 to indicate that the non-AP STA has not previously provided an IRMK to the AP. Otherwise bit 1 is set to 0 A non-AP STA sets the IRM Indicator field sets bit 3 to 1 to indicate that the non-AP STA has previously provided an IRMK to the AP. Otherwise bit 3 is set to 0. 1 Unknown 2 Known 3-7 Reserved I have been wondering if setting say bits 1 and 3 could be used to say Known AND frequent caller . Or such? This could assist in Spoof AP Submission Slide 5 Graham Smith, SR Technologies

6. Jan 2022 doc.: IEEE 802.11-21/0085r0 Brief Overview of IRM scheme First time Association to a particular AP STA produces a random 48-bit MAC address from 46 random bits, plus the 01 local admin. Same as any RMA, Termed IRMA . The STA chooses a new random MAC every association, so the TA, the IRMA, changes every time. STA sends Association Request with an IRM Element with indication set to Unknown The IRM OKM field is omitted from IRM element Once associated, AP sends IRMK Request Action frame and STA responds with the IRMK Response frame that includes a random 72 bit key, IRMK. The IRMK is then the identity for the STA and is stored by the AP Submission Slide 6 Graham Smith, SR Technologies

7. Jan 2022 doc.: IEEE 802.11-21/0085r0 Re-Associations to the same AP STA produces a random 48-bit MAC address from 46 random bits, plus the 01 local admin. - IRMA STA then calculates a 72-bit OKM, the IRM OKM, using the 72-bit private key, IRMK, that is stored at that AP. IRM OKM = HDKF-Expand {IRMK, IRMA,9}. STA sends Association Request with an IRM Element that includes the IRM OKM, and an indication to the AP that the STA is Known i.e., the AP has the private key IRMK. Also can include the IRMK Check field (enables AP to down select keys by a factor of 256) As STA is Known , AP can search through its store of IRMKs to find the one that, together with the IRMA (i.e. the TA from the STA), produces the same IRM OKM value that is in the IRM element. Thus, the STA is identified. Once associated, AP sends IRMK Request Action frame and STA responds with a new IRMK. The IRMK is then the new identity for the STA and is stored by the AP. Changing IRMK renders any attack by a spoof STA or third party trying to determine the IRMK, completely moot. See later. Submission Slide 7 Graham Smith, SR Technologies

8. Jan 2022 doc.: IEEE 802.11-21/0085r0 IRMK Check field STA can add an IRMK Check field to the IRM element that allows AP to down-select IRMKs if it has many IRMKs stored. AP can request the IRMK Check to down select IRMKs if not included in IRM Element IRMK Offset Check 1 Octets: 1 Figure 9-jjj IRMK Check field format IRMK Offset takes a value N, from 0 to 56 (Note: IRMK is 72 bits) The Check field contains the 8 bits representing the EX-OR of the 8 bits of the IRMK, bN to bN+7 with the following 8 bits (bN+8 to bN+15) i.e. For n = 0 to 7 Bits in Check field are bn = EX-OR (bN+n, bN+n+8) where bN is Nth bit in IRMK Acts as a Hint to the AP so AP can quickly find a stored IRMK. Reduces the list of IRMKs by 1/256 e.g., correct key in a list of 1000 IRMKs found with just 2 calculations Note that 256 combinations of the 16 bits satisfy the 8 bit Check field. Reduces the integrity of key from 72 bits to 64 bits Submission Slide 8 Graham Smith, SR Technologies

9. Jan 2022 doc.: IEEE 802.11-21/0085r0 Spoof STA attack Scenario: Rogue STA copies the association of the real STA IRMA and IRM OKM Rogue associates to AP (worse case, it knows the password) Indicates Known What happens: AP does not find the IRMK that complies and will request an IRMK (with reason No IRMK found ) Why? When the real STA associated with that IRMK, it was recognized by AP and then a new IRMK was issued. Result: Rogue STA cannot masquerade as the real STA. Submission Slide 9 Graham Smith, SR Technologies

10. Jan 2022 doc.: IEEE 802.11-21/0085r0 Third Party snooping Scenario: Third party captures the IRMA and IRM OKM Third party brute strength calculates IRMK, (unlikely but let s assume) 72 bit IRMK, 263 = 9.22 x 1018 1 day = 8.64 x 1016 tera OKMs (see note) hence, about 100 days at 1 terahash/sec Rogue STA tries to associate using an IRMA and a correct IRM OKM What happens: AP does not find the IRMK and might request an IRMK (with reason No IRMK found ) Why? When the real STA associated with that IRMK, it was recognized by AP and then a new IRMK was issued. Result: Rogue STA cannot masquerade as the real STA even if it found the correct IRMK from a previous association. Note: 263 assumes the IRMK Check was included Submission Slide 10 Graham Smith, SR Technologies

11. Jan 2022 doc.: IEEE 802.11-21/0085r0 AP Spoof Scenario (assume AP has all the correct credentials) Rogue AP spoofs an AP that is attractive to the real STA STA decides to associate STA indicates Known or Unknown What happens: AP accepts association and sends IRMK request STA sends a new IRMK Result: AP has an IRMK for that STA. Discussion No different than STA associating not using IRM Only if rogue AP spoofs a known AP, if STA goes back to the known AP, it will not be recognized and STA will receive request for new IRMK. STA has not disclosed any device or user information, but presumably spoof AP could interrogate it. This is only a problem if STA associates i.e., AP has all the right credentials. BUT Submission Slide 11 Graham Smith, SR Technologies

12. Jan 2022 doc.: IEEE 802.11-21/0085r0 Method to prevent/reduce Spoof AP attack IF this Spoof AP were considered a real threat, then an IRMK Check could be added to the AP IRMK Request frame Once associated as Known AP sends IRMK Request It is assumed that the AP has recognized the IRMK for the STA If IRMK Check field is added, then STA can check that the AP has the correct IRMK. Obviously the spoof AP cannot do this so it has to revert to sending New IRMK Request, with a reason No IRMK found . Up to STA whether to provide new IRMK or not Based on time since last visit? Type of AP/network? Never? If suspicious disassociate? Does it matter? IRMK has no information. Submission Slide 12 Graham Smith, SR Technologies

13. Jan 2022 doc.: IEEE 802.11-21/0085r0 Spoof AP discussion This spoof AP case is only a problem if the STA actually associates. Not easy to do such an AP unless open or advertised Password. If the STA does not associate the IRMK is unchanged Spoof AP has learn nothing about the STA. Worse case is that the IRMK is wrong when STA goes back to the Real AP. Assumes spoof AP has same address as real . Unlikely, tends to be based on SSID. STA would receive a New IRMK request worse case. Is the problem enough to add the IRMK Check to every IRMK Request? At the moment I don t think so, but could be done easily if others felt that AP Spoof is a real problem. Submission Slide 13 Graham Smith, SR Technologies

14. Jan 2022 doc.: IEEE 802.11-21/0085r0 Summary and Conclusion Spoof STA is not a problem. Is a Spoof AP a real life threat? Spoof AP is only a problem if STA associates. ( STA might associate with or without IRM, and decision to associate has nothing to do with IRM) IRMK is only a temporary ID. Spoof AP is not doing this to find out the IRMK, it is doing it to interrogate the STA. Spoof APs are not easy to set up. Would STA see it just as an attractive AP ? If so, not lose the IRMK. Conclusion Adding IRMK Check to the IRMK Request restricts spoof AP to having to request a new IRMK with a reason. Personally in two minds whether to add this. Adding Check does provide a firm indication that the correct IRMK has been found and causes spoof AP to ask for a New IRMK. Which is always suspicious. Easy to add. IRMK Request is only 2 octets at the moment and would only become 4. Submission Slide 14 Graham Smith, SR Technologies

15. Jan 2022 doc.: IEEE 802.11-21/0085r0 Interested to hear opinions on the Spoof AP case Is it real? As IRMK changes all the time, and is a ID only for the next association, does it matter? Associating to the spoof AP has nothing to do with IRM, but if AP admits it does not have the IRMK, it does provide some level of protection. Adding the Check does provide a positive acknowledgment that the AP knows the STA. Which may be a good thing in itself. (I did consider this from the onset so maybe I start to lean back that way). Only consideration is what to do if the IRM Check is not right (assuming a real AP could that happen)? A spoof AP would automatically avoid Check and send the New IRMK Request. Back to so what? Have prepared two version of the IRM text: With IRMK Check in IRMK Request Without IRMK Check in IRMK Request Submission Slide 15 Graham Smith, SR Technologies