Enhancing Privacy in IEEE 802.11 Networks with BPE Capability
Explore the April 2025 IEEE submission by Jarkko Kneckt from Apple Inc., introducing BPE.AP.MLD to improve network efficiency and privacy. The proposal aims to allow STA association with BPE.AP.MLDs and enable secure information exchange for enhanced privacy levels within the network.
Uploaded on | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
April 2025 doc.: IEEE 802.11-25/708r0 BPE AP MLD as Part of Large Network Date: 2025-04-24 Authors: Name Jarkko Kneckt Affiliations Apple Inc Address Cupertino, CA Phone email jkneckt@apple.com Submission Slide 1 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 Abstract This submission is related to CIDs #760 and 761 (See annex for CID details). Normative text is provided in submission 11-25-709. This submission defines BPE AP MLD as part of larger networks. Currently, a STA may associate with a BPE AP MLD only if the STA has preshared BPE AP parameters. This prevents efficient use of the BPE AP MLDs in many network topologies. This submission enables an associated BPE capable STA to receive BPE AP MLD discovery information from protected unicast frames through the associated AP. This operation enables STA to (re)associate with the BPE AP MLD in the ESS. Submission Slide 2 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 Background: BPE AP MLDs A BPE AP MLD transmits only encrypted frames BPE AP MLD transmits Privacy Beacons, 10.71.8.2 (BPE AP MLD Beaconing) A scanning STA can detect whether it is preconfigured with BPE AP MLD parameters by using the Transmitter Address and Identity Hash of the MAC Headers If the BPE AP MLD parameters are not preshared with a STA: The STA cannot identify the BPE AP MLD, its parameters, and ESS This prevents STAs from associating with a BPE AP MLD, even if the STA possesses the authentication keys of the AP Submission Slide 3 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 Proposal: ESS with Legacy, CPE, and BPE AP MLDs An ESS, MD, or SMD may contain AP MLDs of all privacy levels BPE APs are available only for BPE capable STAs BPE APs offer the best privacy Individual frames are anonymized Group frames are anonymized BPE APs parameters are not sent clear OTA BPE APs and STAs addresses are anonymized 802.11bi privacy support level (NONE / CPE / BPE) is shown for each AP MLD Jarkko Kneckt, Apple Submission Slide 4
April 2025 doc.: IEEE 802.11-25/708r0 Proposal: Assisted Discovery of BPE AP MLDs A CPE or non-privacy enhanced AP signals that ESS | MD has available BPE or CPE AP MLDs A capability bit signals that ESS has BPE APs available STA knows that it may query BPE AP MLD parameters Protected association or authentication signaling has fields to indicate whether: The AP MLD is capable to provide discovery information of BPE AP MLDs in ESS | MD The Non-AP MLD is capable to receive unsolicited BPE AP MLD information An associated STA may request BPE AP MLD information by sending a protected BTM Query frame An associated AP may provide BPE AP MLD information by sending individually addressed protected BTM Request frames Jarkko Kneckt, Apple Submission Slide 5
April 2025 doc.: IEEE 802.11-25/708r0 Proposal: Shared BPE AP MLD Parameters A BPE AP MLD can discoverable by providing the BSSID of the AP MLD for the current and the following epochs The STA may discover, authenticate and associate with the BPE AP during these Epochs The STA obtains the BPE AP MLD identity key during 4-way handshaking. The identity key enables AP discovery during the lifetime of the BPE AP At least the following BPE AP capabilities and operation elements shall be shared: 1. Elements to estimate the BPE AP performance and congestion level (BW, NSS, BSS Load for all Links) 2. Elements to identify the BPE AP and select the roaming mechanism (SMD ID, MD ID, BSSIDs, SSID) 3. Elements to authenticate and associate with BPE AP (RSNE and RSNXE) Submission Slide 6 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 Authentication and Association with the BPE AP A discovered BPE AP MLD is part of the same ESS as the associated AP The discovered BPE AP and the currently associated AP may use the same authentication keys The RSNE and RSNXE of the discovered BPE AP MLD ensure that all security related settings and parameters are known The complete set of BPE AP MLD parameters is obtained during the protected (re)association signaling Submission Slide 7 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 Benefits The BPE AP MLDs may become essential part of larger networks Network operators can offer the best privacy for their customers, while keeping the networks easily discoverable and legacy compatible Residential networks can steer BPE capable devices to BPE AP MLDs supporting maximum privacy Steering signaling is simple The Identity key of the BPE AP MLD conveyed by the protected individually addressed BTM Request frame Standard compatible steering signaling is used to avoid interoperability issues Submission Slide 8 Jarkko Kneckt, Apple
April 2025 doc.: IEEE 802.11-25/708r0 ANNEX Related CIDs Jarkko Kneckt, Apple Submission Slide 9
