IEEE 802.11-21 Identifiable Random MAC Address Scheme

Original proposal on Identifiable Random MAC Address scheme in IEEE 802.11-21, preventing third-party tracking while enabling STA identification. Presentation covers IRMA, IRMK, hash functions, and IRM capability fields for STAs and APs.

• IEEE
• MAC Address
• IRMA
• IRMK
• Hash Function

camerenb Follow

Uploaded on Feb 25, 2025 | 15 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Nov 2021 doc.: IEEE 802.11-21/1585r11 TG bh Identifiable Random MAC Address (revised) Date: 2022-01 Authors: Name Company Address Phone email Graham Smith SRT Group Sunrise , FL gsmith@srtrl.com Olivia Fernandez Harris Submission Slide 1 Graham Smith, SR Technologies

2. Nov 2021 doc.: IEEE 802.11-21/1585r11 Intro This is a presentation on Identifiable Random MAC Address , IRMA Original proposal was 21/1585r11 Changes made to the procedure such that STA spoofing is impossible Submission Slide 2 Graham Smith, SR Technologies

3. Nov 2021 doc.: IEEE 802.11-21/1585r11 802.11 Definitions Identifiable Random MAC (IRM) : a scheme where a non-AP STA uses identifiable random medium access control (MAC) addresses (IRMA) to prevent third parties from tracking the non-AP STA while still allowing trusted parties to identify the non-AP STA. Identifiable Random MAC Address (IRMA) a random MAC address used by a STA using IRM Identifiable Random MAC Key (IRMK) aKey used to resolve an IRMA Submission Slide 3 Graham Smith, SR Technologies

4. Nov 2021 doc.: IEEE 802.11-21/1585r11 Identifiable Random MAC Address - IRMA Purpose Prevent third-parties from tracking the STA while still allowing trusted parties to recognize the STA. Identifiable Uses a key shared with trusted AP/network IRMK IRMA is the random TA MAC address used by the STA STA generates an IRM Hash using IRMK and IRMA IRM Hash is sent in IRM element (in Association Request) STA changes IRMK for every network and association. Changing fields The IRMA (TA), IRM Hash and IRMK change for every association AP uses latest IRMK as the identification for the STA STA and AP keeps list of Submission Slide 4 Graham Smith, SR Technologies

5. Nov 2021 doc.: IEEE 802.11-21/1585r11 CAPABILITY BIT An IRM Capability field is used in the STA and AP The AP looks for the IRM Capability AND the IRM Hash in IRM element AP can use the IRM Capability bit to indicate to STAs that there may be a reason to be identified, i.e., I provide a service Bit Information Notes <ANA> IRM Capability The STA sets IRM Capability subfield to 1 to indicate support for IRM and sets to 0 if IRM Capability is not supported. Submission Slide 5 Graham Smith, SR Technologies

6. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRMK and Hash function IRMK (Identifiable Random MAC Key) 1. STA generates the IRMK Random128-bit number . 2. STA shares IRMK with AP when first associated 3. STA provides IRM Hash in IRM element 4. The IRMK is used to resolve the identity of the STA verifies that the hash included in the IRM element matches the output of the local hash computation IRM hash = SHA-256/128 (IRMK, IRMA) Could use a different Hash and could reduce IRMK to 64 bits. Since the AP has the IRMK stored locally and has access to the IRMA (the TA address) and the IRM Hash in the association packet, it can perform this computation and verify the IRMK NOTE: Scheme is based on known proven technology key derivation functions . A typical usage is take a secret, such as a password or a shared key (IRMK), and a random number (known as a salt ) (IRMA) to produce a key (IRM Hash). Used in many applications. Submission Slide 6 Graham Smith, SR Technologies

7. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRM Hash Proposed to use SHA-256 truncated to 128 bits*, i.e.: IRM Hash = SHA-256/128 (IRMK, IRMA) Where SHA-256/128 is the truncated SHA-256 where the leftmost 128 bits of the 256-bit hash generated by SHA-256 are selected as the truncated 128 bit IRM Hash A 3rd party chance of discovering the IRMK? Pre-image resistance 1 in 2 128 (See slide 18) Chance that AP finds wrong key or more than one key? Hash collision 1 in 2 64 Two STAs pick same key , 1 in 264 AP can ask for New IRMK Request Could use other hash functions. Want to select a function already known and used. Also could consider shorter IRMK, say 64 bit. Actually this is a Key Derivation Function KDF, not a Hash. Submission Slide 7 Graham Smith, SR Technologies

8. Nov 2021 doc.: IEEE 802.11-21/1585r11 Basic Steps for IRM STA and AP indicates IRM support in Extended Capability Field First Time Association 1. STA generates 48 bit IRMA 1. Generates a random 46 bit number 2. Appends I/G = 0, U/L = 1 (Compatible with 12.2.10) 2. STA sends the IRM element in Association Request 1. IRM Indicator set to Unknown 2. IRM Hash is omitted. 3. After Association, AP requests the IRMK, and STA sends it. Re-Associations 1. STA generate 48 bit IRMA 2. STA calculates IRM-Hash using IRMA and IRMK for that AP 3. STA sends the IRM element in Association Request 1. IRM Indicator set to Known and IRM-Hash is included 4. AP uses IRMA and stored IRMKs to calculate IRM hash and identifies the STA IRMK. 5. AP then requests new IRMK from STA 6. AP and STA update their lists It s important to note that the IRMK is not used to reveal the STA s MAC or identity address but rather for verification purposes only, i.e., the hash matches Submission Slide 8 Graham Smith, SR Technologies

9. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRM element STA can use private address IRM element sent in Association Request AP then knows if STA IRMK already known (stored) or not Element ID Length Element ID Extensio n IRM Indicator IRM Hash (Present only if IRM Indication is Known ) IRMK Check (Optional) See next slide Table 9 zzz IRM Indicator IRM Indicator bit 0 Field name Notes Private A non-AP STA sets the IRM Indicator field bit 0 to 1 to indicate that the non-AP STA is using a private random MAC address, i.e., is not using an IRMA. Otherwise bit 0 is set to 0 A non-AP STA sets the IRM Indicator field bit 1 to 1 to indicate that the non-AP STA has not previously provided an IRMK to the AP. Otherwise bit 1 is set to 0 A non-AP STA sets the IRM Indicator field sets bit 3 to 1 to indicate that the non-AP STA has previously provided an IRMK to the AP. Otherwise bit 3 is set to 0. 1 Unknown 2 Known 3-7 Reserved Submission Slide 9 Graham Smith, SR Technologies

10. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRMK Check field IRMK Offset Check 1 Octets: 1 Figure 9-jjj IRMK Check field format IRMK Offset takes a value N, from 0 to 112 (Note: IRMK is 128 bits) The Check field contains the 8 bits representing the EX-OR of the 8 bits of the IRMK, bN to bN+7 with the following 8 bits (bN+8 to bN+15) i.e. For n = 0 to 7 Bits in Check field are bn = EX-OR (bN+n, bN+n+8) where As an example, IRKM Offset = 72 Check field b0 is EX_OR of bits 72 and 80, and b7 is EX-OR of bits 79 and 87 bN is Nth bit in IRMK Acts as a Hint to the AP so AP can quickly find a stored IRMK. Reduces the list of IRMKs by 1/256 e.g. correct key in a list of 1000 IRMKs found in just 2 calculations Note that 256 combinations of the 16 bits satisfy the 8 bit Check field. Reduces the integrity of key from 128 bits to 120 bits (see slide 18) Submission Slide 10 Graham Smith, SR Technologies

11. Nov 2021 doc.: IEEE 802.11-21/1585r11 Action Frames to get IRMK Table 9-bbb IRM Action field Action field value 0 IRMK Request 1 IRMK Response 2 New IRMK Request 3 IRMK Check Request 4 IRMK Check Response 5-255 Reserved Meaning STA sends Unknown if first time association AP sends IRMK Request, STA sends IRMK Response with IRMK STA sends Known if STA has previously associated with the AP AP sends IRMK Request, STA sends IRMK Response with a new IRMK AP can request New IRMK (with reasons) AP can request IRMK Check (If many IRMKs stored for example, and Check not present in the IRM element). Submission Slide 11 Graham Smith, SR Technologies

12. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRMK Check Request/Response If AP has many IRMKs and STA did not include the IRMK Check field in IRM element, then AP can request it. Notes: STA could always includes Check in IRM element STA could include Check only if it knows the AP is a busy one. IF STA recognizes AP as a busy AP then STA should include IRMK Check. IRMK Check reduces the possibilities from 2127 to 2119 Note: 2119 = 6.65 x 1035 1 year = 3.15 x 1019 tera hash This is way over the top for what we need. As the STA chooses a new key (IRMK) at every association, thee is no basic reason that the key or the hash be so long 128 bits. Looking into using 64 or 72 bits for the key (IRMK) Submission Slide 12 Graham Smith, SR Technologies

13. Nov 2021 doc.: IEEE 802.11-21/1585r11 AP requests new IRMK AP can request a new IRMK (provides reason) Table 9-ddd IRMK Reason field values IRMK Reason field value 0 No reason provided 1 Non-AP STA requested change 2 No IRMK found 3 Duplicate Key exists 4 Key not random 5-255 Reserved Meaning REASON AP might delete stored IRMKs Old Capacity If STA associates as Known and IRMK not found, then AP can request a new IRMA Submission Slide 13 Graham Smith, SR Technologies

14. Nov 2021 doc.: IEEE 802.11-21/1585r11 Pre-Association STA can send IRM ANQP-element AP can use the IRM Hash and the IRMA (TA) to find the IRMK (Can only be used if AP already has the IRMK) Info ID Length IRM Hash IRM Check (optional) Octets: 1 1 16 Figure 9-xyz IRM ANQP-element format Submission Slide 14 Graham Smith, SR Technologies

15. Nov 2021 doc.: IEEE 802.11-21/1585r11 Security The IRMK Check field allows the AP to down-select list Reduces APs stored list by 1/256 Reduces security from 128 bits to 120 bits. 3rd party must perform average of 2119 (6.65 x 1035) hash calculations to find the IRMK. A huge number, if performing 1 Hash calculation per tera second, takes 2 x 1016 NOTE: as STA changes its IRMK on every association, there is no point in trying to find IRMK anyway. Down-Select at AP with IRMK Check 216 combinations for 16 bits, 28 combinations for 8 bit EXOR IRMK Check does not disclose any of the bits in the IRMK. Down Select is 216/28 = 256 i.e. 1000 IRMKs down selected to 4. 1000 IRMKs in store, AP, on average, needs to check 2 to find correct IRMK Submission Slide 15 Graham Smith, SR Technologies

16. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRM is very Secure Every time STA associates, the address IRMA AND IRM Hash values change. Impossible to know if same STA associating. Third party would need to brute strength all keys, IRMK (128 bits, or 120 bits if using IRMK Check), to find the IRMK. BUT, as IRMK changes each association, there is no point!!! IMPOSSIBLE to know the STA. Copying the IRMA and Hash from a previous association does not work, as the IRMK has been changed. Submission Slide 16 Graham Smith, SR Technologies

17. Nov 2021 doc.: IEEE 802.11-21/1585r11 Reduce the IRMK size? As the IRMK is changed on every association, it could be made shorter. The important criteria are: Chance of wrong key 2b/2 Chance of picking two the same 2b/2 For example, assume IRMK is 64 bits (8 octets) Chance of wrong key 3x108 After IRMK Check effectively reduced to 256 with 1 teraHash calculations per second (1012) takes 1 days on average to brute strength find the key. However finding the key does not help as the key changes once associated Submission Slide 17 Graham Smith, SR Technologies

18. Nov 2021 doc.: IEEE 802.11-21/1585r11 STA details IRM enables the AP to identify the STA, i.e. STA 123 AP can exchange frames or higher layer APP can then associate STA 123 with some other specific details/IDs Membership ID , customer ID, guest ID, family member, employee ID, etc. Submission Slide 18 Graham Smith, SR Technologies

19. Nov 2021 doc.: IEEE 802.11-21/1585r11 Advantages A different Random MAC can be used even when returning to same ESS more privacy! Even though STA indicates Known , No way a 3rdparty can know if same STA (unlike same MAC address for same AP ) MAC address and IRM Hash field values change every time. The last associated IRMK stays constant at the AP. An IRM STA can still choose to use private random MAC If no IRM Hash field, then private MAC address in use. STA changes IRMK at every association Changed when associated. Hence even if brute force were practical to find IRMK, if changed, impossible to spoof or know if same STA reassociates AP still knows that it is STA X even though IRMK has changed AP can store and long list but can request a new IRMK if No IRMK found IRMK Check down selects the list by a factor of 256 AP can request IRMK but must provide a reason STA can be identified pre-association AP can check stored IRMKs as soon as Association Request received OR wait for association STA can send IRMK-ANQP element No reference to any real address or real ID Spoof attacks are nullified Very flexible, easy to add Action frames NOTE: Compatible with the ID Action frames. Provides an ID that solves many Use Case problems created by RCM Submission Slide 19 Graham Smith, SR Technologies

20. Nov 2021 doc.: IEEE 802.11-21/1585r11 IRM Text Document 21/1673 is the working document for the accompanying text Submission Slide 20 Graham Smith, SR Technologies

21. Nov 2021 doc.: IEEE 802.11-21/1585r11 QUESTIONS?? Submission Slide 21 Graham Smith, SR Technologies

22. Nov 2021 doc.: IEEE 802.11-21/1585r11 Straw Poll Do you agree that an Identifiable Random MAC scheme, along the lines as described in <this document>, should be included in the TGbh Amendment? Submission Slide 22 Graham Smith, SR Technologies