IEEE 802.11-25/0819r0 AMP Security Follow-up Discussion

may 2025 n.w
1 / 13
Embed
Share

Explore the recap and key generation methods for AMP security in IEEE 802.11-25/0819r0 document. Detailed discussions on authentication, key generation, and secure communication protocols are covered. Stay informed about the latest developments in AMP security enhancements.

  • IEEE
  • Security
  • Key Generation
  • Communication
  • Authentication
rayaanacharya
rizz_yde Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. May 2025 doc.: IEEE 802.11-25/0819r0 AMP Security follow up Date: 11 May 2025 Name Affiliation Address Phone Email Rojan Chitrakar rojan.chitrakar@huawei.com Lei Huang Huawei Singapore Ian Bajaj Rojan Chitrakar (Huawei

  2. May 2025 doc.: IEEE 802.11-25/0819r0 Recap (1/2) Authentication and Key generation for AMP STAs were discussed in [1], [2], [3], [4]. [1] proposes using the SAE during AMP message exchanges to generate the security keys to be used in AMP communication. [2] proposes to generate the security keys to be used in AMP communications using pre-shared keys. Rojan Chitrakar (Huawei Slide 2

  3. May 2025 doc.: IEEE 802.11-25/0819r0 Recap (2/2) [3] proposes generating PMK infrequently/only when needed. PTK is derived from the PMK to be used in AMP communication. [4] proposes using PMK generated during offline onboarding to derive PTK to be used in AMP communication Rojan Chitrakar (Huawei Slide 3

  4. May 2025 doc.: IEEE 802.11-25/0819r0 Key Generation - 1 Many non-AP AMP STAs (e.g., Active Tx non-AP AMP STA) can be expected to be in operation for long time (years). For such STAs, it is desirable that the PMK can be replaced in-band as needed (instead of out-of-band during onboarding etc.). Simpler methods of deriving PMK from pre-installed Pre-shared Key (PSK) can be used, e.g., Password-Based Key Derivation Function (PBKDF). Assumption: A Pre-shared key (e.g., 256 bits) is pre-programmed on both AMP AP and non-AP AMP STA. Using a Password-Based Key Derivation Function (PBKDF), Hash-String || transmitter's ID || receiver's ID are hashed 2NumRepetition times using the PSK, to produce a PMK-length bits Pairwise Master Key (PMK) . Rojan Chitrakar (Huawei Slide 4

  5. May 2025 doc.: IEEE 802.11-25/0819r0 Key Generation - 2 PMK Generation (first time or for update): 1) Info required for PMK generation: NumRepetition: Number of hash repetition to be performed PMK-Length: Length of the PMK (e.g.,0: 128-bits, 1: 256-bits) Anonce for PTK generation (from the PMK) In Message 1, AMP AP provides: 2) Non-AP AMP STA generates PMK (based on Message 1) and derives PTK from it and sends Message 2 carrying a SNonce and a MIC generated using the PTK. 3) Upon receiving Message 2, AMP AP generates PMK and derives PTK from it and verifies the MIC in Message 2 using the PTK. If the MIC verification succeeds, it saves the PMK and PMKID and sends a frame to confirm the keys: Either explicitly using Message 3 carrying a MIC Or, implicitly by including a MIC in a protected AMP frame. 4) If the MIC in the received AMP frame is verified correctly using the PTK, the non-AP AMP STA saves the PMK and PMKID. Example: PMK = 2NumRepetition times (SHA-128(PSK, Hash-string || Min(ID1, ID2) || Max(ID1, ID2)) Here, Hash-string = AMP PMK Generation ID1 = AMP AP s MAC Address, ID2 = non-AP AMP STA s MAC Address Rojan Chitrakar (Huawei Slide 5

  6. May 2025 doc.: IEEE 802.11-25/0819r0 Key Generation - 3 PTK Generation (from an existing PMK): 1) PMKID corresponding to a PMK Anonce for PTK generation In Message 1, AMP AP provides: 2) Upon receiving Message 1, Non-AP AMP STA retrieves the PMK (based on PMKID) and derives PTK from it and sends Message 2 carrying a SNonce and a MIC generated using the PTK. 3) Upon receiving Message 2, AMP AP derives PTK from PMK and verifies the MIC in Message 2 using the PTK. If the MIC verification succeeds, it saves the PTK and sends a frame to confirm the PTK: Either explicitly using Message 3 carrying a MIC Or, implicitly by including a MIC in a protected AMP frame. 4) If the MIC in the received AMP frame is verified correctly using the PTK, the non-AP AMP STA saves the PTK. Example: PTK = HMAC-SHA-1 (PMK, "AMP Pairwise Key expansion", Min(ID1, ID2) || Max(ID1, ID2) || Min(ANonce, SNonce) || Max(ANonce, SNonce)) Rojan Chitrakar (Huawei Slide 6

  7. May 2025 doc.: IEEE 802.11-25/0819r0 Cryptographic protocol Due to its simplicity and wide use in 802.11, we propose that CCMP is used both* for encryption and authentication of AMP frames. For authenticated AMP frame, the FCS field carries the MIC but the frame body is not encrypted. If Encrypted = 1, content of Frame Body is encrypted, else it is in plain text. FCS field carries the MIC Indicates protected AMP frame 0: Authenticated 1: Encrypted Rojan Chitrakar (Huawei Slide 7

  8. May 2025 doc.: IEEE 802.11-25/0819r0 Conclusion In this contribution we shared our thoughts regarding AMP Security: 1) A new PMK is generated using the same frame exchange used for PTK generation. Once verified, the new PMK is used for PTK derivation. 2) The same cryptographic protocol (e.g., CCMP) is used both for authentication and encryption of AMP frames. Rojan Chitrakar (Huawei Slide 8

  9. May 2025 doc.: IEEE 802.11-25/0819r0 SP 1 Do you agree to add the following text to TGbp SFD? 802.11bp defines a mechanism to generate a Pairwise Master Key (PMK) and a Pairwise Transient Key (PTK) at a non-AP AMP STA to support secure communication, where: o An AMP AP transmits a first downlink AMP frame containing NumRepetition, PMK-Length and an ANonce. o After receiving the first downlink AMP frame from the AMP AP, the non-AP AMP STA generates a PMK, a PMKID and an SNonce. o The non-AP AMP STA generates a Pairwise Transient Key (PTK) using the ANonce, the SNonce, and the PMK. Rojan Chitrakar (Huawei Slide 9

  10. May 2025 doc.: IEEE 802.11-25/0819r0 SP 2 Do you agree to add the following text to TGbp SFD? 802.11bp defines a mechanism to generate a Pairwise Master Key (PMK) and a Pairwise Transient Key (PTK) at a non-AP AMP STA to support secure communication, where: o After generating a PMK and a PTK in response to the first downlink AMP frame carrying an ANonce, the non-AP AMP STA generates a first MIC using the PTK and transmits an uplink AMP frame carrying the SNonce and the first MIC. o After receiving the uplink AMP frame from the non-AP AMP STA, the AMP AP generates a PMK, and a PMKID. o The AMP AP generates a Pairwise Transient Key (PTK) using the ANonce, the SNonce, and the PMK and verifies the first MIC using the PTK. o If the first MIC is verified, the AMP AP saves the PMK and PMKID, generates a second MIC and transmits a second downlink AMP frame carrying the second MIC to the non-AP AMP STA. Rojan Chitrakar (Huawei Slide 10

  11. May 2025 doc.: IEEE 802.11-25/0819r0 SP 3 Do you agree to add the following text to TGbp SFD? 802.11bp defines a mechanism to generate a Pairwise Master Key (PMK) and a Pairwise Transient Key (PTK) at a non-AP AMP STA to support secure communication, where: o After receiving the second downlink AMP frame carrying the second MIC, the non-AP AMP STA verifies the second MIC using the PTK. o If the second MIC is verified, the non-AP AMP STA saves the PMK and PMKID. Rojan Chitrakar (Huawei Slide 11

  12. May 2025 doc.: IEEE 802.11-25/0819r0 SP 4 Do you agree to add the following text to TGbp SFD? CTR with CBC-MAC protocol (CCMP) is used both for data confidentiality (i.e., encryption) and authentication of AMP frames. Rojan Chitrakar (Huawei Slide 12

  13. May 2025 doc.: IEEE 802.11-25/0819r0 References [1] IEEE 802.11-24/178r0, Security considerations in ambient power communications, Hui Luo [2] IEEE 802.11-24/1203r0, Authentication and Security transaction for AMP, Chuanfeng He [3] IEEE 802.11-24/1548r2, Thoughts on security for AMP , Rojan Chitrakar [4] IEEE 802.11/24/2112r0, Secure E2E Operation for AMP, Sanket Kalamkar Rojan Chitrakar (Huawei Slide 13

Related


Taxation and Reporting of Futures and Options (F&O) Transactions

Taxation and Reporting of Futures and Options (F&O) Transactions

chaim
Strengthening Uganda's National M&E System through UEA Evaluation Strategies

Strengthening Uganda's National M&E System through UEA Evaluation Strategies

rowe
Op-Amp Output Swing Limitations in Linear Applications

Op-Amp Output Swing Limitations in Linear Applications

mhens
AMP Link Access Modes in IEEE 802.11-24 Presentation

AMP Link Access Modes in IEEE 802.11-24 Presentation

crue_436
Energy Harvesting Operation Procedures for AMP Devices in WLAN

Energy Harvesting Operation Procedures for AMP Devices in WLAN

tas_fur
Empowering Researchers: Understanding Service Centers and F&A Distribution

Empowering Researchers: Understanding Service Centers and F&A Distribution

rayd_9
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Best Fracture Finger & Metacarpal Fractures Treatment Clinic in North London

Best Fracture Finger & Metacarpal Fractures Treatment Clinic in North London

Nagamani
Kaipara District Council Reserves and Open Spaces Draft AMP 2018/2028 Overview

Kaipara District Council Reserves and Open Spaces Draft AMP 2018/2028 Overview

petr_924
Unified AMP Terminology Proposal for IEEE 802.11-00/0000r0 Standard

Unified AMP Terminology Proposal for IEEE 802.11-00/0000r0 Standard

haro_134
- Title: IEEE 802.11-24/0479r2 AMP PAR Comments & Resolutions

- Title: IEEE 802.11-24/0479r2 AMP PAR Comments & Resolutions

aza_me
Outsourced R&D and GDP Growth: Insights on Research and Development

Outsourced R&D and GDP Growth: Insights on Research and Development

ber_cam
Feasibility of AMP WiFi Reader for Close-Range Applications

Feasibility of AMP WiFi Reader for Close-Range Applications

sur_zoe
Supporting AMP IoT Devices in WLAN

Supporting AMP IoT Devices in WLAN

jmoon
Op-Amp Specifications and Testing

Op-Amp Specifications and Testing

yuri_825
F&A Rates in Research Projects

F&A Rates in Research Projects

paul_n
Proposed Scheme for AMP Device Power Status Reporting

Proposed Scheme for AMP Device Power Status Reporting

cwirk
Discussion on Ultra-Low Power Timing Clock in AMP Devices

Discussion on Ultra-Low Power Timing Clock in AMP Devices

georg
AMP Open Service Period for Energy-Efficient Communication

AMP Open Service Period for Energy-Efficient Communication

maly934
Introduction to Network Security and Information Security

Introduction to Network Security and Information Security

korf_ynn
Ideal Op-Amp Circuits for Signal Processing

Ideal Op-Amp Circuits for Signal Processing

jou_wh
AMP Close-range WiFi Reader Study

AMP Close-range WiFi Reader Study

jen_ili

More Related Content