Potential L2 Security Options for UL BCS in IEEE 802.11-18

july 2018 n.w
1 / 8
Embed
Share

Explore potential Layer 2 security solutions for UL BCS in IEEE 802.11-18, addressing confidentiality, integrity, and DOS attack risks. Options include server address signing, L2 authentication, encryption, and combinations thereof.

  • Security Solutions
  • IEEE 802.11-18
  • Layer 2
  • Confidentiality
  • Integrity
rayaanacharya
aur_ker Follow

Uploaded on | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. July 2018 doc.: IEEE 802.11-18/1134r1 Potential L2 security options for UL BCS Date: 2018-07-02 Authors: Name Bahar Sadeghi Affiliations Address Intel Phone email Bahareh.sadeghi@intel.com Farid Adrangi Intel Dan Bravo Intel Laurent Cariou Intel Hitoshi Morioka SRC Software hmorioka@src-soft.com Marc Emmelmann Koden-TI emmelmann@ieee.org Slide 1 Submission Bahar Sadeghi, Intel

  2. doc.: IEEE 802.11-18/1134r1 July 2018 Abstract A full security threat analysis is in scope of TG. Depending on the result of the threat analysis, the TG may make the following conclusions: No L2 security needed L2 data encryption needed (Confidentiality) Verification of sender/destination address needed (Integrity) The following slides outline possible solutions. Note: the goal of this presentation is solely to provide potential solutions to facilitate the PAR and CSD development. The solution will be developed in TG. Note: replay attacks addressed in previous contribution Slide 2 Submission Bahar Sadeghi, Intel

  3. doc.: IEEE 802.11-18/1134r1 July 2018 UL Options Server Router AP STA Data Data Data Server Address Assumption: E2E security (confidentiality and/or integrity) is in place. However, there may be DOS attacks, severity and level of risk for DOS attacks need to be understood, depending on that one of these options may be considered Option 1: Server address & STA identity signed by CA Option 2: L2 authentication Option 3: L2 encryption Option 4: Option 1 + Option 3 Slide 3 Submission Bahar Sadeghi, Intel

  4. doc.: IEEE 802.11-18/1134r1 July 2018 Option 1: Server address is signed by CA Server Router AP STA Data Data Data Server Address Digital signature STA is pre-installed with the Server address & CA certificate With each packet transmission, STA includes the Server address signed by the CA AP verifies the STA identity/server address using the certificate before forwarding the data Bahar Sadeghi, Intel Slide 4 Submission

  5. doc.: IEEE 802.11-18/1134r1 July 2018 Option 2: L2 authentication Private Key Server Router AP STA Data Data Data Server Address Public Key STA is pre-installed with the Server address STA generates public/private key and signs the data (and server address) With each packet transmission, STA includes the public key AP verifies the STA using the public key before forwarding the packet. Note: mechanisms for verification of the public key by AP required Note: both STA & AP may use a shared secret key Bahar Sadeghi, Intel Slide 5 Submission

  6. doc.: IEEE 802.11-18/1134r1 July 2018 Option 3: L2 encryption Public Key Private Key Server Router AP STA Data encrypted Data Data Server Address STA is pre-installed with the Server address & a public key AP is pre-installed with a private key STA encrypts data (and server address) using the public key AP verifies the payload (and address) using the private key before forwarding the packet. Note: both STA & AP may use a shared key Note: If key update is needed STA may receive updated public key distributed by AP Bahar Sadeghi, Intel Slide 6 Submission

  7. doc.: IEEE 802.11-18/1134r1 July 2018 Option 4: Server address signed by CA and L2 encryption Public Key Private Key Server Router AP STA Data Data Data encrypted Server Address Digital signature AP is pre-installed with the CA certificate STA is pre-installed with the Server address & CA certificate STA & AP use a shared key or a pre-installed private/public key pair. Data transmissions are signed by private key AP uses shared/private key to decrypt the packet and verifies the STA identity, and the destination address using the certificate Bahar Sadeghi, Intel Slide 7 Submission

  8. doc.: IEEE 802.11-18/1134r1 July 2018 Summary One possible solution has been shown for different security requirements that may emerge from the security threat analysis to be conducted by TG. By use of digital signature by CA, the AP can a) Verify the identity of the STA b) Verify the destination (IP) address of the data is not corrupted c) Decide based on the signature / identity of the STA, whether to forward the packet d) Decide based on the server (IP) address if the packet should be forwarded Slide 8 Bahar Sadeghi, Intel Submission

Related


Airport Security Market to be Worth $25.27 Billion by 2031

Airport Security Market to be Worth $25.27 Billion by 2031

Kavya
KEERTHI SECURITY - Best Security Agencies In Bangalore

KEERTHI SECURITY - Best Security Agencies In Bangalore

KeerthiSecurity
Sens Security Your Premier Personal Security Firm

Sens Security Your Premier Personal Security Firm

Shivneil
Sens Security Your Premier Personal Security Firm

Sens Security Your Premier Personal Security Firm

Shivneil
Sens Security Your Premier Personal Security Firm

Sens Security Your Premier Personal Security Firm

Shivneil
Role of Security Champions in Organizations

Role of Security Champions in Organizations

irvin
EXIN BAF Exam Info: Syllabus | Questions | Study Guide

EXIN BAF Exam Info: Syllabus | Questions | Study Guide

Sienna1
security service solutions

security service solutions

Mirtunjay1
security service solutions

security service solutions

Mirtunjay1
Roles of a Security Partner

Roles of a Security Partner

zaara
Security in World Politics

Security in World Politics

eisenberg_k
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov
UIC Security Division Overview and International Activities

UIC Security Division Overview and International Activities

hadri
Automating Security Operations Using Phantom

Automating Security Operations Using Phantom

gwe_sad
HTTP Security Headers for Web Apps

HTTP Security Headers for Web Apps

pembroke_l
Modular Security Analysis for Key Exchange and Authentication Protocols

Modular Security Analysis for Key Exchange and Authentication Protocols

area290
Revolutionizing Security Testing with BDD-Security

Revolutionizing Security Testing with BDD-Security

sbre
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Security Testing and Architecture

Security Testing and Architecture

nataleaei
BCS Theory: Attractive Interaction and Ground State Analysis

BCS Theory: Attractive Interaction and Ground State Analysis

paislyki
Automatic Security Testing for Linux Enhancement

Automatic Security Testing for Linux Enhancement

hmyr
Unveiling Microscopic Origins of BCS Theory

Unveiling Microscopic Origins of BCS Theory

rogervi

More Related Content