Protected LMR Transmission Issues in IEEE 802.11-20-0797-00-00az Document
This document discusses issues related to losing protected management frames in IEEE 802.11 transmissions, presenting solutions for coordinating LMR transmissions, replay counters, and potential buffering problems. Addressing challenges in transmitting LMR/FTM frames, the submission outlines scenarios affecting ranging sequences and proposes strategies to mitigate frame loss and ensure successful communication.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
May 2020 doc.: IEEE 802.11-20-0797-00-00az LMR/FTM Replay Counter Date: 2020-05-27 Authors: Name Ali Raissinia Affiliations Qualcomm Inc. Address Phone 408-410-6328 email alirezar@qti.qualcomm.com nehru.bhandaru@broadcom.com Nehru Bhandaru Broadcom Submission Slide 1 Ali Raissinia
May 2020 doc.: IEEE 802.11-20-0797-00-00az Abstract This submission outlines an issue with losing protected Management frames that are pending or retried around a ranging frame sequence A few options to address the issue are presented Submission Slide 2 Ali Raissinia
May 2020 doc.: IEEE 802.11-20-0797-00-00az Protected LMR Transmission Issues LMR transmissions are hard to coordinate at transmitter as in both TB and Non-TB, there s a constraint as to when the LMR frame(s) ought to be transmitted In Non-TB case, ISTA initiates the sequence and RSTA needs to deliver LMR before sequence ends regardless of the status of prior protected management frame transmission Pending Protected management frame would need to be retransmitted so if LMR uses the next PN number it essentially results in loosing that frame LMR frame uses Protected Management Frame Reply counter to accept a new frame In case when I2R LMR is also negotiated, ISTA can have the same issue A protected LMR may be queued ahead of time of measurement and other protected management frames may need to be transmitted. Similarly, in TB case RSTA needs to begin the sequence upon arrival of Availability Window and transmit LMR frame before sequence ends regardless of the status of prior protected management frame transmission Similarly ISTA if I2R LMR is negotiated to be sent TB Passive ranging does NOT need LMR Replay counter for Primus & Secundus frames since they re sent in clear Submission Slide 3 Ali Raissinia
May 2020 doc.: IEEE 802.11-20-0797-00-00az Protected LMR Transmission Issues Depending on the implementation, buffering can also become another potential issue with LMR/FTM Case-1 Delayed LMR/FTM stored in protected management logical queue while it also contains two additional frames ahead Ranging measurement sequence begins (NTB/TB/DMG) LMR/FTM must be transmitted within the ranging sequence LMR/FTM taken out of the queue for transmission Outcome results in two protected management frames be dropped since the receiver updates its replay counter with LMR/FTM s PN number Case-2 Delayed LMR/FTM stored in head of the queue with one or more additional protected management frames behind Expected ranging sequence does not occur TB poll not rcvd, NTB NDPA not rcvd, DMG FTM Trig not rcvd Outcome results in head of line (HOL) blocking unless LMR/FTM frame deleted & regenerated later trying to guesstimate when its ranging sequence starts LMR/FTM PM2 PM1 Case1 PM2 PM1 LMR/FTM Case2 Submission Slide 4 Ali Raissinia
May 2020 doc.: IEEE 802.11-20-0797-00-00az Options to Consider Lose pending protected management frames Should avoid this solution as we don t want to imply 11az is impacting baseline standard Remove the constraint of transmitting LMR/FTM from the ranging sequence Undesired outcome as it impacts device power save & use case performance Add new Replay counter(s) specifically for LMR/FTM transmissions (Preferred) Decouple other protected management frame transmissions from LMR/FTM Each kind would have its own replay counter and can be re-ordered independently Pending management frame can be retransmitted after sequence ends Baseline standard has 16 replay counters (data) decoupling frame transmissions based on ACs/TIDs, additional counters for protected management frame (unicast/QMF, Multicast, Beacons) so LMR replay counter(s) would be additional Need unicast LMR/FTM replay counters Have a different Key & PN number space exclusive for LMR Lot of security spec work that is likely to be scrutinized and delay 11az spec adoption Implementation Overhead Submission Slide 5 Ali Raissinia
May 2020 doc.: IEEE 802.11-20-0797-00-00az Design constraints with LMR/FTM Replay Counter Need replay checking based on Type + Subtype (i.e., Action/Action+noAck) + Action Category (Protected Dual) + Action field (i.e., LMR/FTM) Type/Subtype fields are in clear Category field encrypted hence only identified after decryption Some implementation perform decryption plus replay protection inline in HW hence adding a new replay counter for frames matching the 4-tuple might be an issue A possible solution is to use Reserved/Extensive Subtypes for protected LMR/FTM frames For ease of RX parsing use a new Action Category (Table 9-53 Category values) Code Meaning Subclause Robust Group addressed privacy <ANA-PRM> Protected Ranging Frame (LMR/FTM) TBD Yes No Submission Slide 6 Ali Raissinia
