Varying PMKID and SAE Password Identifier Method Overview

feb 2023 n.w
1 / 8
Embed
Share

Learn about a proposed method to vary PMKID and SAE password identifier in the IEEE 802.11-23/0168r0 document for enhanced wireless security and privacy. The method aims to prevent eavesdroppers from distinguishing authentication and reassociation exchanges, ensuring robust network protection. Discover insights into PMKID and SAE password ID generation, maintenance, and derivation following successful associations. Explore how the STA and AP generate new PMKIDs and SAE password IDs to enhance network security.

  • Wireless Security
  • IEEE 802.11
  • PMKID
  • SAE Password
  • Network Privacy
rayaanacharya
kreitzer_k Follow

Uploaded on | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Feb 2023 doc.: IEEE 802.11-23/0168r0 Varying PMKID and SAE password ID Date: 2023-2-2 Authors: Name Affiliation Address Phone Email Chaoming Luo Liuming Lu Pei Zhou luochaoming@oppo.com OPPO Submission Slide 1 Chaoming Luo (OPPO)

  2. Feb 2023 doc.: IEEE 802.11-23/0168r0 Introduction A method to vary PMKID and SAE password identifier is proposed. Submission Slide 2 Chaoming Luo (OPPO)

  3. Feb 2023 doc.: IEEE 802.11-23/0168r0 Recap: requirement R1: 11bi shall define a mechanism to prevent an eavesdropper distinguishing whether authentication exchanges between CPE Clients and CPE AP use identical SAE credentials or distinct SAE credentials (where a CPE AP supports multiple SAE credentials). R2: 11bi shall define a mechanism to prevent an eavesdropper distinguishing whether reassociation exchanges between CPE Clients and CPE APs use identical PMK or distinct PMK. Submission Slide 3 Chaoming Luo (OPPO)

  4. Feb 2023 doc.: IEEE 802.11-23/0168r0 Discussion: PMKID Following full association, PMKID is transmitted by the Client in the clear prior every reassociation (until the Client performs another association) to identify the PMK. o 12.6.1.1.2 PMKSA: The PMKSA is created by the Authenticator s SME and Supplicant s SME when EAP authentication, SAE authentication, FILS authentication, or an OWE exchange completes successfully, or when the PSK is configured. o 12.6.1.1.2 PMKSA: The PMKID derived from the KCK during the initial 4- way handshake is not changed during the lifetime of the PMKSA. In short, PMKID exists per tuple <AP, Client, association>. An AP may maintain multiple PMKIDs for different Clients; A Client may maintain multiple PMKIDs for different APs. 21/1697r0 proposed a good method to derive a new PMKID after every reassociation (PMK keeps no change), so that it exists per tuple <AP, Client, reassociation>. Submission Slide 4 Chaoming Luo (OPPO)

  5. Feb 2023 doc.: IEEE 802.11-23/0168r0 Discussion: SAE password ID The SAE password identifier, is used to identify different passwords. By default, a BSS has one SAE password and one SAE password ID. However, it is possible that a BSS maintains multiple SAE password and SAE password IDs, and even further, each SAE password could have multiple IDs. o Clause 12.4.4.2.3: when Hash-to-element generation of the password element with ECC groups is used, a password identifier may be used. o Clause 12.4.4.3.3: when direct generation of the password element with FFC groups, a password identifier may be used. o pwd-seed = HKDF-Extract ( ssid, password [ || identifier ] ) A similar method as deriving PMKID could be considered to derive SAE password ID per tuple <AP, Client, reassociation> using PTK. Submission Slide 5 Chaoming Luo (OPPO)

  6. Feb 2023 doc.: IEEE 802.11-23/0168r0 Proposal PMKID: as proposed by 21/1697r0, the STA and AP generate a new PMKID at each successful (re)association. Each PMKID is derived using the PTK (detail algorithm is TBD). SAE password ID: the STA and AP generate a new SAE password ID at each successful (re)association. Each SAE password ID is derived using the PTK (detail algorithm is TBD). Submission Slide 6 Chaoming Luo (OPPO)

  7. Feb 2023 doc.: IEEE 802.11-23/0168r0 SP 1 Do you agree 11bi shall incorporate the proposed method describe in slide 6? Y/N/A Submission Slide 7 Chaoming Luo (OPPO)

  8. Feb 2023 doc.: IEEE 802.11-23/0168r0 Reference [1] P802.11REVme_D2.1 [2] 11-21-1848-16-00bi-requirements-document [3] 11-21-1697-00-00bi-mac-privacy-and-pmksa-caching [4] 11-22-0107-02-00bi-initial-privacy-enhancement- requirements Submission Slide 8 Chaoming Luo (OPPO)

Related


Unlocking Solutions: Addressing QuickBooks Company File Incorrect Password Issue

Unlocking Solutions: Addressing QuickBooks Company File Incorrect Password Issue

paxton1
Cybersecurity Best Practices for Password Protection and Incident Response

Cybersecurity Best Practices for Password Protection and Incident Response

aarav
Device Settings and Strong Passwords for Digital Citizenship

Device Settings and Strong Passwords for Digital Citizenship

urban
Strengthen Your Digital Literacy with Strong Password Strategies

Strengthen Your Digital Literacy with Strong Password Strategies

eleonora
Promote Feature Adoption with Self-Service Password Reset Posters

Promote Feature Adoption with Self-Service Password Reset Posters

aster
Automated Driving Systems Taxonomy & Definitions - SAE J3016 Overview

Automated Driving Systems Taxonomy & Definitions - SAE J3016 Overview

zariah
Safely Logging Password-Derived Measurements for Web Login Systems

Safely Logging Password-Derived Measurements for Web Login Systems

mar_ech
Guide to Logging in and Setting Up Core-CT for the First Time

Guide to Logging in and Setting Up Core-CT for the First Time

alligood_l
State Apprenticeship Expansion (SAE) 2020 Grant Program Round 2 Pre-Bid Webinar

State Apprenticeship Expansion (SAE) 2020 Grant Program Round 2 Pre-Bid Webinar

nicolai_t
Exemplary SAE Project Application Guidelines

Exemplary SAE Project Application Guidelines

kvans
SAE J1772 and OpenEVSE in Electric Vehicle Charging

SAE J1772 and OpenEVSE in Electric Vehicle Charging

eeste
Best Practices for Secure Password Storage - OWASP Foundation Guidelines

Best Practices for Secure Password Storage - OWASP Foundation Guidelines

jmull
Techniques and Tools for Offline Password Cracking

Techniques and Tools for Offline Password Cracking

gemm
Fine-Grained Password Policies in Active Directory

Fine-Grained Password Policies in Active Directory

jasmarie
Password Security: Techniques and Best Practices

Password Security: Techniques and Best Practices

mnis
Protecting Password Identifiers in IEEE 802.11-21

Protecting Password Identifiers in IEEE 802.11-21

stiefel_j
Password Guessability Metrics in Real-World Security

Password Guessability Metrics in Real-World Security

day_lam
Self-Service Password Reset Instructions for Staff Members

Self-Service Password Reset Instructions for Staff Members

gtwom
Guide to Logging into Your Chromebook

Guide to Logging into Your Chromebook

mspiv
Enhancing Wi-Fi Security with User-Friendly WPA3 Passwords

Enhancing Wi-Fi Security with User-Friendly WPA3 Passwords

alipm
Spatial Microsimulation Methods for Small Area Estimation

Spatial Microsimulation Methods for Small Area Estimation

starlet
Implementing AJAX Confirm Button Extender & Password Strength Extender

Implementing AJAX Confirm Button Extender & Password Strength Extender

hshr

More Related Content