Feasibility Study of FIA

1. Feasibility Study of FIA Authors: Date: 2010-07-12 Hitoshi Morioka, ROOT INC.

2. Abstract • This presentation introduces a feasibility of FIA. Hitoshi Morioka, ROOT INC.

3. Large number of STAs are constantly entering and exiting the coverage area of an AP within an existing ESS at pedestrian speed. Every STA passes through the coverage area in a short time. The authentication process specified by IEEE 802.11 limits STAs to fully exploit the system capacity  A faster initial authentication is needed FIA aims at amending IEEE 802.11 with a fast initial authentication mechanisms which scales with a high number of users simultaneously entering a ESS supports a very small dwell time in coverage area of a ESS securely provides initial authentication Use Case Scenario Walk Hitoshi Morioka, ROOT INC.

4. Sequence of Establishing Connection • Discover an appropriate AP • Channel Scanning, Probe, IEEE 802.11u… • WLAN association • Authentication, Association… • Upper layer setup • DHCP… Out of scope: It’s sufficient by current IEEE 802.11 specification. Channel scanning is an implementation Issue, so it does not need standardization. Our scope Out of scope: It’s out of scope of IEEE 802.11 Hitoshi Morioka, ROOT INC.

5. How to solve the issues • Each management frames needs overhead such as preamble, IFS, headers, ACK, etc… • 60% of air-time is consumed by the overhead for each frame. • Reducing overhead is difficult because of coexistence with existing system. • Reducing number of frame exchanges is effective. Preamble FCS CW Ack Data DIFS SIFS PLCP Header MAC Header Hitoshi Morioka, ROOT INC.

6. Protocol Sequence to Establish a Connection to the Internet by IEEE802.11i ( PEAP/EAP-MSCHAPv2) and DHCP STA AP 14 round trip 2ms/oneway: 56ms Total: 166ms RADIUS Probe Authentication 11 round trip 5ms/oneway: 110ms Association PEAP /EAP-MSCAPv2 (11 round trip) DHCP is also slow. So we’ll propose anew protocol in IETF DHCP (2 round trip) DHCP Server Hitoshi Morioka, ROOT INC.

7. Protocol Sequence to Establish a Connection to the Internet by FIA STA AP RADIUS Total: 14ms 1 round trip 2ms/oneway: 4ms 1 round trip 5ms/oneway: 10ms Beacon FIA Connection established • FIA functions • Authentication • Key exchange • in one round trip time. Technical details were presented and discussed in WNG SC. (10/361r1) Hitoshi Morioka, ROOT INC.

8. Security Feasibility • An example FIA protocol was evaluated and compared with IEEE 802.11i by security experts. • Yoshiaki Hori, Kouichi Sakurai, “Security Analysis of MIS Protocol on Wireless LAN comparison with IEEE802.11i,” Proceedings of the 3rd international conference on Mobile technology, applications & systems, 2006, ISBN:1-59593-519-3http://portal.acm.org/citation.cfm?id=1292344 • Ilsun You, Yoshiaki Hori, Kouichi Sakurai, "Toward Formal Analysis of Wireless LAN Security with MIS protocol," International Journal of Ad Hoc and Ubiquitous Computing, accepted for publication • Well-known Yahalom protocol is also evaluated. Hitoshi Morioka, ROOT INC.

9. Yahalom Protocol • Yahalom protocol is an authentication and secure key sharing protocol. • The protocol is originally introduced by M. Burrow, M. Abadi and R. Needham in 1989.[1] Hitoshi Morioka, ROOT INC.

10. Yahalom Protocol Sequence • A and B are identities of A and B respectively. • KAS is a symmetric key known only to A and S. • KBS is a symmetric key known only to B and S. • NA and NB are nonces generated by A and B respectively. • KAB is a symmetric generated key, which will be the session key of the session between A and B. A B S A, NA B, {A, NA, NB}KBS {B, KAB, NA, NB}KAS, {A, KAB}KBS {A, KAB}KBS, {NB}KAB Hitoshi Morioka, ROOT INC.

11. Strengthened Yahalom Protocol Sequence • A and B are identities of A and B respectively. • KAS is a symmetric key known only to A and S. • KBS is a symmetric key known only to B and S. • NA and NB are nonces generated by A and B respectively. • KAB is a symmetric generated key, which will be the session key of the session between A and B. A B S A, NA B, NB, {A, NA}KBS NB, {B, KAB, NA}KAS, {A, B, KAB, NB}KBS {A, B, KAB, NB}KBS, {NB}KAB Hitoshi Morioka, ROOT INC.

12. Yahalom Evaluation • Yahalom protocol is evaluated by many security experts.[2][3][4] • L. C. Paulson proposed strengthened version.[4] • Strengthened Yahalom protocol is also evaluated. [5][6] Hitoshi Morioka, ROOT INC.

13. Summary • Technical feasibility of FIA has been shown in this presentation. • Reducing frame exchanges • Time Occupation • Security Hitoshi Morioka, ROOT INC.

14. Questions & Comments Hitoshi Morioka, ROOT INC.

15. References • M. Burrows, M. Abadi, and R. M. Needham. A logic of authentication. Proceedings of the Royal Society of London, 426:233–271, 1989. • D. Basin, S. Mo ̈dersheim, and L. Vigano`. OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 2004. • J. Guttman. Key compromise and the authentication tests. In Proc. MPFS, volume 17 of ENTCS, pages 1–21, 2001. • L.Paulson. Relations between secrets: Two formal analyses of the yahalom protocol. Journal of Computer Security, 9(3):197–216, 2001. • M. Backes, B. Pfitzmann. On the Cryptographic Key Secrecy of the Strengthened Yahalom Protocol. Proceedings of IFIP SEC 2006. • Kim-Kwang Raymond Choo. A Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model. The Computer Journal 2007 50(5):591-601. Hitoshi Morioka, ROOT INC.