1 / 5

VFF Roaming

VFF Roaming. Keith Amann, Spectralink Pat Calhoun, Airespace Darwyn Engwer, Nortel Networks Kevin Hayes, Atheros Haixiang He, Nortel Networks Bob O’Hara, Airespace Dorothy Stanley, Agere Henry Ptasinski, Broadcom. Design Principle. Follows 802.11r scope/definition

josette-roux
Télécharger la présentation

VFF Roaming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VFF Roaming Keith Amann, Spectralink Pat Calhoun, Airespace Darwyn Engwer, Nortel Networks Kevin Hayes, Atheros Haixiang He, Nortel Networks Bob O’Hara, Airespace Dorothy Stanley, Agere Henry Ptasinski, Broadcom Calhoun et al.

  2. Design Principle • Follows 802.11r scope/definition • Transition time = first packet on new AP – last packet on old AP Calhoun et al.

  3. Key Circle EKC AAA KC 1 KC 3 Controller D-PMK Controller PMK DB-PMK D-PMK KC 2 PMK AP AP D-PMK AP AP AP DB-PMK D-PMK PTK PTK PTK PTK PTK Tightly coupled AP Loosely coupled AP Derived Key via PRF Calhoun et al.

  4. Key Exchange STA AP PMK Established <Roaming Event Occurs> AUTH (VFF, M1, ContextReq) AUTH (VFF, Come Back, MinTime, MaxTime) <AP fetches STA context> AUTH (VFF, M1, ContextReq) AUTH (VFF, OK, M2, MaxTime) AUTH (VFF, M3) AUTH (VFF, OK, M4, MaxTime, Key Lifetime, ContextAck) <PTK Established – Start of secure window> Authenticated (optional) Action() Assoc-Req (PTKID, RSNIE, Nonce, GTK, MIC) Assoc-Resp(PTKID, RSNIE, Nonce, MIC) XID Calhoun et al.

  5. Benefits • Pre-computation of Derived PMK values by both peers at each AP • Each BSSID has a cryptographically separate PMK for the same station (No PMK Sharing) • Introduces a hierarchy • Pre-computation of PTK prior to (re)association • STA driven authentication • Power saving & QOS benefits • Decoupling key exchange from associated state • Minimizes packet loss • Provides a framework for protected mgmt frames • Association is bound to the PTK • Association messages are MIC’ed • Provides key liveness • PMK lifetime is controlled by the AP and communicated to the STA • Bounds key liveness • Maintains the 4 way hand-shake • Optimizations are possible, but not described at this time Calhoun et al.

More Related