1 / 11

Context BlockLeasing

Context BlockLeasing. Martin Lefkowitz, Texas Instruments. Context Block Leasing Definition. A mechanism to facilitate fast handoff The STA “pushes” the Security Information to the new AP before association.

kalani
Télécharger la présentation

Context BlockLeasing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Context BlockLeasing Martin Lefkowitz, Texas Instruments Martin Lefkowitz, Texas Instruments

  2. Context Block Leasing Definition • A mechanism to facilitate fast handoff • The STA “pushes” the Security Information to the new AP before association. • The Old AP sends the Security Information to the New AP based on the STA’s request while it is still associated with the Old AP Martin Lefkowitz, Texas Instruments

  3. Context Block Leasing Benefits • Context Block Leasing is an incremental step over Current TGi key Key derivation. • Relies on TGf, with some modifications • Uses the security of the current association, as well as AP to AP TBD security. • No new protocol requirements on STA during scan. • No new protocol requirements on AP accepting unicast traffic from a unassociated STA Martin Lefkowitz, Texas Instruments

  4. Context Block Leasing Benefits Continued • Does not require any new centralized entity, to perform fast handoff. • Does not matter whether the STA is sends an Associate or Reassociate message to the new AP. • STA may use security policy of new AP candidate in roaming selection Martin Lefkowitz, Texas Instruments

  5. Context Block Leasing Overview • When a STA associates an DMK is generated to encrypt current traffic. • A second “transfer” DMK is generated. • Roaming consideration at Santa Barbara. • After a Scan an Associated and Authenticated STA may decide to tell the AP to send it’s transfer DMK as a context block to another AP for a specific amount of time. • Time related to STA manufacturer’s roaming and scanning algorithm (~15 seconds * 2) • AP’s verify credentials, then the transfer DMK is passed from the old AP to new AP using the Context Block of TGf. Martin Lefkowitz, Texas Instruments

  6. Context Block Leasing Overview Cont. • Potential New APs sends confirmation back to Current AP. • Potential New AP has the option of denying the lease. • Potential new AP may not have the resources to keep the context block for the period of time specified in the message • Potential New AP may not support Context Leasing. • Potential New AP fails security check. • Current AP sends back results to STA. • STA uses results in it’s roaming decision. • The STA may decide to roam to a less desirable signal strength, but more desirable security policy. Martin Lefkowitz, Texas Instruments

  7. Context Block Leasing Does Not: • Negate the need for New AP to “pull” Security context from old AP. • STA’s can abruptly disassocate at any time • before Context Lease process has started or finished. • Best, or only, AP candidate may deny lease. • To facilitate fast handoff in any fashion the Reassociate message must be used. • Confine the key handoff or secure roaming algorithm. Martin Lefkowitz, Texas Instruments

  8. Implementation Overview • STA scans and finds best possible candidate(s) to roam to. • STA sends context lease request message with destination of RSN enabled AP. • Containing: • Mac Address of AP Candidate • Context Lease Time Martin Lefkowitz, Texas Instruments

  9. Martin Lefkowitz, Texas Instruments

  10. What Needs to Be Done? • New Messages defined between AP and STA for context Lease. • Management? • Data? • Time limitations for context lease • New Messages need to be defined in TGf to support Context Leasing • Ensure that TGf maintains the level of security required via lobbying for modifications where necessary Martin Lefkowitz, Texas Instruments

  11. Discussion/Questions • Preshared security context for non radius installations? • AP to STA Context lease communication • Management or Data messages? • How secure is key handoff? • Can this fit into other secure roaming schemes? Martin Lefkowitz, Texas Instruments

More Related