1 / 10

IEEE Std 802.10-1998 Proposed Revision

IEEE Std 802.10-1998 Proposed Revision. Purpose, Scope & 5 Criteria. Purpose.

jersey
Télécharger la présentation

IEEE Std 802.10-1998 Proposed Revision

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE Std 802.10-1998 Proposed Revision Purpose, Scope & 5 Criteria

  2. Purpose The purpose of this PAR is to update the Secure Data Exchange (SDE) Protocol specified in IEEE Std 802.10-1998, to accommodate newly identified security requirements for all current 802 MACs and delete unneeded header fields.

  3. Scope The scope of this PAR is to make changes to the format and processing of SDE PDUs to: • Accommodate replay protection • Integrity protect the Destination MAC address • Integrity protect additional header fields, particularly the VLAN tag, as needed The current PDU format and processing will have to be modified to incorporate a sequence number; the DA will have to be included in the computation of the ICV, and; the VLAN tag (and any other required header fields) will be included in the computation of the ICV, if protection is required by VLAN tagging rules (which are to be specified). In addition, an informative annex will be developed that discusses various scenarios for securing Layer 2 bridged networks and a normative annex will be developed that defines an SDE profile specifying a single interoperable SDE configuration that must be supported by all vendors claiming conformance to the revised SDE specification.

  4. SDE Header Format Modifications INTEGRITY PROTECTED ENCRYPTED DA SA CLEAR HEADER PROTECTED HEADER DATA PAD ICV Current Format STA ID FLAGS FRAG ID SEC LABEL SDE Des SAID MDF INTEGRITY PROTECTED ENCRYPTED DA SA VLAN TAG CLEAR HEADER PROTECTED HEADER DATA PAD ICV Revised Format SAID SEQ NO. MDF Pload EType FLAGS FRAG ID SEC LABEL

  5. 5 Criteria

  6. Broad Market Potential • Broad sets of applicability • Multiple vendors & numerous users • Balanced costs (LAN vs attached stations) • Security is applicable to most personal and business environments that utilize 802 Layer 2 products. Increased security awareness in the general user population has dramatically increased the demand for security in networks composed of 802 Layer 2 products. • Several hundred people representing more than a hundred companies attend various 802 working groups that require security support in their products. These currently include 802.3 (P2P & P2MP), 802.11 (WLAN), 802.15 (WPAN), 802.16 (WMAN), 802.17 (RPR), & 802.20 (MBWA). • 3. Layer 2 security can be implemented in either LAN devices or attached stations. Implementation of security in bridges is the most cost effective method, since many attached stations can be supported by a single bridge.

  7. Compatibility • The proposed revisions to IEEE Std 802.10-1998 are compatible with all current 802 MAC and bridging standards • There are no implementations of 802.10-1998, therefore backwards compatibility is not an issue • Revisions to 802.10-1998 will conform with 802 Overview & Architecture and 802 layer management, as appropriate

  8. Distinct Identity • Substantially different from other IEEE standards • One unique solution per problem • Easy for the document reader to select the relevant specification • There are no other 802-wide security standards. 802.11i security work is specific to 802.11 products, and is not intended to be a generic solution for all 802 MACs. PARs produced by the LinkSec ECSG will either support this effort, or be entirely distinct from it, but will not duplicate any of 802.10’s work. • The goal of the revisions to 802.10-1998 is to provide a unique security • solution that is applicable to all 802 MAC and bridging Standards. • The proposed effort is a revision to 802.10-1998, which will have a distinct document revision number (probably IEEE Std 802.10-2004)

  9. Technical Feasibility • Demonstrated system feasibility • Proven technology, reasonable testing • Confidence in reliability • Technological revisions to 802.10-1998 are simple and straight-forward. Similar constructs are being used in a variety of products and other standards efforts today. • Products supporting Internet standards that incorporate similar technology have been sold world-wide and have been thoroughly tested in the field. • As with many security Standards, reference implementations will have to be constructed to which compliance must be proven in order to achieve the necessary confidence.

  10. Economic Feasibility • Known cost factors, reliable data • Reasonable cost for performance • Consideration of installation costs • The goal of this project is to create a Layer 2 security mechanism that balances the cost of implementing data security with the cost and performance of the access technology. • 2. Security mechanisms have been incorporated in Layers 2, 3, 4, and 7 at a reasonable cost increment, in terms of both dollars and throughput. • 3. Any Layer 2 security mechanism may require additional infrastructure, depending on the type of key management mechanism selected. This translates into additional installation cost for equipment, software, and/or administration.

More Related