1 / 7

Categorizing Mesh Action Frames

This document presents a refined categorization for mesh action frames to enhance security measures within wireless networks as defined by the 802.11w protocol. It addresses issues regarding the current lack of explicit categorization, proposing that all mesh action frames, excluding mesh peering management frames, should be classified as "Robust." Additionally, a new category, "Self Protected Action," is introduced for mesh peering management frames, ensuring security mechanisms are in place even before security associations are fully established.

lester
Télécharger la présentation

Categorizing Mesh Action Frames

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Categorizing Mesh Action Frames Authors: Date: 2009-09-20 Meiyuan Zhao, Intel Corporation Slide 1

  2. Abstract • This document explain the new categorization for mesh action frames • Propose resolution to comments CIDs 125, 352, 630, 782, 1172 Meiyuan Zhao, Intel Corporation

  3. Frame Categorization Issues • Current mesh action frames do not have explicit categorization as required by robust action frame protection in 11w • Public Action frames—public to any STA (in/out BSS) • Robust Action frames—assumes completely established security association (SA) • Protected Dual of Public Action frames—not protect with no SA and protected like Robust Action frames when SA established • Mesh peering management action frames are special since they can be sent before, during, and after security association establishment Meiyuan Zhao, Intel Corporation

  4. Proposed Resolution • All mesh action frames, except mesh peering action frames, are categorized as “Robust” • These frames can only be sent and received after mesh TKSA is established between the two mesh STAs • Relying on “Management Frame Protection” by 802.11w Robust frame protection mechanism to protect these frames • Define a new category: Self Protected Action • Protection mechanism should be provided by specific protocols that use these frames • Categorize Mesh Peering Management frames as “Self Protected” • Clarify MPM frames protection • Protected by AMPE when used by AMPE protocol • Protection not enabled when used by MPM protocol Meiyuan Zhao, Intel Corporation

  5. Rationale for Self Protected Action Category • Mesh Peering Management frames cannot be in “Robust” category • Robust action frames assume existence of a completely established security association • MPM frames are used for creation and destruction of SA, whether or not established yet • Mesh Peering Management frames cannot be in “Public” category • Public action frames are defined to allow inter-BSS and AP to unassociated-STA communications • Public action frames are not used for associated STAs; hence remain public to any STA; should not be protected • If define MPM frames as “public”, we introduce a dangerous concept that an action frames can be defined as “public”, but expect protection • MPM frames are meant to be used for creation and destruction of mesh peering (equivalent to association in BSS), whether or not established yet • The public nature of MPM frames is incidental • Mesh Peering Management frames cannot be in “Protected Dual of Public Action” category • Protection on these frames is off when Management Frame Protection is not negotiated • Protection on these frames relies on “Management Frame Protection” mechanism • MPM frames needs protection even before Management Frame Protection is negotiated • AMPE provides integrity protection on MPM frames when executed Meiyuan Zhao, Intel Corporation

  6. Summary of Text Changes • Insert new category definition in Clause 3 (Definitions) • Update Table 7-24 (Category Values) • Insert a new category “Self Protected” • Mark all other mesh action frames as “Robust” • Insert new subclause 7.4.9b to define Self Protected Action frames • Mesh Peering Open, Mesh Peering Confirm, Mesh Peering Close frames in this new category • New text to specify protection on these frames • Update clause 7.4.12 to reflect changes of categorization Meiyuan Zhao, Intel Corporation

  7. References • Draft 802.11s D3.03 • Draft 802.11w D10.0 • Draft 802.11REVmb D1.0 • Doc.:P802.11-09/0962r0 (Normative Text) Meiyuan Zhao, Intel Corporation

More Related