1 / 10

Different MKD domain MPs communication method

Different MKD domain MPs communication method. Authors:. Date: 2008-07-09. Abstract. CID#1069,1070 , 505 bring forward the problem that two neighbor MPs authenticated through different MKD node could NOT build a secure link

tejano
Télécharger la présentation

Different MKD domain MPs communication method

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Different MKD domain MPs communication method Authors: Date: 2008-07-09 Changdong Fan, Amy Zhang, Huawei

  2. Abstract CID#1069,1070 , 505 bring forward the problem that two neighbor MPs authenticated through different MKD node could NOT build a secure link We present a method the distribute the keys for the two neighbor MPs to build up the secure link Changdong Fan, Amy Zhang, Huawei

  3. Agenda • Problem statement • Assumption • Solution Changdong Fan, Amy Zhang, Huawei

  4. Authentication through MKD B Problem statement AS wired network • MP ONLY binds with the MKD to do the key management • MKD could distribute the keys to MP which should do the initial authentication through the corresponding MKD • Multiple MKD may exist in the mesh network • Merging & faster startup • Distribution of load MKD A MKD B MP MP MP MP MP MP MP Changdong Fan, Amy Zhang, Huawei

  5. Assumption AS wired network • MKD could communicate with each other through mesh network • MKDs constitute ONE key management group • MKDs share one group key GK MKD B MKD A MP MP MP MP MP MP MP Changdong Fan, Amy Zhang, Huawei

  6. Possible solution MKD1 MKD2 REQ:MeshID || req || LocalNonce || LocalMKDD-ID || PeerMKDD-ID||GKID • Add multi-hop communicating protocol between MKDs to do the key distribution • May reuse the abbreviated Handshake protocol • Result • Key Negotiation • LDK-MKD||PTK-MKD=PRF-length(GK,min(LocalNonce,PeerNonce)||max(LocalNonce,PeerNonce)|| min(LocalMKDD-ID,PeerMKDD-ID)||max(LocalMKDD-ID,PeerMKDD-ID)…) • LDK-MKD as the root key to compute PMK-MA • PTK-MKD as the key to protect the communication between MKDs , REQ:MeshID || req || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID||GKID RESP:MeshID || resp || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID || GKID || MIC RESP:MeshID || resp || LocalNonce || PeerNonce || LocalMKDD-ID || PeerMKDD-ID ||GKID|| MIC Changdong Fan, Amy Zhang, Huawei

  7. PMK-MA distribution between MPs in different MKD domain MKD2 MKD1 2b PMK Res 2 aPMK Req • Procedure • MP invokes the PLM protocol • MPs both request the PMK-MA to the corresponding MKD node, when they find they are not in the same MKD domain • MKD separately compute the PMK-MA using the same LDK-MKD to distribute the key to MP • Both MP could do the normal 4-way handshake to derive PTK after getting the PMK-MA 2b PMK Res 2 aPMK Req 1 PLM MP1 MP2 3 4-way Handshake Changdong Fan, Amy Zhang, Huawei

  8. The cross domain key management GK • GK, shared BY MKD group • LDK-MKD , Link distribution Key shared by MKD • Compute the PMK-MA to distribute the keys to authenticated MPs • PTK-MKD • Shared by MKD, update when LDK-MKD updates • PMK-MA • Pair-wise Master Key, shared by authenticated MPs • PTK • Pair-wise Transient Key LDK-MKD PTK-MKD PMK-MA PTK Changdong Fan, Amy Zhang, Huawei

  9. Conclusion • The management of GK shared by MKDs • Not be suitable to define the GK management in 802.11 • The communicating protocol between MKDs • Need to be defined more clearly • need to design the state machine • Change to the PMK-MA negotiating procedure Changdong Fan, Amy Zhang, Huawei

  10. References • IEEE 802.11s D2.0 Changdong Fan, Amy Zhang, Huawei

More Related