Path Protection

1. Path Protection Authors: Date: 2009-11-08 David Halasz, Aclara

2. Abstract The path selection protocol has similar security concerns of path messages in AODV. Since the path selection messages use Multihop Action frames, the Multihop Action frames should be protected with IEEE 802.11w mechanisms. This will protect path messages on a link-to-link basis and not end-to-end. As of 802.11s draft 3.04, this presentation has already been addressed with the exception of updating the PICS. David Halasz, Aclara

3. From RFC3561 – AODV 11 Security Considerations “… Route protocols, however, are prime targets for impersonation attacks. … … However, when the network membership is known and there is a danger of such attacks, AODV control messages must be protected by use of authentication techniques, such as those involving generation of unforgeable and cryptographically strong message digests or digital signatures. …” David Halasz, Aclara

4. Areas that need attention from IEEE 802.11-2007 • Clause 8.3.3 CTR with CBC-MAC Protocol (CCMP) • Propose no change to CCMP. Mesh control field will be encrypted. David Halasz, Aclara

5. Areas that need attention fromIEEE 802.11w • Clause 8.3.4 The Broadcast/Multicast Integrity Protocol • CCMP issue doesn’t apply since not encrypting payload. • Clause 7.3.1.11 Action field • Add “Robust” column to 802.11s draft table 7-24 • Already modified on D3.04 David Halasz, Aclara

6. Areas that need attention fromIEEE 802.11s draft • PICS • If Mesh and SAE then must protect the management frames David Halasz, Aclara

7. References • [1] Perkins, C., Royer, E. and S. Das, " Ad hoc On-Demand Distance Vector (AODV) Routing", RFC 3561, July 2003. David Halasz, Aclara