Download
1 / 8
80 likes | 210 Vues
This document details the modifications necessary for the 802.11s draft to achieve "suite B" compliance, a standard set by the NSA for secure systems. It outlines the use of elliptic curve cryptography, specifically ECDH for key exchange and ECDSA for authentication, along with hashing standards (SHA-256) and bulk data protection using AES-GCM. The paper proposes an updated authentication protocol leveraging these cryptographic standards to enable 802.11s mesh networks suitable for government and sensitive data markets.
E N D
Suite-B Compliance for a Mesh Network Authors: Date: 2009-09-15 Dan Harkins, Aruba Networks
Abstract This document describes the changes necessary to the 802.11s Draft to support “suite B” compliance Dan Harkins, Aruba Networks
What is “suite B?” • A specification of cryptographic building blocks used to construct a secure system • Key exchange using elliptic curve Diffie-Hellman (ECDH) • Authentication using elliptic curve Digital Signature Algorithm (ECDSA) • Hashing with SHA-256 or greater • Use of approved elliptic curves (over prime field of at least 256 bits) • AES-GCM for bulk data protection • A revised set of requirements (on top of FIPS) by NSA and the US government to sell product to protect data with a certain classification level Dan Harkins, Aruba Networks
“suite B” support in 11s • SAE implements an ECDH-like exchange using approved elliptic curves and specifies SHA-256 but… • Authentication is not ECDSA • The keys are still used with AES-CCM • Today an 11s implementation would not meet “suite B” requirements and cannot be sold into certain markets • We could do a bit more work to rectify this • Propose a new authentication protocol using ECDH and ECDSA, with SHA-256, that can support approved elliptic curves • Define use of AES-GCM for 11s (that might be a lightning rod for negative comments in the next ballot, or maybe not) Dan Harkins, Aruba Networks
A “suite B”-compliant Authentication Protocol for 11s • Use action frames to request and obtain a peer’s certificate • Use authentication frames to perform a peer-to-peer protocol which does an ECDH exchange and ECDSA to authenticate • Leverage lots from SAE • The state machine will be almost identical • A new AKM in beacons indicates support for the exchange • Use the same mechanism for negotiating the elliptic curve • The result of the exchange is an authenticated PMK, just like SAE, that is input to APE to establish a secure peering. Dan Harkins, Aruba Networks
A “suite B”-compliant Authentication Protocol for 11s Mesh Point A identified by ID-A Mesh Point B identified by ID-B • Choose random “b” less than order of group, nonce Nb • Compute element B = b*G • Choose random “a” less than order of group, nonce Na • Compute element A = a*G Nb, B Na, A Sign {Na | Nb | A | B | ID-A | ID-B} Sign {Nb | Na | B | A | ID-B | ID-A} Session ID = MAX(Na, Nb) | MIN(Na, Nb) Shared Secret = a * b * G Dan Harkins, Aruba Networks
Straw Polls • Ability to sell product into government markets using sensitive data is important • Yes: 5 • No: 0 • Don’t Care: 2 • We should add another authentication protocol to the Draft to support suite-b for this purpose • Yes: 1 • No: 0 • Don’t Care: 0 • Don’t Know: 7 Dan Harkins, Aruba Networks
References Dan Harkins, Aruba Networks
![[A Social Network Analysis Suite for Business Intelligence]](https://cdn2.slideserve.com/3688879/a-social-network-analysis-suite-for-business-intelligence-dt.jpg)
![[A Social Network Analysis Suite for Business Intelligence]](https://cdn5.slideserve.com/9438665/a-social-network-analysis-suite-for-business-intelligence-dt.jpg)
