IEEE Std 802.10-1998 Proposed Revision - PowerPoint PPT Presentation

About This Presentation
Title:

IEEE Std 802.10-1998 Proposed Revision

Description:

Balanced costs (LAN vs attached stations) ... 3. Layer 2 security can be implemented in either LAN devices or attached stations. ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 11
Provided by: Pam246
Learn more at: https://grouper.ieee.org
Category:
Tags: ieee | lan | proposed | revision | std

less

Transcript and Presenter's Notes

Title: IEEE Std 802.10-1998 Proposed Revision


1
IEEE Std 802.10-1998 Proposed Revision
  • Purpose, Scope 5 Criteria

2
Purpose
  • The purpose of this PAR is to update the Secure
    Data Exchange (SDE) Protocol specified in IEEE
    Std 802.10-1998, to accommodate newly identified
    security requirements for all current 802 MACs
    and delete unneeded header fields.

3
Scope
  • The scope of this PAR is to make changes to the
    format and processing of SDE PDUs to
  • Accommodate replay protection
  • Integrity protect the Destination MAC address
  • Integrity protect additional header fields,
    particularly the VLAN tag, as needed
  • The current PDU format and processing will have
    to be modified to incorporate a sequence number
    the DA will have to be included in the
    computation of the ICV, and the VLAN tag (and
    any other required header fields) will be
    included in the computation of the ICV, if
    protection is required by VLAN tagging rules
    (which are to be specified).
  • In addition, an informative annex will be
    developed that discusses various scenarios for
    securing Layer 2 bridged networks and a normative
    annex will be developed that defines an SDE
    profile specifying a single interoperable SDE
    configuration that must be supported by all
    vendors claiming conformance to the revised SDE
    specification.

4
SDE Header Format Modifications
INTEGRITY PROTECTED
ENCRYPTED
DA
SA
CLEAR HEADER
PROTECTED HEADER
ICV
DATA
PAD
Current Format
STA ID
FLAGS
FRAG ID
SEC LABEL
SDE Des
SAID
MDF
INTEGRITY PROTECTED
ENCRYPTED
CLEAR HEADER
PROTECTED HEADER
DATA
ICV
DA
SA
VLAN TAG
PAD
Revised Format
Pload EType
FLAGS
FRAG ID
SEC LABEL
SAID
SEQ NO.
MDF
5
5 Criteria
6
Broad Market Potential
  1. Broad sets of applicability
  2. Multiple vendors numerous users
  3. Balanced costs (LAN vs attached stations)
  • Security is applicable to most personal and
    business environments that utilize 802 Layer 2
    products. Increased security awareness in the
    general user population has dramatically
    increased the demand for security in networks
    composed of 802 Layer 2 products.
  • Several hundred people representing more than a
    hundred companies attend various 802 working
    groups that require security support in their
    products. These currently include 802.3 (P2P
    P2MP), 802.11 (WLAN), 802.15 (WPAN), 802.16
    (WMAN), 802.17 (RPR), 802.20 (MBWA).
  • 3. Layer 2 security can be implemented in either
    LAN devices or attached stations. Implementation
    of security in bridges is the most cost effective
    method, since many attached stations can be
    supported by a single bridge.

7
Compatibility
  • The proposed revisions to IEEE Std 802.10-1998
    are compatible with all current 802 MAC and
    bridging standards
  • There are no implementations of 802.10-1998,
    therefore backwards compatibility is not an issue
  • Revisions to 802.10-1998 will conform with 802
    Overview Architecture and 802 layer management,
    as appropriate

8
Distinct Identity
  1. Substantially different from other IEEE standards
  2. One unique solution per problem
  3. Easy for the document reader to select the
    relevant specification
  • There are no other 802-wide security standards.
    802.11i security work is specific to 802.11
    products, and is not intended to be a generic
    solution for all 802 MACs. PARs produced by the
    LinkSec ECSG will either support this effort, or
    be entirely distinct from it, but will not
    duplicate any of 802.10s work.
  • The goal of the revisions to 802.10-1998 is to
    provide a unique security
  • solution that is applicable to all 802 MAC and
    bridging Standards.
  • The proposed effort is a revision to 802.10-1998,
    which will have a distinct document revision
    number (probably IEEE Std 802.10-2004)

9
Technical Feasibility
  1. Demonstrated system feasibility
  2. Proven technology, reasonable testing
  3. Confidence in reliability
  • Technological revisions to 802.10-1998 are simple
    and straight-forward. Similar constructs are
    being used in a variety of products and other
    standards efforts today.
  • Products supporting Internet standards that
    incorporate similar technology have been sold
    world-wide and have been thoroughly tested in the
    field.
  • As with many security Standards, reference
    implementations will have to be constructed to
    which compliance must be proven in order to
    achieve the necessary confidence.

10
Economic Feasibility
  1. Known cost factors, reliable data
  2. Reasonable cost for performance
  3. Consideration of installation costs
  • The goal of this project is to create a Layer 2
    security mechanism that balances the cost of
    implementing data security with the cost and
    performance of the access technology.
  • 2. Security mechanisms have been incorporated in
    Layers 2, 3, 4, and 7 at a reasonable cost
    increment, in terms of both dollars and
    throughput.
  • 3. Any Layer 2 security mechanism may require
    additional infrastructure, depending on the type
    of key management mechanism selected. This
    translates into additional installation cost for
    equipment, software, and/or administration.
Write a Comment
User Comments (0)
About PowerShow.com