Background Study :802.11i Encryption

1
Background Study 802.11i Encryption
2

• MK (Master Key)
• PMK (Pair-wise Master Key)
• PTK (Pair-wise Transient Key)
• GMK (Group Master Key)
• GTK (Group Transient Key)

3
Background Study ECC (Elliptic Curve
Cryptography)Neil Koblitz, Victor Miller, 1985

• General Form

???
???
4
???????

• O Point at infinity
• POOPP

5
????

• nPO n??order
• Given G, QdG, d is randomly selected. It is
  nearly impossible to derive d (??????????). G is
  called generator. Q is called public key. d is
  called private key.

6
ECCDH

• Given E, a generator point P.
• A selects a private key da. A derives public key
  Qa daP
• B selects a private key db. B derives public key
  QbdbP
• A and B exchange their public Key
• A derives share key SabdaQb
• B derives share key SabdbQa

7
Bilinear pairing

• Establishment of a session key requires only one
  message for exchange
• Two cyclic group bilinear mapping
• G1 cyclic addition group, G2 cyclic multiply
  group

8
(No Transcript)
9
Introduction

• Roaming delay is composed by
• Channel scanning and probing
• Mobile client must disconnect from the current AP
  and join a new AP and it takes 20ms380ms
• Authentication at the new AP
• The overall roaming delay should be kept under
  50ms, ideally the authentication should not take
  more than 20ms to allow 30ms for channel scanning
  and probing.

10

• 802.11i
• Authentication is done by 802.1x, or by a
  pre-shared key.
• PMK, 4-way handshake for PTK, 2-way handshake for
  GTK.
• Full authentication takes 7501200ms
• Roaming authentication takes 200ms, or 50ms for
  the best case.

11

• Proactive key distribution method
• Distributes a new PMK to neighbor APs
• Roaming authentication time reduce to 21ms on the
  average.
• Heavy burden on AS
• AP must track the movement of clients
• Pre-authentication
• A client connects to multiple APs first.
• 0 delay
• Impose heavy burden on AS and may not extend
  beyond the first access router

12

• Predictive authentication
• All the neighboring APs can receive the
  authentication response.
• Drawbacks are similar to pre-distribution
• 802.11r
• Authentication time of best case is 10ms
• Pre-distribution of the keys to all the AP within
  the subnet
• Drawbacks still remain

13

• Reducing 4-way handshake is important. Best case
  analysis of 4-way handshake is 20ms.
• Inter-domain roaming

14
Background

• IDC (Identity-based Cryptography)
• Known identity information is used in ID-based
  cryptography to derive a public key thus no
  public key exchange is necessary.
• Identity value may be alphanumeric character
  string or MAC address.
• PKG (Private Key Generator)
• Given private key to the ID owner through a
  secure channel

15

• Bilinear map
• Multiply integers with points on elliptic curves
• Given P and sP, it is nearly impossible to
  compute s

16

• Public/private key generation
• PKG uses a master key s and a fixed point P on a
  elliptic curve.
• Public key Oid
• PKG hashes users ID to a point Qid on the curve.
• Private key sQid
• P, sP, cryptographic function H1 can be made
  available in public

17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
Proposed scheme SFRIC

• To use a WLAN, a user logs into the network
  through 802.11i process.
• For static client SFRIC is not necessary
• SFRIC has 2 phases. In phase 1 a client accesses
  the PKG to get a private key. When the client
  decides to roam it first finds and joins a new
  APs by probing and scanning, and follows the
  phase 2 procedure to exchange authentication
  messages.

21
(No Transcript)
22
Phase 1 preparation

• APs and client both contact to PKG with their MAC
  and receive a private key via secure channel
• Private key of client
• MACexpiration dateexpiration hourNounce
• Private key of AP
• MACcurrent datecurrent hour
• Both are periodically refreshed in every hour

23
Phase 2 roaming
24
(No Transcript)
25

• Comment
• Figure 3 says message 1 is encrypted in Ka, but
  figure 4 says it is K1 to be used for encrypted
  instead.

26

• Comment The above equation can prove anything.
• Comment(rKa, sP)(Kc-1, rP)?
• Serious error in equation. Can not prove security
  key of a equals to security key of csKa Kc-1??

27

• MACc is called the proof of ID. If the MAC
  address of ID matches the MAC address in the
  packet header, the sender is proven to posses the
  MAC address and the right private key.
• Comment Verification of MAC is smart but weak.

28

• Comment If MACc is encrypt by cs private key,
  there is no way to decrypt it in a.

29
(No Transcript)
30
Performance Analysis
31

• The most time consuming is the pairing
  operations E2, D1, and D2, while the cost of the
  rest is almost negligible.
• Comment I am not convincible why E1 pairing
  operation can be negligible.
• Comment Authors is too optimistic to neglect the
  network operation, especially in worst cases.

32

• Comment Inconsistent typos

33

• The authors claim there will be only 2 pairing
  operations require, which take 17ms (cited by
  23 that one pairing operation is 8.7ms for best
  case), one can be done in advance.
• Comment there is no simulation for the
  computation. Nothing but site by other work.
  Conviction is weak.

34
Thank You
35
Review Suggestion

• Rate the importance of the topic addressed in the
  paper and its timeliness within its area of
  research Excellent Above average Average
  Below average None
• Rate the technical contribution of the paper, its
  soundness and scientific rigourExcellent Solid
  work Valid work Marginal work Questionable
• Rate the novelty and originality of the work
  presented in the paperPioneering Novel Some
  Novel Minor variation It has been said many
  times before

36

• Rate the paper organization, the clearness of
  text and figures, the completeness and accuracy
  of references.Excellent Well written Readable
  Substantial revision work is needed
  Unacceptable
• Strengths
• Weakness
• Recommended changes