Siemens manual IEEE802.11i Robust Security Network RSN, Security association management

Page 61

IEEE802.11i:

Robust Security Network (RSN)

Additional enhancement to existing IEEE802.11 functions:

νData privacy mechanism:

–TKIP (Temporal Key Integrity Protocol) to enhance RC4-based hardware for higher security requirements, or

–WRAP (Wireless Robust Authenticated Protocol) based on AES (Advanced Encryption Standard) and OCB (Offset Codebook)

νSecurity association management:

–RSN negotiation procedures for establishing the security context

–IEEE802.1X authentication and key management

Associate

EAP Identity Request

EAP Identity Response

EAP Request

EAP Response

EAP Success

Access Request

Access Challenge

Access Request

Access Accept

Authentication

Server

WLAN-IEEE802.11 Tutorial (Maximilian Riegel), 021018-wlan-tutorial.ppt	Page 61	© Siemens, 2002

Image 61

Contents Maximilian Riegel Prolog Ubiquitous Wlan Prolog Wlan has taken off Outline Part Wireless Internet system architecture Peer Generic Internet network architectureHtml Layering means encapsulationIEEE802.11 seamless integration into the Internet $*6 IP based network architectureWireless LAN IEEE802.11 basic architecture What is unique about wireless? Part 2 IEEE802.11 Overview With 11 Mbps using existing MAC layer Wireless IEEE802.11 StandardIndependent IEEE802.11 ConfigurationsInfrastructure IEEE802.11 Architecture Overview Isochronous ServiceMAC MIB IEEE802.11 Protocol ArchitectureWIG Wireless LAN StandardizationPart 3 Physical layer GHz Direct Sequence Spread Spectrum IEEE802.11 GHz & 5 GHz Physical LayersFrequency Hopping Spread Spectrum RF Energy is Spread by XOR of Data with PRN Sequence Direct Sequence Spread SpectrumDsss Transmit Spectrum and Channels IEEE802.11a 5GHz PHY Layer SpecificationsKey milestones CCK-OFDM proposal for up to 54 Mbit/s from Intersil IEEE802.11g Further Speed Extension for the 2.4GHz BandSpectrum Designation in the 5 GHz range TPC Transmission Power Control IEEE802.11h Spectrum Transmit Power ManagementDFS Dynamic Frequency Selection Issues of 5 GHz systems … when will 5 GHz WLANs come?PHY Terminology Physical Layer Convergence Protocol Plcp Part 4 Medium Access Control Robust for interference Basic Access Protocol FeaturesBackoff-Window CSMA/CA ExplainedCSMA/CA + ACK protocol Defer access based on Carrier SenseStation Distributed Coordination Function DCFSTA a STA B Hidden Node ProvisionsEdcf Enhanced Distributed Coordination Function IEEE802.11e MAC Enhancements for Quality of Service EdcfPoint Coordination Function PCF HCF Hybrid coordination function IEEE802.11e MAC Enhancements for Quality of Service HCFMAC Header format differs per Type Frame FormatsAddress Field Description Summary MAC Protocol Features Part 5 MAC layer management Infrastructure Beacon Generation Timestamp contains timer value at transmit timeTiming Synchronization Function TSF All stations maintain a local timerTiming Synchronization Function TSF Timing conveyed by periodic Beacon transmissionsScanning required for many functions ScanningMAC uses a common mechanism for all PHY Passive ScanningActive Scanning Example Initial connection to an Access PointMobile devices are battery powered Power Management ConsiderationsPower Management Approach If TIM indicates frame buffered Power Management ProcedureBroadcast frames are also buffered in AP Beacon MAC Management FramesPart 6 Wlan Mobility Independent networking IEEE802.11 Ad Hoc ModeIEEE802.11 Infrastructure Mode If AP accepts Reassociation Request Mobility inside a Wlan ‘hotspot’ By link layer functionsIapp defines procedures for IEEE802.11f Inter-Access Point Protocol IappPart 7 Wlan security Provides for an authentication mechanism IEEE802.11 Privacy and Access ControlShared key authentication is based on WEP privacy mechanism WEP bit in Frame Control Field indicates WEP used WEP privacy mechanismStation Shared key authenticationShortcomings of plain WEP security Security association management IEEE802.11i Robust Security Network RSNEven IEEE802.11i may not be sufficient for public hot-spots Last word about Wlan securitySummary MAC Functionality Part 8 Public hotspot operation 〈 Rqrwwrxfk Fxvwrphuhtxlsphqw Serving customers in public hot spotsOne solution for every place hotspot Becoming a Wlan operator is easy Cost issuesLegal aspects in Germany How does your favorite storefront look like? Using a web page for initial user interaction Auth How does it work Web based access controlPage Real-time accounting based on service, duration and volume Functions of an integrated access gateway User managementDhcp server for assigning IP addresses to Wlan clients Functions of an integrated access gateway Network servicesPolicy engine IP router with NAT enginePart 9 Wlan Umts Interworking GSM/GPRS/UMTS Wlan IEEE802.11 Umts and Wireless LAN are differentWlan Umts Interworking Ancient approach ‘tight coupling’ Wlan as just another radio access technology of UmtsTight coupling Wlan as an extension of a mobile networkOrjdulwkplfvfdoh Wlan is much cheaper than 2G/3GConclusions for Mobile Network Operators Revenues without competing against aggressive Wlan operators Wlan Umts Interworking Now widely accepted ‘loose coupling’Each hotspot is SS7 endpoint Wlan loosely coupled to a Mobile NetworkWeb based authentication and mobile network security Standards for WLAN/UMTS interworking Thank you for your attention Questions and comments? EndLiterature