doc.: ieee 802.11-11/01047r2 submission nameaffiliationsaddressphoneemail ping fang huawei...
TRANSCRIPT
doc.: IEEE 802.11-11/01047r2
Submission
Name Affiliations Address Phone email
Ping FangHuawei Technologies
Co., Ltd.
Bldg 7, Vision Software Park, Road Gaoxin Sourth 9, Nanshan District, Shenzhen, Guangdong, China, 518057
+86 755 36835101 [email protected]
Zhiming DingHuawei Technologies
Co., Ltd.
Bldg 7, Vision Software Park, Road Gaoxin Sourth 9, Nanshan District, Shenzhen, Guangdong, China, 518057
+86 755 36835837
Phillip BarberHuawei Technologies
Co., Ltd.
1700 Alma Rd, Ste 500Plano, Texas 75075 USA
+1 972-509-5599
Using Upper Layer Message IE in TGai• Date: 2011-08-23
Aug 2011
Slide 1
Authors:
Ping Fang, Huawei.
doc.: IEEE 802.11-11/01047r2
Submission
Aug 2011
Slide 2
Abstract
This document describes a technical proposal for TGai. In this proposal, Upper Layer Message IEs are proposed for EAP and DHCP; Association, authentication and 4-Way handshake are carried out concurrently to improve efficiency.
Ping Fang, Huawei.
doc.: IEEE 802.11-11/01047r2
Submission
Conformance w/ Tgai PAR & 5C
Aug2011
Ping Fang, HuaweiSlide 3
Conformance Question Response
Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11?
No
Does the proposal change the MAC SAP interface? Yes, possible
Does the proposal require or introduce a change to the 802.1 architecture? No
Does the proposal introduce a change in the channel access mechanism? No
Does the proposal introduce a change in the PHY? No
Which of the following link set-up phases is addressed by the proposal?(1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment
3,4
doc.: IEEE 802.11-11/01047r2
Submission
Why do we need FILS?Aug 2011
Slide 4 Ping Fang, Huawei.
• If a dual mode MS makes a seamless handoff from cellular network to WiFi network, the time of WiFi ILS should be minimized.
• 3GPP TS23.327(Mobility between 3GPP-WLAN, not support seamless HO yet) and WMF T37 (WiMAX WiFi Interworking, support seamless HO but effect is not proved, using pre-authentication) have supported this scenario.
Internet
Internet
Dual mode MS
WiFi interface
Cellular interface
BS
BS
Cellular core
HA
AAA
Cellular access
AP
WiFi access
– Hot-Spot Pass-Through Internet Access: Users on vehicle/train passing near an AP with a mobile phone must have the ability to access various Internet services in a few seconds to his/her e-mail/twitter/facebook or to offload traffic carried by other networks e.g. 3G.
doc.: IEEE 802.11-11/01047r2
Submission
Usual WiFi network architecture& initial link setup
Aug 2011
Slide 5
AP
AP
STA
DHCP Server
AS
Router
Internet
User Device WiFi Access Network Internet
1 Discovery & Association2 EAP authentication
3 IP address Assignment4 After link setup
5 Move in W
iFi E
SS
6 Possible Fast transition
11r Interface
Ping Fang, Huawei.
Here too many message exchanges
doc.: IEEE 802.11-11/01047r2
Submission
How to reduce the time of ILS?
Aug 2011
Slide 6 Ping Fang, Huawei.
• 802.21 MIH could be used by cellular network to help DM-MS to find vicinal WiFi AP (location technology needed). – This is out of scope of this proposal.
• To reduce message exchanges on air interface.• To reduce message exchanges on network side (e.g. AP is
configured an IP address pool and works as DHCP proxy) and reduce workload of calculating (e.g. prepared authentication vectors in AKA method).
• Don’t use methods based on certificate.
doc.: IEEE 802.11-11/01047r2
Submission
Our scope and essential principle
Aug 2011
Slide 7
AP
AP
STA
DHCP Server
AS
Router
Internet
User Device WiFi Access Network Internet
11r Interface
We work on here
Key hierarchy must not be changed!
Ping Fang, Huawei.
IEEE 802.11r may be deployed if mobility in WiFi network is supported.
Usually RADIUS or DIAMETER protocol is here.No changes here would be better.
doc.: IEEE 802.11-11/01047r2
Submission
How to reduce rounds on air interface?
Aug 2011
Slide 8 Ping Fang, Huawei.
STA AP
Association
Probe
4-way handshakebased on PMK
MSK, EMSK are generated, PMK derived from MSK
EAPoL_Start
EAP_Request/Identity
EAP_Rerequest/...
Authentication (open)
Beacon
EAP_Response/Identity 802
.1x
EAP_Response/...EAP_Success
DHCP procedure
MIP procedureMIP keys derived from EMSK are used here on IP level
STA get IP address, maybe include MIP
PTK is generated and GTK is delivered
AID is assigned, something are negotiated
In fact unnecessary
This can not be as a part of ILS.
The whole flow of ILS according to current specification and mobility is considered.
Other IP address allocation approach could be used.
• To carry out EAP procedure, IP address allocation procedure, 4-Way handshake and AID assigning concurrently.– EAP messages and DHCP messages are
encapsulated into Upper Layer Message IEs and included in Authentication frames if the FILS procedure is indicated.
– The fields of 4-way handshake messages are included into the Authentication frames and 4-way handshake steps must be in step with EAP steps.
– The Association frames are removed. AID is delivered together with the GTK through the third step of the 4-way handshake.
doc.: IEEE 802.11-11/01047r2
Submission
Could EAP be ignored?
Aug 2011
Slide 9 Ping Fang, Huawei.
• In 3GPP TS33.402( SAE Security aspects of non-3GPP accesses) , it is specified:– Access authentication for non-3GPP access in EPS shall be based on EAP-AKA (IETF RFC
4187) or on EAP-AKA’ (IETF RFC 5448).
• In WiMAX NWG T37(WiMAX WiFi Interworking), EAP is also conducted by AAA server in WiMAX CSN during WiFi ILS.
• Considering the MIP keys are derived from EMSK which is an outcome of an EAP procedure in current network specifications (see 3GPP TS33.402 and WMF T32), the EAP should be kept in FILS.
doc.: IEEE 802.11-11/01047r2
Submission
Could DHCP be ignored?
Aug 2011
Slide 10 Ping Fang, Huawei.
• DHCP is the main protocol for IP address allocation even in IPv6 (DHCPv6).
• DHCP is not only used to assign an IP address , but also used to deliver many other information.– An very important example is that in BBF TR069 a CPE identifies itself to the DHCP server as
supporting ACS Discovery method defined in TR069 by including the string “dslforum.org” in DHCP option 60 (in DHCP Discovery/Request) and then the DHCP server includes an ACS URL and a provisioning code in DHCP option 43 in its response (DHCP Offer/ACK) .
• IF a STA uses FILS and has to acquire some information in extra steps, then FILS is not complete. Problems are just left for the following steps.
• So, we may not use DHCP to assign IP address in FILS, but we can not ignore DHCP in FILS. How to assign IP address is the choice of network operator.
doc.: IEEE 802.11-11/01047r2
Submission
Possible Protocol Detail
July 2011
non-AP STA
AP
2, A2(algorithm=FILS,Seq=2, RSN=EAP, …, EAP_Request/ID)
3, A3(algorithm=FILS,Seq=3,RSN=EAP, EAP_Response/ID(User-ID) [, DHCP Discover])
1, A1(algorithm=FILS, Seq=1,RSN=EAP,…, EAPoL_Start)
19, A6(algorithm=FILS,Seq=6,RSN=EAP, EAP_Success, AID, GTK[, DHCP Ack], MIC6)
21, A7(algorithm=FILS,Seq=5,RSN=EAP, MIC7)
AS
4, ARQ(User-ID)
6, DHCP Discover
7, DHCP Offer
15, AAC (success, PMK)
18, DHCP Ack
17, DHCP Request
16, calculate PTK, verify MI C5
10, A4E(algorithm=FILS,Seq=x,RSN=EAP, EAP_Response/Request) Extera EAP steps
DHCP server
calculate MSK, PMK
20, veri f y MI C6
22, veri f y MI C7
11, calculate MSK, PMK, PTK;
12, A5(algorithm=FILS,Seq=5,RSN=EAP, EAP_Response(…) [, DHCP Request], SNonce, MIC5) Last message of EAP Method
14, ARQ
9, A4(algorithm=FILS,Seq=4,RSN=EAP, EAP_Request(…)[, DHCP Offer], ANonce) First message of EAP Method
5, AAC (…[,pre-assigned IP addr])
13, cache MI C5
8, Recei pt the pre-assi gned I P addr. f rom AS or DHCP server
doc.: IEEE 802.11-11/01047r2
Submission
Upper Layer Message IE
• New Upper Layer Message IE can be defined as below
Aug 2011
Slide 12
Upper layer message IE element format
Ping Fang, Huawei.
Element ID length Upper layer message
ULM bodyULM Type
1:EAP2:DHCPv43:DHCPv6…
1 bit 7bits
e.g. 143 1 Oct.
Flag
0: No more segment1:More segment
doc.: IEEE 802.11-11/01047r2
Submission
How to be compatible with legacy STAs
• Authentication frames must be kept.• Add a new enumerative value to the field Algorithm in Authentication frame
to indicate using FILS procedure.• Definitions in 11mb:
Aug 2011
Slide 13 Ping Fang, Huawei.
1 = Open System2 = Shared Key3 = FT (first defined in 11r)4 = FILS (first defined in 11ai)
doc.: IEEE 802.11-11/01047r2
Submission
How to be compatible with other possible FILS?
• More AKM suite selectors (suite type) could be defined.
Aug 2011
Slide 14 Ping Fang, Huawei.
Authentication algorithm = 4 (FILS)
“And FILS”
Suite type = 1, 802.1xSuite type = 2, PSK (mean only 4-way HS without EAP, PMK is PSK)Suite type = 3, FT over 802.1xSuite type = 4, FT over PSK…Suite type = 8, FILS over 802.1xSuite type = 9, FILS over PSK (maybe not use current 4-way HS)
doc.: IEEE 802.11-11/01047r2
Submission
Modifications
• Maximum length of IE is limited to 256 octet. So one EAP or DHCP message may be divided into multiple IEs.
• Association frames are ignored if FILS is called.• 4-Way handshake procedure is concurrently carried
out with EAP procedure in Authentication frames if FILS is called.
• IP address can be allocated in Authentication frames with standard DHCP or only with fields under some special circumstance.
Aug 2011
Slide 15 Ping Fang, Huawei.
doc.: IEEE 802.11-11/01047r2
Submission
Questions & Comments
Aug 2011
Slide 16 Ping Fang, Huawei.