Discussion Points for 802.21 Security

advertisement
Discussion Points for 802.21
Security
[Input to 802.1AF]
• Security in the MAC is more about wireless than wired
today
• Some (proposed) link events today have different
qualities for wired vs. wireless worlds:
•
•
•
•
•
Link up (wired link vs. wireless association completed (or open port?))
Link down (wired no data vs. wireless beacons etc)
Link_Going_Up (wired not possible? vs. Port in the making / tentative
association)
Link changed bandwidth (wired went from 100 to 10 vs. wireless slow
man on channel?))
Link changed mode (wired duplex transition vs. wireless ack to block
ack?)
• Some events are wireless only:
•
•
•
Link changed QoS (wireless HCCA to EDCA transition, wired ?)
Link_Quality_Crosses_Threshold (wireless signal quality, wired ?)
Better_Signal_Quality_AP_Available
• Some events are the same for both wired and wireless:
•
•
Link_Going_Down
Trigger_Rollback
Discussion points on 802.21 security d1 Michael G. Williams / NOKIA
IEEE 802.21
Discussion Points for 802.21
Security
[Input to 802.1AF]
• Some proposed link events could be asymmetric…
•
•
•
•
•
•
Link up (OPER up on one end only)
Link down (OPER down on one end only)
Link_Going_Up (OPER…)
Link_Quality_Crosses_Threshold (better antennae?)
Link_Going_Down (OPER…)
Better_Signal_Quality_AP_Available (sent one way only)
• Might want to transmit any of these as status report from
other end ? (Should there be remote registered client for
push or pull model?)
• … vs. the same on both ends of link
•
•
•
•
•
•
Link up (both ends fully plugged in,
Link down (failure of cable, one end fails)
Link changed bandwidth (negotiated)
Link changed mode (negotiated)
Link changed QoS (negotiated)
Trigger_Rollback (transmitted)
Discussion points on 802.21 security d1 Michael G. Williams / NOKIA
IEEE 802.21
Discussion Points for 802.21
Security
[input to 802.1AF]
• Might want to report any of these locally up from L2 to
registered client
• Current local registration for link events identifies client,
logical interface and particular event
• Current local delivery of link events provides report of
event occuring, sometimes a data value (never the source
MAC)
• Current local delivery of link events can be gated by
OPER state
• Source of link events is not authenticated or authorized by
local delivery mechanism
• No need for security?
Discussion points on 802.21 security d1 Michael G. Williams / NOKIA
IEEE 802.21
Discussion Points for 802.21
Security
[input to 802.1AF]
Apply to transmitted signals or triggers (i.e. end to end). Generic
threat analysis here due to lack of approved use cases.
• DoS attacks
• In wireless there is always PHY based DoS
• So why spend energy preventing MAC based DoS
• Protocol attacks
• No new security protocols introduced, no increase in attacks
• Association
• Authentication
•
•
Heavyweight, only for association
Authorization
•
Heavyweight, only for association
• Integrity
• Relevant to wired side (yet less needed), not so on wireless?
• Privacy / confidentiality
• Must use existing encryption methods if used at all, due to scope;
Hard to set up w/out latency inducing authentication
Discussion points on 802.21 security d1 Michael G. Williams / NOKIA
IEEE 802.21
Download