Discussion Points for 802.21 Security [Input to 802.1AF] • Security in the MAC is more about wireless than wired today • Some (proposed) link events today have different qualities for wired vs. wireless worlds: • • • • • Link up (wired link vs. wireless association completed (or open port?)) Link down (wired no data vs. wireless beacons etc) Link_Going_Up (wired not possible? vs. Port in the making / tentative association) Link changed bandwidth (wired went from 100 to 10 vs. wireless slow man on channel?)) Link changed mode (wired duplex transition vs. wireless ack to block ack?) • Some events are wireless only: • • • Link changed QoS (wireless HCCA to EDCA transition, wired ?) Link_Quality_Crosses_Threshold (wireless signal quality, wired ?) Better_Signal_Quality_AP_Available • Some events are the same for both wired and wireless: • • Link_Going_Down Trigger_Rollback Discussion points on 802.21 security d1 Michael G. Williams / NOKIA IEEE 802.21 Discussion Points for 802.21 Security [Input to 802.1AF] • Some proposed link events could be asymmetric… • • • • • • Link up (OPER up on one end only) Link down (OPER down on one end only) Link_Going_Up (OPER…) Link_Quality_Crosses_Threshold (better antennae?) Link_Going_Down (OPER…) Better_Signal_Quality_AP_Available (sent one way only) • Might want to transmit any of these as status report from other end ? (Should there be remote registered client for push or pull model?) • … vs. the same on both ends of link • • • • • • Link up (both ends fully plugged in, Link down (failure of cable, one end fails) Link changed bandwidth (negotiated) Link changed mode (negotiated) Link changed QoS (negotiated) Trigger_Rollback (transmitted) Discussion points on 802.21 security d1 Michael G. Williams / NOKIA IEEE 802.21 Discussion Points for 802.21 Security [input to 802.1AF] • Might want to report any of these locally up from L2 to registered client • Current local registration for link events identifies client, logical interface and particular event • Current local delivery of link events provides report of event occuring, sometimes a data value (never the source MAC) • Current local delivery of link events can be gated by OPER state • Source of link events is not authenticated or authorized by local delivery mechanism • No need for security? Discussion points on 802.21 security d1 Michael G. Williams / NOKIA IEEE 802.21 Discussion Points for 802.21 Security [input to 802.1AF] Apply to transmitted signals or triggers (i.e. end to end). Generic threat analysis here due to lack of approved use cases. • DoS attacks • In wireless there is always PHY based DoS • So why spend energy preventing MAC based DoS • Protocol attacks • No new security protocols introduced, no increase in attacks • Association • Authentication • • Heavyweight, only for association Authorization • Heavyweight, only for association • Integrity • Relevant to wired side (yet less needed), not so on wireless? • Privacy / confidentiality • Must use existing encryption methods if used at all, due to scope; Hard to set up w/out latency inducing authentication Discussion points on 802.21 security d1 Michael G. Williams / NOKIA IEEE 802.21