| Proposal for key management in 802.11 networks | <– Date –> <– Thread –> |
From: Caprella Ettore (Ettore.Caprella TILAB.COM)
|
|
| Date: Mon, 27 Oct 2003 11:07:37 -0600 (CST) | |
Dear Mr. Chairman,
we would like to submit to the EAP working group a proposal
for a new key management method, which is based
on the generalization of the Diffie-Hellman protocol to
multicast groups.
We think that this approach could be effective in the context
of the IEEE 802.11 networks, in particular for the Ad-Hoc scenario.
The Generalized Diffie-Hellman protocol for a closed group has
been successfully used and deployed in the context of IP secure
multicast; this algorithm allow a set of independent peers to
derive a shared secret key using only publicly exchanged data and
a private information [1][2][3][4].
Our idea is to use Generalized Diffie-Hellman protocol as a mechanism
for deriving the shared WEP key to secure the communications occurring
in a 802.11 Network. This algorithm is particularly fitting for small
network (like home network or small SOHO network) because it can
be easily deployed without using a centralized authentication server.
This approach can be also used when the Authentication Server is not
directly reachable on the local 802.11 network; for example, this may
occur in a MANET scenario, where the topology is subject to
unpredictable
changes.
Of course, the approach also presents some drawbacks; in particular,
it may be necessary to exchange several packets to perform a complete
key exchange; moreover, the size of the packets could possibly exceed
the Maximum Transfer Unit (MTU) for a 802.11 network,
especially for networks having a large number of users.
The proposed mechanism fits nicely within the 802.1x standard for
authentication, and provides an alternative mechanism for WEP
key generation. All the authentication methods available within
the EAP framework can be used without modification.
We are currently working on a prototype implementation to better
understand
the advantages and limitations of our solution.
We know that it is unfeasible to discuss thoroughly this issue in the
upcoming IETF Meeting; however, as we plan to attend the meeting,
we think that this could be an excellent chance to receive some
feedback about this proposal and understand if there could be any
interest for this working group.
Thanks in advance for your kind attention,
-Ettore Caprella
-Federico Frosali
-Gerardo Lamastra
[1] M. Steiner, G. Tsudik and M. Waidner
"Diffie-Hellman Key Distribution Extended to Groups"
1996 ACM Conference on Computer and Communications Security,
March 1996
http://www.ics.uci.edu/~gts/paps/stw96.ps.gz
[2] G. Ateniese, O. Chevassut, D. Hasse, Y. Kim and G. Tsudik
"The Design of a Group Key Management API"
DARPA DISCEX'2000, January 2000
http://www.ics.uci.edu/~gts/paps/achkt99.ps.gz
[3] Y. Kim. A. Perrig and G. Tsudik
"Simple and Fault-Tolerant Key Agreement for Dynamic
Collaborative Groups"
ACM CCS'2000, November 2000, kpt2000.pdf
http://www.ics.uci.edu/~gts/paps/kpt2000.pdf
[4] D. Wallner, E. Harder, R. Agee
"Key Management for Multicast: Issues and Architectures"
June 1999, http://www.ietf.org/rfc/rfc2627.txt
_______________________________________________
Telecom Italia Lab - Telecom Italia
Via G. Reiss Romoli, 274
10148 Torino - ITALY
Phone: +39 011 228.6012
Fax: +39 011 228.6360
E-Mail: ettoreelio.caprella [at] telecomitalia.it
________________________________________________
====================================================================
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to MailAdmin [at] tilab.com. Thank you
====================================================================
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.