11/1047r1: Using Upper Layer Message IE in TGai (Ping Fang, Huawei)
Download
Report
Transcript 11/1047r1: Using Upper Layer Message IE in TGai (Ping Fang, Huawei)
July 2011
doc.: IEEE 802.11-11/01047r1
Using Upper Layer Message IE in TGai
• Date: 2011-07-17
Authors:
Name
Ping Fang
Zhiming Ding
Xiandong Dong
Submission
Affiliations
Address
Phone
Bldg 7, Vision Software
Park, Road Gaoxin Sourth
Huawei Technologies
9, Nanshan District,
+86 755 36835101
Co., Ltd.
Shenzhen, Guangdong,
China, 518057
Bldg 7, Vision Software
Park, Road Gaoxin Sourth
Huawei Technologies
+86 755 36835837
9, Nanshan District,
Co., Ltd.
Shenzhen, Guangdong,
China, 518057
Bldg 7, Vision Software
Park, Road Gaoxin Sourth
Huawei Technologies
+86 755 33913618
9, Nanshan District,
Co., Ltd.
Shenzhen, Guangdong,
China, 518057
Slide 1
email
[email protected]
[email protected]
m
[email protected]
om
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
Abstract
This document describes a technical proposal for TGai
which Upper Layel Message IEs are used in order to
concurrent EAP, DHCP and 4-Way handshake.
Submission
Slide 2
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
Usual network architecture
& initial link setup
STA
AP
5 Move
AS
Internet
11r Interface
Router
AP
User Device
Submission
DHCP Server
WiFi Access Network
Slide 3
Internet
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
Our scope and essential principle
We work on here
We shall not change this!
STA
AP
AS
Internet
11r Interface
Router
Key hierarchy must not be changed!
AP
User Device
Submission
DHCP Server
WiFi Access Network
Slide 4
Internet
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
How to reduce rounds on air interface?
•
Concurrent EAP procedure, DHCP procedure, 4-Way handshake and AID
assigning.
– EAP messages and DHCP messages are encapsulated into the Authentication
frames as Upper Layer Message IEs if the FILS procedure is indicated.
– The 4-way handshake function are merged into the Authentication frames.
– The Association frames are removed. The functions of the Association frames are
moved to Authentication frames. The key point is that the AID is delivered together
with the GTK through the third message of the 4-way handshake.
Submission
Slide 5
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
Upper Layer Message IE
• New Upper Layer Message IE may be defined as below
Element ID
Special value
254
length
Upper layer message
2 Oct.
ULM
Type
ULM body
1 Oct.
1:EAP
2:DHCP
…
Upper layer message IE element format
Submission
Slide 6
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
How to compatible with old STAs
•
•
•
Authentication frames must be kept.
Add a new enumerative value to the field Algorithm in Authentication frame
which means using FILS procedure.
Definitions in 11mb:
1 = Open systen
2 = Shared Key
3 = Fast BSS Transition
4 = FILS
Submission
Slide 7
Ping Fang, Huawei.
July 2011
doc.: IEEE 802.11-11/01047r1
Modifications
• Maximum length of IE is limited to 256 octet. So one
EAP or DHCP message may be divided into multiple
IEs. But if a special EID is defined with the meaning
the length field is in two octets, a single IE can carry a
whole upper layer message.
• Association frames are not ignored if FILS is called.
• 4-Way handshake procedure is concurrent with EAP
procedure if FILS is called.
Submission
Slide 8
Ping Fang, Huawei.
doc.: IEEE 802.11-11/01047r1
Possible Protocol Detail
non-AP
STA
AP
AS
1, A1(algorithm=FILS, Seq=1,RSN=EAP,…, EAPoL_Start)
2, A2(algorithm=FILS,Seq=2, RSN=EAP, …, EAP_Request/ID)
3, A3(algorithm=FILS,Seq=3,RSN=EAP, EAP_Response/ID(User-ID) , DHCP Discover)
4, ARQ(User-ID)
5, AAC (…[,pre-assigned IP addr])
6, DHCP Discover
7, DHCP Offer
8, Receipt the pre-assigned IP
addr. from AS or DHCP server
9, A4(algorithm=FILS,Seq=4,RSN=EAP, EAP_Request(…), DHCP Offer, ANonce)
First message of EAP Method
10, A4E(algorithm=FILS,Seq=x,RSN=EAP, EAP_Response/Request) Extera EAP steps
11, calculate MSK,PMK,PTK;
12, A5(algorithm=FILS,Seq=5,RSN=EAP, EAP_Response(…) , DHCP Request, SNonce, MIC5)
Last message of EAP Method
13, cache MIC5
14, ARQ
calculate MSK, PMK
15, AAC (success, PMK)
16, calculate PTK, verify MIC5
19, A6(algorithm=FILS,Seq=6,RSN=EAP, EAP_Success, AID, GTK, DHCP Ack MIC6)
20, verify MIC6
21, A7(algorithm=FILS,Seq=5,RSN=EAP, MIC7)
22, verify MIC7
Submission
July 2011
17, DHCP Request
18, DHCP Ack
DHCP server
July 2011
doc.: IEEE 802.11-11/01047r1
Questions & Comments
Submission
Slide 10
Ping Fang, Huawei.