Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGAI] Concerns with the draft 11ai security text



Hi David:

Thanks for the speedy follow-up email on your questions re the security draft.

Just a quick preliminary note on performance:
1) caveat: performance is highly dependent on implementation platform details, including instruction set, memory and the-like (and, of course, clever implementation of the crypto itself; extent to which implementation attack countermeasures have been implemented, etc.).
2) data point:  according to CHES 2004 paper, one has implementations of 160-bit curve on ATMega128 AVR 8 Mhz processor, with scalar multiplication taking 0.81s. Although linear scaling would seem debatable, if one would nevertheless do this, computational latency of scalar multiplication would come down to 129ms. Note RS: with improvements/new techniques developed since 2004, I estimate one could potentially squeeze this figure down to roughly 80ms (for 160-bit curve). For curve at 128-bit crypto strength, this may lead to time latency of roughly 250ms (again, doing just a backside of a beer coaster estimate; much depends on implementation platform details).
3) lower bound: the performance of any public-key based scheme without online TTP using standardized curves has time latency at least that of roughly one scalar multiplication. (Using RSA has far higher time latency, so is no option here.)

We can discuss in much more detail offline (by examining your platform choice).

On 9/21/2012 7:35 PM, David Goodall wrote:

I had an action item to provide my issues with the draft security text (assume baseline as 1045/r4). There were two general issues:

 

1. What functionality or advantages do we lose when we lose the EAPOL key frames?

 

A specific example is that the multi-band operations introduced in 11ad require use of fields which were added to EAPOL key frames 1-4. If we don’t have the EAPOL key frames in the 11ai mechanism, and we want the multi-band operation, then we need to do some extra specification work. This should be do-able but there may be an ongoing requirement to maintain this part of the multi-band functionality in more than one place in the 802.11 specification.

 

I need to review further to see if there any other similar issues.

 

 

2. Will 11ai fast initial link setup be fast for low power, CPU-challenged 802.11 devices?

 

An example is a mobile battery powered 802.11 RFID sensor tag with perhaps a 50 MHz 32 bit CPU. I gather that the current non-TTP proposal will take perhaps 10 ms on a smart phone with a 1 GHz processor so it does not appear suitable for low power devices. Rene Struik has indicated that this issue can be addressed with a different selection of elliptic curve and various processing techniques.

 

 

I have discussed the above with the authors and expect to communicate further via email when new drafts are available.

 

Thanks,

Dave

 

_______________________________________________________________________________

IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this CLOSED reflector. We use this valuable tool to communicate on the issues at hand.

SELF SERVICE OPTION: Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-FIA and then amend your subscription on the form provided. If you require removal from the reflector press the LEAVE button.

Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________



-- 
email: rstruik.ext@xxxxxxxxx | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________________________________________

IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this CLOSED reflector. We use this valuable tool to communicate on the issues at hand.

SELF SERVICE OPTION: Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-FIA and then amend your subscription on the form provided. If you require removal from the reflector press the LEAVE button.

Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________