Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hi Yifan, Thanks for your question and comments. <a2,m2> on that slide is correct because that’s what the AP will use (its own authentic MAC addresses) but the STA is looking for RA=m2’. The result is that
msg will be ignored by the STA. Re man-in-the-middle attack, it’s a textbook security example and it’s a common assumption when wireless security is concerned. Think of why there is a MIC to protect the protected management frames.
That’s used to detect someone tempering with the content of the frame OTA. Thanks, Duncan From: zhouyifan (G) <zhouyifan8@xxxxxxxxxx> CAUTION: This email originated from outside of
the organization. Thanks Duncan for this thread. In slide 8, the fourth bullet, is the <TA, RA> should be <a2,m2’>? Since the AP MLD only receive m’ from the association frames. Still I have a doubt on the attack procedure. As you mentioned, there should be a relay between the AP MLD and non-AP MLD, and then the attack can happen. I’m not sure if it’s a real problem.
Best Regards. 周逸凡 /
Yifan Zhou Huawei Technologies 发件人: Duncan Ho [mailto:dho@xxxxxxxxxxxxxxxx]
Hi all, Sorry we ran out of time answering questions on the call today. I’ll try to answer them below here and please send me other questions you may have. Rojan asked: How can 4-way handshake pass? Answer: The 4-way handshake is between the non-AP MLD and the AP MLD and in MLO case it uses the MLD addresses to generate the PTK. Only the non-AP MLD and AP MLD know the PMK. The attacker does not change anything in the 4way handshake
so the 4WH will pass. The problem is the attacker has changed one of the STA MAC addresses of the non-AP MLD included in the Association Req msg, which goes undetected. If we add the STA MAC addresses of the non-AP MLD in one of the protected msgs within the 4way handshake, the AP will receive the protected STA MAC addresses. Same idea goes in the other direction (AP MLD to the STA MLD). Yongho asked: can we change the MAC address part as the following? The MAC address(es) of the STA(s) of the non-AP MLD corresponding to the link(s) it intends to setup with the AP MLD. Answer: Absolutely. Thanks, Duncan To unsubscribe from the STDS-802-11-TGBE list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBE&A=1 To unsubscribe from the STDS-802-11-TGBE list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBE&A=1 To unsubscribe from the STDS-802-11-TGBE list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBE&A=1 |