Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hi All,
I recall some members like Jouni , Mike made comments during the call to say we should limit device/PASN ID in the same ESS , The ideas of sharing device ID or PMK (may including PTK ) across ESS may cause some security concern. I agree on this.
If there is a true use case to request Device ID or PMK shared across ESS , we should identify the use case first. Or we could leave it to the implementation that is out of 802.11 scope.
Thanks
Best Regards
Jay Yang (杨志杰)
PASN Authentication security depends on a base AKM - and its corresponding PMK that was established earlier. If I understand correctly, that security is bound to the ESS and not to the radio vicinity of the non-AP STA.Having said, that one may be able to extend that security beyond the ESS if that is required, but that would require an extension (I would think)- NOn Tue, May 28, 2024 at 10:37 AM Ali Raissinia <alirezar@xxxxxxxxxxxxxxxx> wrote:+ Nehru
As far as I am aware the introduction of PASN in FTM exchange was to provide an ability to ensure that the measurement results are protected between unassociated non-AP STA & AP since FTM measurements are often done (for location) with other APs besides the AP that the STA is associated with. Expanding PASN to share ‘device ID’ can potentially bring in new use cases where APs might need to be part of ESS , but like Mark is highlighting ‘what is the scope of that correlation” and do we need to restrict it in the spec now and/or leave it for the applications to constrain?
Ali
From: mark.hamilton2152@xxxxxxxxx <mark.hamilton2152@xxxxxxxxx>
Sent: Tuesday, May 28, 2024 10:10 AM
To: 'Joseph Levy' <Joseph.Levy@xxxxxxxxxxxxxxxx>; stds-802-11-tgbk@xxxxxxxxxxxxxxxxx; STDS-802-11-TGBH@xxxxxxxxxxxxxxxxx
Cc: 'Segev , Jonathan' <jonathan.segev@xxxxxxxxx>; Ali Raissinia <alirezar@xxxxxxxxxxxxxxxx>; 'Christian Berger' <christian.berger@xxxxxxx>; 'Roy Want' <roywant@xxxxxxxxxx>; Jouni Malinen <jouni@xxxxxxxxxxxxxxxx>; Yan.li16@xxxxxxxxxx; okan.mutgan@xxxxxxxxx; 'Jay Yang' <yang.zhijie@xxxxxxxxxx>; 'Graham Smith' <gsmith@xxxxxxxxx>; 'Antonio de la Oliva (Consultant)' <Antonio.delaOliva@xxxxxxxxxxxxxxxx>
Subject: RE: Attention PASN /FTM experts: Discussion on the use/intent of PASN
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
Try again with the reflector emails corrected.
Mark
From: mark.hamilton2152@xxxxxxxxx <mark.hamilton2152@xxxxxxxxx>
Sent: Tuesday, 28 May, 2024 10:59
To: 'Joseph Levy' <Joseph.Levy@xxxxxxxxxxxxxxxx>; STD-802-11-bh@xxxxxxxxxxxxx.; STD-802-11-bk@xxxxxxxxxxxxx
Cc: 'Segev , Jonathan' <jonathan.segev@xxxxxxxxx>; 'Ali Raissinia ' <alirezar@xxxxxxxxxxxxxxxx>; 'Christian Berger' <christian.berger@xxxxxxx>; 'Roy Want' <roywant@xxxxxxxxxx>; 'Jouni Malinen ' <jouni@xxxxxxxxxxxxxxxx>; Yan.li16@xxxxxxxxxx; okan.mutgan@xxxxxxxxx; 'Jay Yang' <yang.zhijie@xxxxxxxxxx>; 'Graham Smith' <gsmith@xxxxxxxxx>; 'Antonio de la Oliva (Consultant)' <Antonio.delaOliva@xxxxxxxxxxxxxxxx>
Subject: RE: Attention PASN /FTM experts: Discussion on the use/intent of PASN
Joe, all,
I’d like to clarify the “two main views”. At least in my opinion from the discussion, I think the views in question are:
PASN _with a shared knowledge of the non-AP STA’s identity_ is used only within an ESS (for messaging between a non-AP STA and the set of APs that form a single ESS ).
PASN _with a shared knowledge of the non-AP STA’s identity_ is used in an area and can be used with any AP that supports PASN (for messaging between a non-AP STA any AP that supports PASN in “radio range” of the non-AP STA, independent of the AP’s ESS ).
That is, I can well imagine PASN (as a generic concept) could be used independent of the APs ’ ESS (s), but when some sort of identification of the non-AP STA is used/needed/desired (to correlate FTM requests, or for other reasons – I’m not sure what all the uses cases might be) what is the scope of that correlation?
This is an important distinction, as it is the scope of the TGbh relevant aspect to all this to consider only the scope of the non-AP STA _identification_ and therefore the ability to correlate the PASN interactions (per Joe’s “Background”) .
Mark
From: Joseph Levy <Joseph.Levy@xxxxxxxxxxxxxxxx>
Sent: Tuesday, 28 May, 2024 10:13
To: STD-802-11-bh@xxxxxxxxxxxxx.; STD-802-11-bk@xxxxxxxxxxxxx
Cc: Segev , Jonathan <jonathan.segev@xxxxxxxxx>; Ali Raissinia <alirezar@xxxxxxxxxxxxxxxx>; Christian Berger <christian.berger@xxxxxxx>; 'Roy Want' <roywant@xxxxxxxxxx>; Jouni Malinen <jouni@xxxxxxxxxxxxxxxx>; Yan.li16@xxxxxxxxxx; okan.mutgan@xxxxxxxxx; mark.hamilton2152@xxxxxxxxx; Jay Yang <yang.zhijie@xxxxxxxxxx>; Graham Smith (gsmith@xxxxxxxxx) <gsmith@xxxxxxxxx>; Antonio de la Oliva (Consultant) <Antonio.delaOliva@xxxxxxxxxxxxxxxx>
Subject: Attention PASN /FTM experts: Discussion on the use/intent of PASN
Dear PASN /FTM experts:
During today’s TGbh call a discussion was had regarding PASN and FTM use/use cases.
There were two main views provided by the attendees:
PASN is used only within an ESS (for messaging between a non-AP STA and the set of APs that form a single ESS ).
PASN is used in an area and can be used with any AP that supports PASN (for messaging between a non-AP STA any AP that supports PASN in “radio range” of the non-AP STA, independent of the AP’s ESS ).
I believe how this is “viewed” has implications for the use of PASN for FTM and location accuracy in general. This also has privacy impacts, as sharing an ID outside of an ESS may cause the ID to be shared to unknow entities which may allow these entities to track the non-AP STA.
Hence, the group requested this email discussion and a better understanding of the PASN use cases.
Thank you, in advance, for your assistance to provide TGbh a better understanding of the use of and use cases for PASN and FTM .
Background:
TGbh is creating a PASN ID that can be used to identify a non-AP STA that is using random MAC addresses to improve its “privacy”, this PASN ID would allow the non-AP STA to be identified by the AP/network. The PASN ID is not fixed and allows for some degree of privacy for the non-AP STA, while providing the AP/network with an “ID” for the non-AP STA (the AP/network is informed, in a non-specified manner, of the PASN ID and can use that information to identify the non-AP STA).
Note: the use of the term network in this email basically includes all APs that can support PASN , this could mean; 1) all APs that are connected by some means, that may or may not be in the same ESS , 2) all APs that are connected by being in the same ESS .
Regards,
Joseph
To unsubscribe from the STDS-802-11-TGBH list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1