Hi Joe,
Can you clarify what you mean by "restrict "? I am not sure how this will be done. Unless what you mean is that TGbh will not consider use of PASN ID across more than one BSS nor include any functionality in the draft to support such uses, which is
immediately doable. Or do you mean that TGbh will include functionality in the draft to detect when a PASN ID has been used in more than one BSS and specify the actions to take when such occurrence is detected? Perhaps you mean the first, with a clearly
worded informative statement that use of a PASN ID in more than one BSS is not supported by this standard?
Thanks for the clarification.
Ben
From: Joseph Levy <000019588066c6b7-dmarc-request@xxxxxxxxxxxxxxxxx>
Sent: Friday, June 7, 2024 1:07 PM
To: STDS-802-11-TGBK@xxxxxxxxxxxxxxxxx <STDS-802-11-TGBK@xxxxxxxxxxxxxxxxx>
Subject: Re: [STDS-802-11-TGBK] Attention PASN/FTM experts: Discussion on the use/intent of PASN
Dear All – STATUS:
My understanding is that while there may be ways to extend PASN beyond a signal ESS, there doesn’t seem to be a use case that will require PASN to be extended beyond an ESS. Unless
such a use case is provided, it is likely that TGbh will restrict the PASN ID to a single BSS.
So, if you have a use case for using PASN beyond a single BSS and want TGbh to allow the PASN ID to support it - please share it.
Mark – thanks for the clarification and address correction (got to love how smart Outlook is getting, fixing my address to a non-existing address).
Ali – While. as always, the market will constrain or expand the capabilities provided in the 802.11 specification, without a “use case” that would benefit
from a PASN ID that is used beyond an ESS, it is likely that TGbh will limit the use of PASN ID to the ESS of the AP that assigned the PASN ID to the non-AP STA. This limit will address the concerns that sharing the PASN ID outside of the ESS will reduce the
privacy of the non-AP STA (this has been shared in TGbh). (I’m not sure this is true, as the security of an ESS is not something I think is specified in the 802.11 specification.)
Nehru - If security can be extended beyond an ESS as you state and is useful, then I can see an argument to extend the PASN ID to also be supported beyond
an ESS. However, at this point it is not clear if this necessary to support or just something that could be nice to have. As I stated above, if there isn’t a clear reason to extend the PASN ID outside of the ESS, TGbh will probably not do so.
Regards,
Joseph
From: Nehru Bhandaru <nehru.bhandaru@xxxxxxxxxxxx>
Sent: Tuesday, May 28, 2024 2:09 PM
To: Ali Raissinia <alirezar@xxxxxxxxxxxxxxxx>
Cc: mark.hamilton2152@xxxxxxxxx; Joseph Levy <Joseph.Levy@xxxxxxxxxxxxxxxx>; stds-802-11-tgbk@xxxxxxxxxxxxxxxxx; STDS-802-11-TGBH@xxxxxxxxxxxxxxxxx; Segev, Jonathan <jonathan.segev@xxxxxxxxx>; Christian Berger <christian.berger@xxxxxxx>; Roy Want <roywant@xxxxxxxxxx>;
Jouni Malinen <jouni@xxxxxxxxxxxxxxxx>; Yan.li16@xxxxxxxxxx; okan.mutgan@xxxxxxxxx; Jay Yang <yang.zhijie@xxxxxxxxxx>; Graham Smith <gsmith@xxxxxxxxx>; Antonio de la Oliva (Consultant) <Antonio.delaOliva@xxxxxxxxxxxxxxxx>
Subject: Re: Attention PASN/FTM experts: Discussion on the use/intent of PASN
(I think) One thing though is that it is possible that the security can be extended beyond an ESS with FILS or SAE. Authentication frames (EAP-RP,
or SAE in Wrapped Data IEs) can establish the PMK for that AKM/ESS; that PMK is used in PTK derivation with PASN...
- N
On Tue, May 28, 2024 at 10:45 AM Nehru Bhandaru <nehru.bhandaru@xxxxxxxxxxxx>
wrote:
PASN Authentication security depends on a base AKM - and its corresponding PMK that was established earlier. If I understand correctly, that
security is bound to the ESS and not to the radio vicinity of the non-AP STA.
Having said, that one may be able to extend that security beyond the ESS if that is required, but that would require an extension (I would think)
- N
On Tue, May 28, 2024 at 10:37 AM Ali Raissinia <alirezar@xxxxxxxxxxxxxxxx>
wrote:
+ Nehru
As far as I am aware the introduction of PASN in FTM exchange was to provide an ability to ensure that the measurement results are protected between unassociated non-AP STA & AP since
FTM measurements are often done (for location) with other APs besides the AP that the STA is associated with. Expanding PASN to share ‘device ID’ can potentially bring in new use cases where APs might need to be part of ESS, but like Mark is highlighting ‘what
is the scope of that correlation” and do we need to restrict it in the spec now and/or leave it for the applications to constrain?
Ali
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
Try again with the reflector emails corrected.
Mark
Joe, all,
I’d like to clarify the “two main views”. At least in my opinion from the discussion, I think the views in question are:
- PASN
_with a shared knowledge of the non-AP STA’s identity_ is used only within
an ESS (for messaging between a non-AP STA and the set of APs that form a single ESS).
- PASN
_with a shared knowledge of the non-AP STA’s identity_ is used in an area
and can be used with any AP that supports PASN (for messaging between a non-AP STA any AP that supports PASN in “radio range” of the non-AP STA, independent of the AP’s ESS).
That is, I can well imagine PASN (as a generic concept) could be used independent of the APs’ ESS(s), but when some sort of identification
of the non-AP STA is used/needed/desired (to correlate FTM requests, or for other reasons – I’m not sure what all the uses cases might be) what is the scope of that correlation?
This is an important distinction, as it is the scope of the TGbh relevant aspect to all this to consider only the scope of the non-AP STA
_identification_ and therefore the ability to correlate the PASN interactions (per Joe’s “Background”) .
Mark
Dear PASN/FTM experts:
During today’s TGbh call a discussion was had regarding PASN and FTM use/use cases.
There were two main views provided by the attendees:
- PASN is used only within an ESS (for messaging between a non-AP STA and the set of APs that form a single ESS).
- PASN is used in an area and can be used with any AP that supports PASN (for messaging between a non-AP STA any AP that supports
PASN in “radio range” of the non-AP STA, independent of the AP’s ESS).
I believe how this is “viewed” has implications for the use of PASN for FTM and location accuracy in general. This also has privacy impacts, as sharing an ID outside of an ESS may cause
the ID to be shared to unknow entities which may allow these entities to track the non-AP STA.
Hence, the group requested this email discussion and a better understanding of the PASN use cases.
Thank you, in advance, for your assistance to provide TGbh a better understanding of the use of and use cases for PASN and FTM.
Background:
TGbh is creating a PASN ID that can be used to identify a non-AP STA that is using random MAC addresses to improve its “privacy”, this PASN ID would allow the non-AP STA to be identified
by the AP/network. The PASN ID is not fixed and allows for some degree of privacy for the non-AP STA, while providing the AP/network with an “ID” for the non-AP STA (the AP/network is informed, in a non-specified manner, of the PASN ID and can use that information
to identify the non-AP STA).
Note: the use of the term network in this email basically includes all APs that can support PASN, this could mean; 1) all APs that are connected by some means, that may or may not be in
the same ESS, 2) all APs that are connected by being in the same ESS.
Regards,
Joseph
To unsubscribe from the STDS-802-11-TGBK list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBK&A=1
To unsubscribe from the STDS-802-11-TGBK list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBK&A=1
|