Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Notes from meeting 12/10/02

To: "Walker, Jesse" <jesse.walker@intel.com>
Subject: Re: [LinkSec] Notes from meeting 12/10/02
From: "Marcus Leech" <mleech@nortelnetworks.com>
Date: Thu, 12 Dec 2002 14:18:43 -0500
CC: "Marcus Leech" <mleech@nortelnetworks.com>, Russ Housley <housley@vigilsec.com>, allyn romanow <allyn@cisco.com>, stds-802-linksec@ieee.org
Organization: Nortel Networks
References: <EDC461A30AC4D511ADE10002A5072CAD05AF824A@orsmsx119.jf.intel.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org

"Walker, Jesse" wrote:
> 
> I don't understand this, so could you ellaborate, please? I'm thinking of
> 802.11, so perhaps I'm using the wrong model. Protecting the 802.11 control
> messages would very greatly expand the security perimeter as best I can
> tell. Thanks.
> 
>
Ok, I'll try to get across what I'm talking about.

When considering a security protocol, what you're doing, at some very fundamental
  level, is wrapping up a lump of data/message in a security transform.

The security transform provides services:

  o integrity
  o confidentiality
  o data-origin authentication

SDE is such a transform, designed to carry the messages that are available at the
  LLC/MAC interface.

Below this interface, there are messages (management and control) that never make
  it up to where SDE could reasonably offer security transform services.

So, you need to move the transform down a layer, which makes it non-generic.
  There's a further added complication that the security semantics of the
  individual management messages at this layer may have a very poor match to
  the semantics envisaged by the "generic" security transform.

Disconnects can happen, for example, when the logical endpoints of these messages
  don't map very well (from a security standpoint) into the endpoints envisaged by
  the security transform. Another disconnect can happen when the security-related
  semantics of individual management messages vary wildly from one another--thus
  disallowing a "generic" view of security for these messages.

From *this* observers standpoint, being naieve about the funkiness of the MAC-layer
  control and management messages, I see it as simply extruding a generic security
  transform (SDE) into the MAC-layer by rearranging the bits to fit, and tweaking
  the key management to work "right".

-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Advisor                                  Phone: (ESN) 393-9145  +1 613 763 9145
Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613 763 9435
Nortel Networks                          mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------

References:
- RE: [LinkSec] Notes from meeting 12/10/02
  - From: "Walker, Jesse" <jesse.walker@intel.com>

Prev by Date: [LinkSec] Is 20 participants enough for Security conference calls ??
Next by Date: RE: [LinkSec] Requirements
Prev by thread: RE: [LinkSec] Notes from meeting 12/10/02
Next by thread: RE: [LinkSec] Notes from meeting 12/10/02
Index(es):
- Date
- Thread