Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Notes from meeting 12/10/02

To: "Marcus Leech" <mleech@nortelnetworks.com>
Subject: Re: [LinkSec] Notes from meeting 12/10/02
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 16 Dec 2002 09:34:50 -0500
Cc: stds-802-linksec@ieee.org
In-Reply-To: <3DF8AEC8.489F8FD1@NORTELNETWORKS.COM>
References: <5.2.0.9.2.20021211152253.02885a80@mail.binhost.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Marcus:

In IEEE 802.11, there are now several security protocols.  In trying to 
understand how their differences, we made a model of the 802.11 MAC.  It is 
impossible to get agreement on the internal organization of the MAC.  Any 
structure that provides the correct interface and correct peer interaction 
is acceptable.  So, standards are not welcome in this area.

In my opinion, it will be very difficult to provide security of MAc-to-MAC 
control traffic without a structure like this for the MAC that is being 
protected.

Russ


At 10:44 AM 12/12/2002 -0500, Marcus Leech wrote:
>Russ Housley wrote:
> >
> > Allyn:
> >
> > I would like to clarify one point for the final minutes.
> >
> > >Russ - protection of MAC control track is part of our work, don't know
> > >if replay is important.  At the rate things are being added onto MACs,
> > >if replay isn't important today it will be
> >
> > I do not know if protection of the MAC control traffic is important.  I
> > hope it can be put out of scope.  Otherwise a specific solution will be
> > needed for each MAC.  However, it is clear that management protocols that
> > sit on top of the MAC are within scope.  Bridge-to-bridge traffic is one
> > example.  Further, I do not know if replay protection is important, but I
> > suspect that it is.  Even if we were to make study today of each of the
> > protocols and we were to find that replay could not cause a problem, this
> > may not be meaningful.  Future changes could introduce a problem.
> >
>Shooting entirely from the hip here, it seems to me that including MAC-layer
>   control traffic our security "perimeter" [cone of silence :-) ] wouldn't
>   necessarily require a large amount of per-MAC engineering.
>
>I suspect that a higher-layer key management scheme can be shared across 
>everything,
>   as in 802.10.  I *suspect* that the process of extruding SDE into the 
> individual
>   MAC layers will result in only minor tweakages about where the bits live,
>   with largely-similar or identical semantics, and a common set of mandatory
>   algorithms.
>
>It seems to me that being able to hijack MAC-layer control traffic can have
>   as devastating consequences as being able to hijack user and 
> bridging-control
>   traffic, so if we don't protect it, we've only done half a job.
>
>--
>----------------------------------------------------------------------
>Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
>Advisor                                  Phone: (ESN) 393-9145  +1 613 763 
>9145
>Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613 763 
>9435
>Nortel Networks                          mleech@nortelnetworks.com
>-----------------Expressed opinions are my own, not my employer's------

References:
- Re: [LinkSec] Notes from meeting 12/10/02
  - From: Russ Housley <housley@vigilsec.com>
- Re: [LinkSec] Notes from meeting 12/10/02
  - From: "Marcus Leech" <mleech@nortelnetworks.com>

Prev by Date: Re: Key Identification RE: [LinkSec] Requirements
Next by Date: RE: Key Identification RE: [LinkSec] Requirements
Prev by thread: Re: [LinkSec] Notes from meeting 12/10/02
Next by thread: RE: [LinkSec] Notes from meeting 12/10/02
Index(es):
- Date
- Thread