Discussion on Secure Control Frame and MAC Header Protection in IEEE 802.11-24/0490r0

This document discusses the importance of addressing secure control frame and MAC header protection in IEEE 802.11-24/0490r0. It examines potential issues such as data disruption, denial of service, power drainage, and resource wastage. The author questions the necessity of solving these issues and explores the challenges related to different control frames. Additionally, it highlights the longevity and widespread use of the Wi-Fi ecosystem. The document also delves into the issues faced by various control frames, offering insights into potential vulnerabilities and misuse scenarios.

• IEEE 802.11
• Control Frame
• MAC Header
• Protection
• Security

rohlfing_d Follow

Uploaded on Oct 08, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. doc.: IEEE 802.11-24/0490r0 March 2024 Discussion on Control Frame and MAC Header Protection Date: 2024-03-08 Authors: Name Affiliations Address Phone Email Yunbo Li Shenzhen, China liyunbo@Huawei.com Yuchen Guo Guogang Huang Huawei Yue Zhao Maolin Zhang Ming Gan Submission Slide 1 Yunbo Li (Huawei)

2. doc.: IEEE 802.11-24/0490r0 March 2024 Introduction Many presentations in the UHR SG and 11bn discuss secure control frame and MAC header protection; [1-9] The target of designs is to solve the issues below: Data stream disruption Denial of service Power drainage Resource wastage Before we dive into the design, we need to think about the questions below Are these real issues to be solved? How to deal with other control frames besides TF, BAR and BA? Can we achieve the target when secure control frame and MAC header protection are used? Can an attack spread? What do we finally get? Submission Slide 2 Yunbo Li (Huawei)

3. doc.: IEEE 802.11-24/0490r0 March 2024 Are These Real Issues? I don t think all of these are real issues that the group needs to address; Lack of motivation for an attacker to initiate an attack; Because the victim s data is encrypted, the attacker can not get the date; The attacker needs to spend a lot of effort to initiate the attack, and also waste the attacker s time and power; No data to show whether and how often these issues happen in the real world; Practice is the best proof The unprotected control frames are used since the beginning of the Wi-Fi eco-system, which has already been used for 20 + years; The Trigger frame that was introduced in 11ax, will be used for 10+ years when Wi-Fi 8 be published; The Wi-Fi eco-system is widely used everyday in every country/area in the world. Submission Slide 3 Yunbo Li (Huawei)

4. doc.: IEEE 802.11-24/0490r0 March 2024 Issues for Other Control Frames? The presentations mainly discuss issues for the control frames below Trigger frame BAR frame BA frame Issue for other control frames are mentioned in [4]; RTS frame PS-Poll frame Ack frame More issues for other control frames may exist Ack: All individual management frames (except Action No Ack) will solicit an Ack frame, the attacker may respond with a fake Ack frame to cheat an AP CF-End: the attacker may abuse a CF-End frame to terminate a TXOP holder s TXOP CTS-to-self: the attacker can send a CTS-to-self without backoff, to occupy the medium through a virtual CCA mechanism Submission Slide 4 Yunbo Li (Huawei)

5. doc.: IEEE 802.11-24/0490r0 March 2024 Can We Achieve The Target? I don t think so; Please remember that the purpose of the attacker is one or more of: Data stream disruption Denial of service Power drainage Resource wastage The attacker can achieve the purpose easily, even totally following all the rules; Always transmit broadcast frames, so that all the STAs need to receive the packets all of the time, and will drain all STA s power quickly; Always contend the medium by using the minimum CW, and occupy the channel through CTS-to- self. The result is, denial of service for all STAs. Submission Slide 5 Yunbo Li (Huawei)

6. doc.: IEEE 802.11-24/0490r0 March 2024 Can The Attacks spread? No, the attacks are very difficult to spread; The key requirements for such attacks are Physical approaches to the victims, typically within 10 meters Constant power supply to maintain the attack I can not imagine how the attacker can install such equipment in the victim's home or office; Even if the attacker can make it, the attack equipment can be easily located since it is in a very limited physical area and needs to transmit wireless signals frequently. Submission Slide 6 Yunbo Li (Huawei)

7. doc.: IEEE 802.11-24/0490r0 March 2024 What Have We Finally Got? A similar example is that: installation of traffic lights at the road crossing will help to reduce traffic accidents. So the suggestion is to install traffic lights at each country cross road; Obviously it is not necessary. The traffic lights on the country roads will significantly add cost, and obstruct the traffic; If we do control frame protection and MAC header protection, the customer will have same secure experience (or negligible improvement) as before, but will need to pay more for the higher cost of the Wi-Fi chips; The low cost and high efficiency are the big benefits of the Wi-Fi eco-system, we are weakening these benefits if we go in this direction. Submission Slide 7 Yunbo Li (Huawei)

8. doc.: IEEE 802.11-24/0490r0 March 2024 Summary The control frame protection and MAC header protection are not for real issues that need to be solved; The target of avoiding data disruption and power drain cannot be achieved through secure control frame and MAC header protection; Even such attacks happen in some rare circumstances, the attacks are difficult to spread; We will add cost and burden for the Wi-Fi eco-system, but with negligible improvements in security, if we go in this direction. Submission Slide 8 Yunbo Li (Huawei)

9. doc.: IEEE 802.11-24/0490r0 March 2024 References [1] 11-23-0286 Trigger Frame Protection [2] 11-23-0312 Thoughts on Secure Control frames [3] 11-23-0352 Enhanced Security Discussion [4] 11-23-1102 security enhancement follow up [5] 11-23-1914 Enhanced Security Consideration in UHR [6] 11-23-1995 Trigger BA and BAR protection [7] 11-23-0356 MAC Header Protection [8] 11-23-1997 MAC Header Protection [9] 11-23-1888 MAC Header protection- follow up Submission Slide 9 Yunbo Li (Huawei)