Discussion on IEEE 802.11 Use Cases for Wi-Fi Deployment in Public and Residential Settings

Slide Note
Embed
Share

This document discusses various use cases related to IEEE 802.11 Wi-Fi deployment, focusing on scenarios in enterprise, residential, and public settings. It covers topics such as device identification schemes, verification processes for public Wi-Fi users, challenges with fixed MAC addresses, and encryption methods like Opportunistic Wireless Encryption (OWE). The content highlights the importance of addressing troubleshooting needs, user verification, and security enhancements in different Wi-Fi environments.


Uploaded on Jul 20, 2024 | 2 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Jan 2023 Doc.: IEEE 802.11-23/22r1 Use cases discussion Date: 2023-01-16 Authors: Name Jay Yang Affiliations NOKIA Address Phone email Zhijie.yang@nokia-sbell.com Okan Mutgan okan.mutgan@nokia-sbell.com Submission Jay Yang, et al. (Nokia)

  2. Jan 2023 Doc.: IEEE 802.11-23/22r1 Background-1 In general, 3 types of Wi-Fi deployed in most place. Enterprise Wi-Fi(802.1X, no need additional identification approach) Residential Wi-Fi (shared key, password) Public Wi-Fi(open mode + Captive portal ) Device ID 11bh group proposed NW generated Device ID scheme to identify each returned STA for Residential Wi-Fi The benefit is to address trouble shooting use case. Submission Slide 2 Jay Yang, et al. (Nokia)

  3. Jan 2023 Doc.: IEEE 802.11-23/22r1 Use case for public Wi-Fi Deployed in public places and offered over Open wireless network, like coffee shops, airports, hospitals, hotels, etc. End user need to input the verification information via WebUI after connected with AP for special user (employee): username/password for guest: Phone number/dynamic verification code Submission Slide 3 Jay Yang, et al. (Nokia)

  4. Jan 2023 Doc.: IEEE 802.11-23/22r1 Use case for public Wi-Fi-Con. If a fixed STA MAC address is used as the identifier, network can skip the portal certification for the returned STA. It is unnecessary for the end user to provide verification info. after leaving the network and coming back in a while This scenario is similar as in residential environment. RCM makes such implementation (skipping the portal verification) broken End user experience becomes bad. e.g., obtaining the verification code to complete the portal certification after each association. Public Wi-Fi is not equal to free Wi-Fi in some implementation e.g., Free for an hour and pay for it if the user intends to continue to access the NW. Submission Slide 4 Jay Yang, et al. (Nokia)

  5. Jan 2023 Doc.: IEEE 802.11-23/22r1 Background-2 OWE OWE (Opportunistic Wireless Encryption ,refer to RFC 8110) is an encryption method to enhance the security and privacy of users connecting to public Wi-Fi networks. The client and AP perform a Diffie-Hellman key exchange via association request/response to generate PMK and 4-way handshake to generate the PTK (note: no authentication is performed between non-AP STA and AP in OWE. OWE only offers encryption) 802.11 SPEC provides three RSNA approaches: 802.1X, SAE with password, and OWE. Submission Slide 5 Jay Yang, et al. (Nokia)

  6. Jan 2023 Doc.: IEEE 802.11-23/22r1 Frame exchange in OWE No password input by end user Open Auth Req & Resp STA AP Association req(STA pub key) Generate PMK Association resp(AP pub key) Generate PTK 4-way handshake Submission Slide 6 Jay Yang, et al. (Nokia)

  7. Jan 2023 Doc.: IEEE 802.11-23/22r1 Possible solution for Returned STA identification in public Wi-Fi Captive portal + OWE+ 11bh identification approach OWE provides the security context for identifier exchange, making such approach possible. End user already accustomed to captive portal certification; nothing changes from End user experience. Passpoint relies on several distinct components (RADIUS, Certification Authority, User Database, Profile Originator) Deployment complicated than Captive portal Any components failure will cause the whole network failure. 3rd party services are needed(like EAP-SIM, EAP-AKA) Submission Slide 7 Jay Yang, et al. (Nokia)

  8. Jan 2023 Doc.: IEEE 802.11-23/22r1 Device ID approach applied in OWE (normal case) No password input by end user Open Auth Req & Resp STA AP Association req & resp (STA & AP pub key) Generate PMK Key 3: device ID granted Open Auth Req & Resp Association req & resp (STA & AP pub key) Second association Key 2: provide old device ID for identification Key 3: grant new device ID Submission Slide 8 Jay Yang, et al. (Nokia)

  9. Jan 2023 Doc.: IEEE 802.11-23/22r1 Fake AP issue in public place Several AP nodes deployed in the public place to enlarge Wi-Fi coverage 3rd party easy to mimic a legitimate AP around them(no password) STA doesn t have the ability to distinguish fake AP from legitimate AP (note that captive portal provides authentication of client to AP, however, does not provide authentication of AP to client) Fake AP Submission Slide 9 Jay Yang, et al. (Nokia)

  10. Jan 2023 Middle man attack based on device ID approach Doc.: IEEE 802.11-23/22r1 STA STA Legitimate AP Association req & resp (STA & AP pub key) Key 3: grant a device ID(ID1) 1st Association req & resp (STA & AP pub key) 2nd Key 2: provide old device ID(ID1) from the legitimate AP for identification Fake AP (Middle man) Key 3: grant a garbage device ID Association req & resp (STA & AP pub key) Key 2: provide ID1 for identification Mimics as a returned STA Key 3: grant a new device ID Slide 10 Jay Yang, et al. (Nokia) Submission

  11. Jan 2023 Doc.: IEEE 802.11-23/22r1 Possible approach for OWE mode The returned STA should identify the AP before providing its device ID identify the AP via auth/association request/response frame exchange Submission Slide 11 Okan Mutgan, et al. (Nokia)

  12. Jan 2023 Doc.: IEEE 802.11-23/22r1 SP1 Do you agree 11bh group should consider an approach for the public Wi-Fi to identify the returned STA? Note: Public Wi-Fi means the security mode of the AP is set to Open or OWE mode. Submission Slide 12 Okan Mutgan, et al. (Nokia)

Related


More Related Content