Proposal for Establishing Epochs in IEEE 802.11-17/2059r1 Network
This proposal by Stephen Rodriguez from Cisco suggests partitioning time into epochs based on network trust levels to determine when clients should change their MAC addresses dynamically. The idea involves rotating MAC addresses at specified intervals depending on the trust level of the network connection, enhancing security and making it harder for eavesdroppers to detect address changes.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Oct 2023 doc.: IEEE 802.11-17/2059r1 TGbi Epoch proposal Date: 2023-10-28 Authors: Name Stephen Rodriguez Affiliations Cisco Address ::1 Phone email Stephen.rodriguez@ieee.org sorr@cisco.com Stephen Orr Cisco Submission Slide 1 Stephen Rodriguez, Cisco
Oct 2023 doc.: IEEE 802.11-17/2059r1 Abstract Define an epoch for when a client should change the Over The Air (OTA) MAC address that is being used. Submission Slide 2 Stephen Rodriguez, Cisco
Oct 2023 doc.: IEEE 802.11-17/2059r1 Epoch Partitioning Idea Partition time into epochs based on network trust*: Fully Untrusted Open/OWE Rotate every 5 mins Semi Untrusted PSK Rotate every 10 mins. Trusted - 802.1X - Rotate every 10 mins optional (enabled if using IRM) Passpoint treated as Fully Untrusted By defining epochs based on association duration, both the AP STA and non-AP STA will know when they should rotate to the new IRM , calculation could happen anytime during the current epoch This allows for a dynamic approach as not all non-AP STA will rotate at the same time, making it more difficult for an eavesdropper to know a rotation happened vs STA joining/leaving *non-AP STA can override the default network type in the supplicant configuration Submission Slide 3 Stephen Rodriguez, Cisco
Oct 2023 doc.: IEEE 802.11-17/2059r1 Update/Sunset Announce time Tell AP-STA when non-AP STAwill start to use new IRM sent in a protected frame e.g. in 1 minute STA will use new IRM Once announce time has elapsed, Sunset timer starts. Sunset timer DTIM period * 5 Frames in the queue should still be transmitted during the Sunset period Old mac shall not respond and AP shall not forward packets for old IRM once Sunset timer has elapsed. Submission Slide 4 Stephen Rodriguez, Cisco
Oct 2023 doc.: IEEE 802.11-17/2059r1 Straw Poll Would you support using AKM based/network trust level, for Epoch definition? Submission Slide 5 Stephen Rodriguez, Cisco