
Secure Roaming Proposal for IEEE 802.11-25 Networks
"This proposal addresses security issues in roaming for IEEE 802.11-25 networks by introducing solutions for PTK sharing risks and key isolation. It focuses on enhancing the security and reliability of roaming through a detailed security process within the SMD framework."
Download Presentation

Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
March 2025 doc.: IEEE 802.11-25/0313r0 Roaming Security Procedure Date: Feb. 26, 2025 Authors: Name Affiliations Address Phone Email Xuwen Zhao Building G1, TCL International-E City, Shenzhen, Guangdong, China. zhaoxuwen123@outlook.com Pei Zhou TCL Submission Slide 1 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Introduction In the current landscape of roaming contributions, two primary roaming and security technical directions have been established: Distributed SMD with PTK sharing, in which the same PTKSA is used and transferred when roaming from the current AP MLD to target AP MLD. [1-2] Enhanced fast BSS transition (FT), in which different PTKSAs are used when roaming from the current AP MLD to target AP MLD. [3-5] The latest Motion states within the SMD, the same PMKSA and PTKSA, established with the SMD-ME , shall be used to protect communications with the current AP MLD and the target AP MLD. (Motion 285, 286), A non-AP MLD transitions between AP MLDs within the SMD while maintaining its association and security association with the SMD-ME. (Motion 279). Although there are the above-mentioned general motions, there are still some security issues and a lack of corresponding solutions. This proposal focuses on the SMD-based technical approach and provides a detailed security process and security context definition to address the security issues and enhance the overall security and reliability of roaming. Submission Slide 2 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Problem Statement While the Distributed SMD with PTK sharing offers a promising framework for secure roaming, several critical issues remain unresolved: PTK Sharing With Potential Leakage PTK shared over insecure links (e.g., between non-AP MLD and target AP MLD) poses a risk of leakage. [6] Key Sharing Risks in the Same SMD If all AP MLDs within the same SMD share the same PTK, a significant security vulnerability arises. Specifically, if an attacker compromises one AP MLD and intercepts the shared security context, it would allow the attacker decrypt and intercept all data transmissions between the non-AP MLD and all AP MLDs within the SMD using the same shared PTK. Lack of Key Isolation To mitigate the above risk, a key isolation mechanism is required. By ensuring that the non-AP MLD uses different PTKs for communication with different AP MLDs, the impact of an attack can be confined to the compromised AP MLD. SMD AP MLD1 (Compromised) non-AP MLD AP MLD2 AP MLD3 Data interception Data interception Data interception Submission Slide 3 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Proposed method for roaming through current AP MLD To address the identified issues, this proposal introduces the following solution, when the non-AP MLD sends roaming request to the current AP MLD: SMD Security Domain Assumptions non-AP MLD Current AP MLD Target AP MLD The current AP MLD and the target AP MLD are assumed to be within the same SMD. The SMD is treated as a secure domain, and it is assumed that there exists a secure channel (e.g., wired connection) between the current AP MLD and the target AP MLD. 0.802.1X authentication and the four-way handshake Security Context transfer Within the SMD 1.Generate and save PTK ID separately. The non-AP MLD and the current AP MLD respectively generate the same PTK identifier and save the mapping relationship between the PTK identifier and the old PTK. 3.Roaming Add Link Request PTK id, SNonce The non-AP MLD sends PTK identifier and SNonce to the current AP MLD The current AP MLD queries the old PTK based on the PTK identifier. 4.Query PTK based on PTK ID The current AP MLD securely transmits the old PTK and SNonce to the target AP MLD over the secure channel. 5.Context Transfer Request PTK, SNonce The target AP MLD responses the ANonce to the non-AP MLD. 6.Derive and save the new PTK Key Derivation Process Both the non-AP MLD and the target AP MLD independently derive a new PTK based on the old PTK, SNonce, ANonce, non-AP MLD MAC address and target AP MLD MAC address. 7.Context Transfer Response ANonce 8.Roaming Add Link Response ANonce This ensures that the non-AP MLD and the target AP MLD establish a unique PTK for their communication. 9.Derive and save the new PTK 10.roaming to target AP MLD Secure Link Establishment The non-AP MLD uses the newly derived PTK to establish a secure link with the target AP MLD. Submission Slide 4 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Proposed method for roaming through target AP MLD SMD To address the identified issues, this proposal introduces the following solution , when the non-AP MLD sends roaming request to the target AP MLD : non-AP MLD Current AP MLD Target AP MLD Security Context transfer Within the SMD 0.802.1X authentication and the four-way handshake The non-AP MLD and the current AP MLD respectively generate the same PTK identifier and save the mapping relationship between the PTK identifier and the old PTK. 1.Generate and save PTK ID separately. The non-AP MLD sends PTK identifier and SNonce to the target AP MLD The target AP MLD requests the current AP MLD to transfer the old PTK based on the PTK identifier. The current AP MLD queries the old PTK based on the PTK identifier. 3.Roaming Add Link Request PTK id, SNonce The current AP MLD securely transmits the old PTK and SNonce to the target AP MLD over the secure channel. 4.Context Transfer Request PTK id 5.Query PTK based on PTK ID The target AP MLD responses the ANonce to the non-AP MLD. 6.Context Transfer ReSponse PTK, SNonce Key Derivation Process Both the non-AP MLD and the target AP MLD independently derive a new PTK based on the old PTK, SNonce, ANonce, non-AP MLD MAC address and target AP MLD MAC address. 7.Derive and save the new PTK 8.Roaming Add Link Response ANonce 9.Derive and save the new PTK 10.roaming to target AP MLD Submission Slide 5 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Summary This proposal addresses the security issues in SMD-based roaming by introducing a key isolation mechanism and a secure key derivation process. The key points of this proposal are: The request sent by the non-AP MLD to the current AP MLD or target AP MLD contains the PTK identifier instead of the PTK, preventing PTK leakage. The non-AP MLD and the target AP MLD re-derive a new PTK based on the old PTK, random numbers and addresses. This effectively provides a key isolation mechanism, ensuring that the non-AP MLD uses different PTKs with different AP MLDs. This mechanism can confine attacks to the non-AP MLD and the malicious AP MLD, thereby protecting the security of data transmission between the non-AP MLD and other AP MLDs. Submission Slide 6 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Straw Poll #1 Do you agree to add the following text to the TGbn SFD: TGbn should define a security mechanism in the roaming process to prevent key leakage and provide key isolation. Y/N/A Submission Slide 7 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 Straw Poll #2 Do you agree to add the following text to the TGbn SFD: The non-AP MLD and the current AP MLD respectively generate the same PTK identifier and save the mapping relationship between the PTK identifier and the old PTK. The request sent by the non-AP MLD to the current AP MLD or target AP MLD contains the PTK identifier, preventing PTK leakage. The non-AP MLD and the target AP MLD re-derive a new PTK based on the old PTK, random numbers and addresses. Y/N/A Submission Slide 8 Xuwen Zhao, TCL
March 2025 doc.: IEEE 802.11-25/0313r0 References [1] 11-24-0052-00-00bn-seamless-roaming-details [2] 11-23-2157-02-00bn-seamless-roaming-within-a-mobility-domain [3] 11-23-1897-00-00bn-thoughts-on-improving-roaming-under-existing-architecture [4] 11-24-0349-03-00bn-enhanced-fast-bss-transition [5] 11-24-0679-04-00bn-thoughts-on-functionality-and-security-architecture-for-uhr-seamless-roaming [6] 11-24-0655-00-00bn-thoughts-on-smd-roaming-and-ft-roaming Submission Slide 9 Xuwen Zhao, TCL