Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li;...
-
Upload
valerie-davidson -
Category
Documents
-
view
217 -
download
3
Transcript of Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li;...
doc.: IEEE 802.11-12/0041r1
Submission
Name Affiliations Address Phone emailRobert Sun; Yunbo Li;
Edward Au; Phillip Barber
Huawei Technologies Co., Ltd.
Suite 400, 303 Terry Fox Drive, Kanata, Ontario K2K 3J1
+1 613 2871948 [email protected]
Performance Analysis of 802.11 authentication and authorization
• Date: 2011-11-15
Slide 1
Authors:
Rob Sun etc, Huawei.
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission Slide 2
Abstract
Rob Sun etc, Huawei.
• This proposal provides analysis of primary delay contributors within RSNA security protocol in accordance with IEEE 802.11i.
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Conformance w/ TGai PAR & 5C
Rob Sun etc, Huawei.Slide 3
Conformance Question Response
Does the proposal degrade the security offered by Robust Security Network Association (RSNA) already defined in 802.11?
No
Does the proposal change the MAC SAP interface? No
Does the proposal require or introduce a change to the 802.1 architecture? No
Does the proposal introduce a change in the channel access mechanism? No
Does the proposal introduce a change in the PHY? No
Which of the following link set-up phases is addressed by the proposal?(1) AP Discovery (2) Network Discovery (3) Link (re-)establishment / exchange of security related messages (4) Higher layer aspects, e.g. IP address assignment
3
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
IEEE 802.11 EAP Authentication and Authorization
Delay Contributors
• EAP Authentication Phases– EAPOL handshake
– EAP specific methods Authentication and Key establishment• Key Agreement
• Key Generation
• Key Transport
– 4-Way handshake
Rob Sun etc, Huawei.Slide 4
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
.11 EAPOL Handshake
Purpose: To initiate the EAP/802.1X based authentication;
Components: - EAPOL Start (STA ->AP)
- EAPOL Identity Request (AP ->STA)
- EAPOL Identity Response (STA ->AP)
- EAPOL success/failure (AP ->STA)
Primary Delay Contributors T1:
- air time transmission
Rob Sun etc, Huawei.Slide 5
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission Rob Sun etc, Huawei.Slide 6
DIFS CW Preamble Data SIFS Preamble Data
Message Frame ACK Frame
SIFS = 16 us;DIFS = 34 us;CW = 67.5 us; (average of CWmin);Preamble:= L-STF (8us)+L-LTF(8us)+L-SIG(4us)+HT-SIG(8us)+HT-STF(4us)+HT-LTF(4us) = 36 us;
Data rate = 6.5 Mbps; (MCS0 in 802.11n)
Results:• EAPOL start air time = 369.1us• EAPOL identity request = 369.1us• EAPOL identity response = 1476.8 us• EAPOL success =369.1us
• Total T1= 2584 us =2.5ms Reference: •Draft P802.11REVmb_D12.0
Air Time of 802.1X EAPOL messages
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
EAP Authentication and Key establishment
• Purpose : To provide the mutual authentication and RSNA key establishment• Components : EAP Specific Authentication
- Different EAP methods are examined for delay comparison
Hypothesis : PSK based EAP methods consumes less key establishment time than X.509 certificate based pair-wise key establishment ( reference: RFC 5216, and FIPS SP 800 56A)
. Primary Delay Contributor T2:
- X.509 certificate verification delay
- Key generation delay
- Handshake Delay (Air time + Wired Delay) Note1: All EAP methods are assumed using minimum 4 message handshake as per RFC 5216
Note 2: Wired Delay is non negligible but wasn’t calculated
Rob Sun etc, Huawei.Slide 7
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Performance of various EAP methods and EAP-PSK methods
• Testing Environment:
Server and Client Side:– CPU: PIII 550Mhz
– RAM: 256M
– OS: Windows XP
– HD: 40G
– Simulation Software: OpenSSL (Open source toolkit for TLS)
– # of Iterations: 100,000
Rob Sun etc, Huawei.Slide 8
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Client and Server processing time• Both Client and Server processing time including the following operations
– Initialization
– Key Processing
– Signature Processing
• Tested Candidates:
1) EAP-PSK (RFC 4764)
2) EAP-TLS w/ cipher suites of DHE-DSS-1024
3) EAP-TLS w/ cipher suites of RSA 1024 (PKCS #1)
– For DHE-DSS-1024 with mutual authentication
– For RSA 1024 with server authentication
Rob Sun etc, Huawei.Slide 9
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Client and Server processing time
Rob Sun etc, Huawei.Slide 10
EAP Methods Client Processing time (ms) Server Processing Time (ms)
EAP-PSK 4.83375 4.83375
EAP-TLS (DHE-DSS-1024) 198.8564 198.8564
EAP-TLS (RSA-1024) 9.869796 27.568796
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
4-Way Handshake Processing Time
• Purpose: To establish the trust and derive the over-the-air session keys between STA and AP
• Component: – Initialization (Nonce generation)
– MIC calculation
– KDF function
– 4 EAPOL key messages
• Primary delay contributors T3: - KDF function
- Handshake air time Note: same testing environment
Rob Sun etc, Huawei.Slide 11
4 WAY handshake Processing Time (ms) Initialization 0.635518 KDF functions and MIC 5.03574 Air time 1.22 Total 6.891258
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Conclusion• Total Time consumed by RSNA authentication and key establishment is:
• 802.1X EAPOL over the air handshake contributes minimum in overall delay ( T1<3ms)
• 4 way handshake doesn’t contribute major delay (T3<7ms)
• Major delay contributor is from EAP authentication with chosen methods (T2)– Potential Reasons 1) Certificates verification 2) Finite Field Prime number modular calculation and DLC calculation
• EAP-PSK demonstrates ideal performance in key establishment and is suitable for FILS authentication (with <20ms) .
• EAP-TLS with X.509 certificate based authentication options and key establishment imposes tight time budget in satisfying the performance objectives of TGai.
•
Rob Sun etc, Huawei.Slide 12
RSNA authentication T1 (ms) T2 in Client(ms) T2 in Server(ms) T3(ms) Total in client (ms) Total in Server
(ms) Total in Serialized
operation (ms)
EAP-PSK 2.584 4.83375 4.83375 6.891258 14.309008 14.309008 19.142758
EAP-TLS(DHE-DSS-1024) 2.584 198.8564 198.8564 6.891258 208.331658 208.331658 407.188058
EAP-TLS(RSA 1024) 2.584 9.869796 27.568796 6.891258 19.345054 37.044054 46.91385
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Further discussion
• Even though the choice of EAP methods are out of scope of IEEE 802 working group, would it be necessary to promote EAP-PSK as the candidate for the FILS authentication specific method?
• DHCP and DNS are both the major contributors of the delay, pre-establishment should be ideal for TGai.
Rob Sun etc, Huawei.Slide 13
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
References
• RFC 5216
• RFC 4764
• RFC 2246 and RFC 2246-bis-13
• Draft P802.11REVmb_D12.0
• FIPS SP 800 56A
• FIP 140-2 annex C
• RSA PKCS #1
•
Rob Sun etc, Huawei.Slide 14
Jan 2012
doc.: IEEE 802.11-12/0041r1
Submission
Performance of Public-Key Cryptograph
• Reference:
I. Branovic, R. Giorgi, E. Martinelli, "Memory Performance of Public-Key cryptography Methods in Mobile Environments", ACM SIGARCH Workshop on MEmory performance: DEaling with Applications, systems and architecture (MEDEA-03), New Orleans, LA, USA, Sept. 2003, pp. 24-31.
Jan 2012
Rob Sun etc, Huawei.Slide 15