July 2008

Luke Qian etc, Cisco

Slide 1

doc.: IEEE 802.11-08/0833r2

Submission

A Proposed Scaled-down Solution to A-MPDU DoS Related Comments in LB 129

Date: 2008-07-13Authors:

Name Affiliations Address Phone email Luke Qian Cisco

4125 Highlander Parkway, Richfield, OH 44286

1 330 523 2051 lchia@cisco.com

Nancy Cam-Winget Cisco 225 East Tasman Drive, San Jose, CA95134

1 408 853 0532 ncamwing@cisco.com

Doug Smith Cisco 500 Alden Rd, Ste 207 Markham, On L3R 5H5 Canada

1 905 470 4803 dsmit@cisco.com

July 2008

Luke Qian etc, Cisco

Slide 2

doc.: IEEE 802.11-08/0833r2

Submission

Overview

A number of new types of Deny of Service (DoS) associated with the 802.11n A-MPDU BA operations have been identified, commented and acknowledged since LB 115 for 802.11n. Resolutions for the relating comments in the recent LB 124 called for solutions less complicated and lower implementation cost than those in 802.11-08/0665r0, the jointly developed solutions. Following the thinking outlined in 802.11-08/0755r1, we present here a scaled-down version of 08/0665r0 which focuses on the DoS types with the most significant damages. Also see LB129 CID 8075, 8076.

July 2008

Luke Qian etc, Cisco

Slide 3

doc.: IEEE 802.11-08/0833r2

Submission

Block Ack Security problems

• The following security problems exist: (802.11-08/0665r0)– The SN values of data packets are not protected – yet, SN values of data packets can be used to adjust the RX

Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient.

– A single forged SN value in a data packet can also cause the recipient to place the received frames in an incorrect order, which can cause problems both when the security layer examines the sequence of PN values in the MAC SN-ordered frames and when the frames are passed to the next layer for processing.

– A single forged SN value in a data packet can cause RX scorecard information to be updated, and a subsequent transmission of a BA frame in response to a legitimate AMPDU can include this bogus scorecard information.

– A captured and replayed packet cannot be detected except by replay detection in the security layer. If the RX buffer reordering is performed before this check, then the SN in that replayed packet can cause incorrect RX Buffer LE movement.

– The BAR frame is not protected – yet the BAR frame SSN value is used to adjust the RX Buffer LE value. A single forged SN value can cause the recipient to move the LE value too far forward, thereby causing the recipient to discard frames below the new LE that should not have been discarded. Data is lost at the recipient.

– The BA frame is not protected – yet the BA frame SSN value is used to adjust the originator’s TX scorecard LE value. Forged BA frames can cause false adjustments to the LE value that result in some data packets not being transmitted to the recipient, since they now have SN values below the new LE value. Data is lost.

– Forged BA frames can suppress retransmission of frames that were not successfully received (even without moving LE at TX)

July 2008

Luke Qian etc, Cisco

Slide 4

doc.: IEEE 802.11-08/0833r2

Submission

Prioritizing the A-MPDU DoS Attacks

Sort the A-MPDU DoS Types on their ease of launching:(see 802.11-08/0755r1)1) Forged packets with advanced Sequence Numbers (SN)

easy to launch, can be addressed, e.g., by reversing the order of BA reordering and decryption.

4) False Block ACK Request (BAR) with advanced SN. easy to launch, can be addressed, e.g., by protecting the BAR by wrapping it in an encrypted management frame, an 11w mechanism.

2) Captured and Replayed packets with modified SN. more difficult, can be addressed by encrypting the SN, ( drop this one ?)

3) Captured and Replayed packets with advanced SN without modification. more difficult, less likely to be successful, can be addressed by, e.g., a replay check before BA reordering, ( drop this one?)

5) False BA to prevent retransmission. less likely be successful, not unique since regular ACK can cause similar DoS., (drop this one?)

The following proposed solution will focus on the most significant and easy-to-launch ones: 1), and 4) .

July 2008

Luke Qian etc, Cisco

Slide 5

doc.: IEEE 802.11-08/0833r2

Submission

A Scaled-down Solution

• A scaled-down solution addressing the most significant few of the problems is:– Use a new protected form of the BAR frame to convey BAR

information, and allow this protected BAR frame to cause RX Buffer LE movement while forbidding unprotected BAR frames from making RX Buffer LE changes

– Allow alternative architectural ordering of Block Ack Reordering AFTER MPDU decryption, just before the Block Ack Reordering but preserve existing ordering option as well for legacy implementation

July 2008

Luke Qian etc, Cisco

Slide 6

doc.: IEEE 802.11-08/0833r2

Submission

New Rules for the Solution

• Unencrypted BAR is not used to shift recipient RX BUFFER LE– Encrypted BAR can shift recipient RX BUFFER LE

• STA with hybrid support for secure PN but no support for encrypted BAR can still use unencrypted BAR to shift recipient LE

• Only the new protected MGMT frame can be used to perform BAR-style RX BUFFER pointer moves

July 2008

Luke Qian etc, Cisco

Slide 7

doc.: IEEE 802.11-08/0833r2

Submission

Encrypted BAR frame

• New Action frame– Category = Block Ack

– Action = BAR

– Body = BAR Control, BAR Information (see TGn draft)• Multi-TID version allowed

• Uncompressed?

• Encrypted according to TGw

July 2008

Luke Qian etc, Cisco

Slide 8

doc.: IEEE 802.11-08/0833r2

Submission

Specification change for order of operations

• Allow alternative ordering of Block Ack Reordering AFTER A-MPDU decryption step, but preserve existing ordering option as well for legacy implementations.