doc.: ieee 802.11-13/0893 r00 submission july 2013 paul a. lambert, marvell semiconductorslide 1...
TRANSCRIPT
doc.: IEEE 802.11-13/0893 r00
Submission
July 2013
Paul A. Lambert, Marvell SemiconductorSlide 1
Service Discovery Proposal
Date: 2013-7-16
Name Affiliations Address Phone email Paul A. Lambert
Marvell Semiconductor, Inc.
5488 Marvell Lane, Santa Clara, CA, 95054
+1 408 222 8341
Paul at Marvell dot com
Yunsong Yang
Huawei Technologies
10180 Telesis Court, STE 165, San Diego, CA 92130
+1 858 754 3638
Authors:
Previous version in ISD SG as 802.11-12/0706
doc.: IEEE 802.11-13/0893 r00
Submission
What is a Service?
• For IEEE 802.11, knowledge of “services” supported by a device help in the selection of the appropriate STA/AP for subsequent communications
• Examples might include:– Finding the right AP to connect to a print service– Finding a near-by WLAN supporting a particular application– Find a network (AP) with appropriate network connectivity and
services for a particular set of applications– Find a AP/STA that can reach a particular application and user
Paul Lambert, MarvellSlide 2
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
What would this service discovery look like?
Paul Lambert, MarvellSlide 3
Who has service “foo”?
I have “foo”
I have “bar”
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
More on “Services”
• There are many different existing ways to define application level services, possible examples include: UPnP, Bonjour, XML, OIDs, OUI fields, Bluetooth ids, URLS, Wi-Fi Alliance types (e.g. WFD), etc.
• Some of the above can be very large (e.g. UPnP)
• Many different organizations want to control and register identifiers to ensure interoperability (they want a single rooted hierarchy)
• Rapid growth of new mobile applications requires a simple process to ensure unique identification from many different organizations.
Paul Lambert, MarvellSlide 4
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Mapping services to a unique identifier• Most identifiers are made unique by creating
hierarchies that are controlled by a central authority with sub branches delegated within a limited name space (e.g. DNS names and IANA)
• A powerful alternative is to define identifiers within a very large address space where the address space is so large that every identifier is guaranteed to a very high probability to be unique
• 16 octets can define a very large address space (2^128) to provide unique identifiers and is actually shorter in octets than most hierarchical naming schemes
• A hash function can be used to define a process for the creation of unique identifiers
Paul Lambert, MarvellSlide 5
Very large set of possible identifiers. Used identifiers are a very small set within name space
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Cryptographic Hash Functions
• A hash takes a block of data and returns a fixed size octet string such that any change in the data has a high probability of changing the hash value (aka digest)
• A “good’ cryptographic hash function has the property that it is infeasible to generate a message for a given hash
• Examples of well known cryptographic hash functions include: MD5, SHA-1, SHA-256
Paul Lambert, MarvellSlide 6
http://en.wikipedia.org/wiki/Cryptographic_hash_function
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Very Big Numbers
Paul Lambert, MarvellSlide 7
“Astronomy has long been humanity's go-to subject when it comes to contemplating the truly enormous. But actually, if 2128 is so much more vast than the number of stars in the observable universe (1015 times more vast*, or 4,000,000,000,000,000 in long-hand notation), then even the name "astronomical" is rather inadequate.”
-- from Economist http://www.economist.com/blogs/johnson/2011/01/big_numbers
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Process to define hash based identifiers
Paul Lambert, MarvellSlide 8
Definition of “foo” service
Definition of “bar” service
Hash Function Hash Function
“foo” Service Id “bar” Service Id
Any group can get together and define a service
Each service needs to define an appropriate string (text or octets) to define there service
A cryptographic hash is used to create a unique identifier and may be a truncated version of the full hash
Resulting identifiers are unique and any device that recognizes the identifier will have knowledge of it’s usage
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Service Discovery Proposal• Define Service Discovery frames as new IEEE 802.11 Management frame(s) of subtype
Public Action.• Public Action frames carry opaque “Service Id” octet string(s) that are created as a
hash of some application specific information that uniquely identifies a service.• For a Service Id, there may be an optional Service Capability field to provide service
specific additional constraints• Service Discovery is performed by:
– Service Discovery request/response sequence(request may be unicast or broadcast for a Service Id)
– Service Announcement, a unsolicited broadcast/multicast of a Service Id• 46 bits of the Service Id can be used to create a multicast address for requests or
announcements.• Service Discovery frames may be constructed to allow request or indication of more
than one service, however limitations on the fields should constrain the size of the Service Id fields, Service Capability fields and total size of the Discovery Frames.
Paul Lambert, MarvellSlide 9
July 2013
doc.: IEEE 802.11-13/0893 r00
Submission
Definitions
Unique Service Identifier – the first 128 bits of the SHA-256 hash of an octet string identifying the service (Service Name). Service Name – an octet string created by the developer of the service that provides a unique identification of the service. For unprotected services, the octet string is human readable. Service Id – An identifier formed by truncating a Unique Service Identifier.
6 octets (48 bits) is a convenient size for a Service Id in IEEE 802.11 applications.
46 bits is also an interesting size for a Service Id since it can be used as a multicast address.
May 2012
Paul Lambert, MarvellSlide 10
doc.: IEEE 802.11-13/0893 r00
Submission
Unique Service Identifiers vs. Service Identifiers
Unique Service Identifier (USID)– 128 bits long (16 octets) is large enough to be statistically unique
(3E+38)– is a type of “UUID”, a well defined construct in other standards activities
Service Identifier (SID)– Provides a convenient short identifier (e.g. 6 octets)– May not always be unique, there may be collisions.
Collisions, however, can be very rare for well selected sizes and collision impact can be mitigated
– Multiple Service Identifiers can be created from the same Unique Service Identifier by taking different ranges for the truncation(e.g. First 6 octets, next 6 octets ...)
May 2012
Paul Lambert, MarvellSlide 11
doc.: IEEE 802.11-13/0893 r00
Submission
SIDs – Collisions and Security
Multiple SIDs can be formed from the same USID and then used for discovery request versus discovery responses
– E.g. SIDreq = 1st 6 octets of USID SIDrsp = 2nd 6 octets of USID
– Same SID for req/rsp of 6 octets has 1 in 17 million collisions (2^24),Different Sid for req/rsp has 1 in 2.8 E+14 collision probability (2^48) -> much better
– Different SiD for req/rsp has interesting privacy propertiesmore difficult to correlate req to rsp
Secure SiDs can be created to form private groups– Secure USID = first 128 bits of SHA-256(f(Service Name and Group Key))– Secure SID = truncation of Secure USID
May 2012
Paul Lambert, MarvellSlide 12
doc.: IEEE 802.11-13/0893 r00
Submission
Protecting Service Discovery
Privacy is important – Wireless discovery exposes mobile users new risks– Adoption of service discovery in mobile devices will be
handicapped if privacy features are not supported
May 2012
Paul Lambert, MarvellSlide 13
Service Name
SHA-256
Hash (256 bits)
USID (128 bits)
Truncate 128
SID-req
SID-rsp
Protected Service Name iF(key,SN)
GK i SHA-256
Hash (256 bits)
USID (128 bits)
Truncate 128
SID-req
SID-rsp
SID obscured by group key