submission doc.: ieee 11-12/0273r8 may 2012 hiroki nakano, trans new technology, inc.slide 1 sfd...
TRANSCRIPT
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 1
SFD Text for Upper LayersDate: 2012-05-14
Authors:Name Affiliations Address Phone email
Hiroki Nakano Trans New Technology, Inc.
Sumitomo Seimei Kyoto Bldg. 8F,62 Tukiboko-cho, Shimogyo,Kyoto 600-8492 JAPAN
+81-75-213-1200
Hitoshi Morioka
Allied Telesis R&D Center
2-14-38 Tenjin, Chuo-ku Fukuoka 810-0001 JAPAN
+81-92-771-7630
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Abstract
DCN: IEEE11-12/0273r8
Title: SFD Text for Higher Layers
Authors and Companies:
Hiroki Nakano (Trans New Technology, Inc.)
Hitoshi Morioka (Allied Telesis R&D Center)
Scope: Upper layer
Motivation: page 3 (abstract)
Background information: page 4-22
Motion: page 23-27 including five motions
Slide 2
May 2012
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.
Slide 3
Motivation
• An IP(v4) address are normally assigned by DHCP(v4) and the specification of DHCP is stable. DHCP includes definition of state transition and have lots of extensions derived from lots of past discussions. Non-AP STA should be still a DHCP client.
• The discussions of IPv6 address assignment are still going on actively in IETF and its specification is being changed. We should provide a framework for them.
• In addition, TGai should not deny the other protocols because we are the link layer.
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Background Information
Common abbreviation:
DHCP: Dynamic Host Configuration Protocol, which is defined by RFC2131 and the other supplemental RFCs.
Slide 4
May 2012
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 5
The past Straw poll 1
Do you support to add the following text to the clause 4 of SFD:
“The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.”
Yes: 5 No: 3 Don’t care: 17(Mar 15 AM1)
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 6
The past Straw poll 2
Do you support to add the following text to the clause 4 of SFD:
“The TGai amendment defines a generalized method for upper layer transport encapsulation during FILS to enable higher layer services.”
Yes: 7 No: 1 Don’t care: 22(Mar 15 AM1)
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 7
Proposed Amendment 1
Clause to amend: Section 3
Add to the last of Section 3:
3.x Encapsulation Framework for HLCF
The TGai amendment defines a generalized method for upper layer transport encapsulation during FILS to enable higher layer services.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 8
Motivation of Proposed Amendment 1
• This sentence intends TGai to support IPv4, IPv6 and other upper layer protocols.
• Transparency as a link layer is important in order to support various upper layer protocols.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 9
Proposed Amendment 2
Clause to amend: Section 5
Add to the last:
5.x IPv4 support
The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 10
Proposed Amendment 2 (Supplement)
Clause to amend: Section 2
Add to appropriate line:
DHCP: Dynamic Host Configuration Protocol, which is defined by RFC2131 and the other supplemental RFCs.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 11
Motivation of Proposed Amendment 2
• This sentence intends TGai to provide standard implementation technique of IP(v4) address assignment by DHCP. Our PAR says TGai is required to support “IP address assignment” as an example.
• The specification of DHCP is quite stable and widely deployed, therefore it is eligible to be referred by TGai.
• The following slides show that a function as a transport is sufficient to achieve the goal of TGai.
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Prerequisite
• DHCP with RCO have ability to complete an IP address assignment with a round-trip exchange of frames.• DHCP: Dynamic Host Configuration Protocol (RFC2131)
• RCO: Rapid Commit Option define (RFC4039)
Slide 12
May 2012
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Sequence Example by DHCP with RCO
May 2012
Slide 13
Non-AP STA AP DHCP server
DH
CP
Cli
ent S
oftw
are
Processing for security
DHCP Discover w/ RCO
DHCP Ack
AS
At this point, Non-AP STA has been authenticated.
AP keeps a DHCP packet. Maximum time is assumed to be less than 100 msec.
less
than
100
ms
(See
TG
ai F
unct
iona
l Req
uire
men
ts)
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comments & Answers
• Frames get bigger. It’s the problem.• TGai intends to reduce exchanges of packets, not reduce
information itself. Therefore, it is natural that less exchanges leads to bigger packets. A round trip of 1000-byte-long frames is obviously preferable to 10 round trips of 100-byte-length packets.
• TGai can provide special “compression” encodings for specific upper layer protocols, such as DHCP. For instance, most of DHCP packets have about 200-byte-long consecutive zeros and a generic data compression technique or a special encoding for DHCP can compress DHCP packets without changing information.
Slide 14
May 2012
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comments & Answers
• What packets should be forwarded or not? Does it affect security?• Basically, piggybacked frames of upper layers should be
forwarded after authentication is finished. Essentially, non-AP STA can throw any kind of packets for upper layers after authentication.
• If you want a further optimization such as a premature start of IP address assignment processing before completion of authentication, you must consider security mechanism such as packet filtering. However, this is out of our scope, although TGai does not prevent such techniques.
Slide 15
May 2012
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comments & Answers
• How long does an AP wait for a response from DHCP server?• The TGai Functional Requirements document requests to provide
a secure link set-up in less than 100 ms.
• Therefore, Maximum time for an AP to wait is 100ms.
• DHCP packets transfer between an AP and a non-AP STA in a normal manner after 802.11ai link setup. If a response from DHCP server reaches an AP after the AP sends a response to non-AP STA, DHCP packets can be sent in the same manner as Data frames.
Slide 16
May 2012
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comments & Answers
• Do APs require to keep HLCF (DHCP) packets during processing for security? Does this enable attackers to consume memory of APs?• TGai assumes that each authentication for each non-AP STA is
finished within 100ms. See Section 2.2.1 “Link Set-Up Time” of TGai Functional Requirements (IEEE 11-11/0745r5)
• Our media 802.11 can transfer 5000 packets per second at most.
• The size of a HLCF packet is 1500 byte at most.• MTU of 802.11 is about 2300 byte.
• Therefore, amount of packets for AP to keep is 750KB at most in case that all packets flying are employed for attacks.
Slide 17
May 2012
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comments & Answers
• The specific name of a protocol, e.g. “DHCP”, is not suitable for SFD!• DHCP is obviously the most deployed protocol in protocols for IP
address assignment function on the 802 network.
Slide 18
May 2012
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 19
Proposed Amendment 3
Clause to amend: Section 5
Add to the last:
5.x IPv6 support
The TGai amendment does not define any detail of IPv6 address assignment and does encourage IPv6 to use a generalized method for upper layer transport encapsulation defined by the TGai amendment.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 20
Motivation of Proposed Amendment 3
• The discussions of IPv6 address assignment are still going on actively in IETF and its specification is being changed. We should provide a framework for them.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 21
Proposed Amendment 4
Clause to amend: Section 5
Add to the last of Section 5:
5.x Forwarding of HLCF information
The TGai amendment defines HLCF as an AP forwards information carried from an non-AP STA by HLCF to the others than the non-AP STA only either after successful authentication or with assurances of the same security level as the existing 802.11 security framework.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 22
Motivation of Proposed Amendment 4
• Any request prohibits to be processed before it is validated.
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 23
Motion 1
Move to add the following text to the Section 3 of SFD:
“3.x Encapsulation Framework for HLCF
The TGai amendment defines a generalized method for upper layer transport encapsulation during FILS to enable higher layer services.”
Moved:
Seconded:
Yes: No: Abstain:
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 24
Motion 2
Move to add the following text to the Section 5 of SFD:
“5.x IPv4 support
The TGai amendment defines a method of IP(v4) address assignment which works as a transport of DHCP.”
Moved:
Seconded:
Yes: No: Abstain:
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 25
Motion 2a
Move to add the following text to the Section 2 of SFD:
“DHCP: Dynamic Host Configuration Protocol, which is defined by RFC2131 and the other supplemental RFCs.”
Moved:
Seconded:
Yes: No: Abstain:
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 26
Motion 3
Move to add the following text to the Section 5 of SFD:
“5.x IPv6 support
The TGai amendment does not define any detail of IPv6 address assignment and does encourage IPv6 to use a generalized method for upper layer transport encapsulation defined by the TGai amendment.”
Moved:
Seconded:
Yes: No: Abstain:
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.Slide 27
Motion 4
Move to add the following text to the Section 5 of SFD:
“5.x Forwarding of HLCF information
The TGai amendment defines HLCF as an AP forwards higher layer information between an non-AP STA and the others than the non-AP STA only either after successful authentication or with assurances of the same security level as the existing 802.11 security framework.”
Moved:
Seconded:
Yes: No: Abstain:
Submission
doc.: IEEE 11-12/0273r8May 2012
Hiroki Nakano, Trans New Technology, Inc.
Slide 28
Backup
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
New
sof
twar
e fo
r ne
w p
roto
col
A possible counterproposal
May 2012
Slide 29
Non-AP STA AP DHCP server
Processing for security
TGai new protocol
DHCP Discover w/ RCO
TGai new protocol
DHCP Ack
Translation?
Translation?
Submission
doc.: IEEE 11-12/0273r8
Hiroki Nakano, Trans New Technology, Inc.
Comparison
DHCP with RCO New protocol w/ DHCP-like frame format
New protocol
Frame exchange 1 round trip 1 round trip 1 round trip
Non-AP STA is DHCP client TGai client TGai client
AP is a forwarder often a DHCP client often a DHCP client
TGai is a transport a protocol for IP address assignment
a protocol for IP address assignment
What information is distributed? DHCP defines DHCP defines (including
future extensions?) TGai defines
Behavior of non-AP STA DHCP defines TGai defines TGai defines
Behavior of AP a forwarder TGai defines TGai defines
AP has no state some state(?) some state(?)
When an address assignment expires
DHCP uses normal transport to extend
TGai defines extending procedure
TGai defines extending procedure
Slide 30
May 2012