Vigil Security, LLC IEEE Contributions

I have been active in the development of security standards for Local Area Networks (LANs) developed in IEEE 802. I served as co-chair of the IEEE 802.10 Working Group, and was the working group representative on the IEEE 802 Executive Committee. I was an active participant in IEEE 802.11 Wireless LAN security activities.

IEEE 802.10

The IEEE Standard for Local and Metropolitan Area Networks: Interoperable LAN/MAN Security (SILS) was developed by the IEEE 802.10 Working Group. This work is complete, and the working group is inactive.

IEEE 802.10-1998    This standard includes the Secure Data Exchange (SDE). I am co-author of the SDE protocol.

IEEE 802.10c-1998    This standard is the companion to the above standard. It defines a key management protocol. I was co-author and editor of the key management protocol.

IEEE 802.11 Task Group i

IEEE 802.11-1999 (also published as ISO/IEC 8802-11: 1999) includes the Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. This document includes the specification of the Wired Equivalent Privacy (WEP) protocol, which has major security flaws. IEEE 802.11 Task Group i (TGi) developed short-term and long-term replacements for WEP. The short-term replacement, called TKIP, is intended to run on hardware that was originally designed for WEP, while the long-term replacement, called CCMP, is requires hardware enhancements. I have made contributions to both protocol developments, as well as the key management supports them. IEEE 802.11i-2004 includes the TKIP and CCMP specifications; it was approved in July 2004.

IEEE 802.11-1999 is no longer available; IEEE 802.11-2007 has replaced it.

Contributions to TKIP:

02/229   Early drafts of TKIP did not increase the size of the Initialization Vector (IV) field. This briefing recommends the use of 48-bit IV. IEEE 802.11 TGi accepted the recommendation.

02/282   Defines the Temporal Key Hash algorithm. It is used in TKIP to derive the per-packet key from the pairwise or group key, the transmitter address, and the IV.

Contributions to CCMP:

01/634   CCM and OCB were considered as choices for the AES encryption mode. This briefing provides an objective comparison of the two modes in the Wireless LAN context. Eventually, IEEE 802.11 TGi selected CCM as the mandatory to implement mode.

02/001   This document describes the CCM authenticated encryption mode. This AES mode was submitted to the National Institute of Standards and Technology (NIST) for consideration as a Federal Information Processing Standard (FIPS) approved mode of operation, and it was accepted. The NIST document that specifies CCM is NIST Special Publication 800-38C.

Contributions to key management:

01/573    Many of the concepts in this submission, Authenticated Key Exchange, have been included in IEEE 802.11i-2004.

IEEE 802.11 Task Group s

IEEE 802.11s provides mesh networking by defining the manner in which wireless devices can interconnect to create an ad-hoc network. The task group is defining an architecture and protocol that supports broadcast, multicast, and unicast delivery using self-configuring multi-hop topologies.

09/0770    Encourage the task group to use the AES encryption modes that were adopted in IEEE 802.11i-2004 instead of introducing new ones.