Summary (from Jianqing): This paper appeared at NDSS 2005. 802.11i provides enhanced security services and mechanisms in the MAC layer for 802.11 networks. It defines a set of protocols named Robust Security Network Association as a long-term solution of security. For back compatibility, it still supports WEP and 802.11 entity authentication which were proposed with 802.11b, although it has been proved that WEP is not secure At first, the paper outlines seven types of wireless threats, which are common in network security. In the rest of paper, the author studies how security solutions in 802.11i resist these threats. It analyzes security aspect of 801.11i specification, including data confidentiality, integrity, mutual authentication, and availability. After that, the paper gives some suggestion. For data confidentiality and integrity, it suggests CCMP should be used for data confidentiality because WEP and TKIP have inherent weakness. For mutual authentication, Extensible Authentication Protocol (EAP) should be used. And the paper implies that EAP-TLS is a good one. The paper spends 4 to 5 pages on availability which 802.11i does not emphasize. The paper analyzes potential DoS attacks on 802.11i and give countermeasures. It discusses the strategy of failure recovery, i.e. how to choose recovery point if a failure occurs. An appropriate recovery point under a particular circumstance can prevent potential DoS attack. Finally, the paper proposes an improved framework for 802.11i Questions 1. Is Reflection Attack false-positive? Fig 3. 2. Is the countermeasure against 4-Way Handshake blocking effective? Fig 7 3. Is protecting Deauthentication or Disassociation frame a good idea? Section 5.1 4. Is it feasible to use certificate for authentication for mobile devices? Especially in public area, such as airport, starbucks? The author implies EAP-TLS as mutual authentication protocol over 802.1X (Pros and Cons recorded by Jianqing and Adam) Pros: - Clear outline of threats to the system - Good explanation of attacks - People liked the fact that the security analysis made clear back references to the threats - Solutions were reasonable - Good discussion of DoS - In general, people liked the writing style of the paper - Extensive vulnerabilities, attacks analysis and countermeasure discussion - Concept of Failure Recovery Point Cons: - No rigorous (formal) analysis of DoS - No security analysis of Ad Hoc network - Some potential attacks are false-positive (e.g. Reflection Attack on the 4-Way handshake) - Some countermeasures against the attacks are not effective - Some risk analysis are trivial (e.g. Careful Passphrase/secret selection for RADIUS and Pre-shared key.) - At times, it was unclear as to which features are currently in the protocol and which are proposed changes. - It would have been interesting if the authors didn't limit themselves to proposing such small changes to the protocol. - It seems that perhaps the authors underestimated the costs associated with encrypting management and control frames. In addition to the above pros and cons, the group seemed to think that this paper could possibly have been split into two papers: one about confidentiality and integrity and one about availability. The analysis of the confidentiality and integrity was good in that it showed that this (third round) solution to wireless security did a good job. However, there could have been some discussion of the use of formal analysis tools to examine the confidentiality and integrity properties of the protocol. The analysis of DoS (which was the meat of this paper) could then be spread out a little bit more and explained in greater detail. People seemed to want to hear a little more methodical discussion of the DoS concerns, as the the way that they were addressed seemed very intuition-driven, rather than exhaustively thought out. Votes: Strong Accept - 1 Accept - 11