Hi Solomon,
Regarding your first comment, although we have not thought about the detailed computation method for generating PMK from PSK, I don’t think PBKDF with a short password is aligned
with Motion 158 that explicitly requires PSK and PMK to be high-entropy. Any method that turns a short password into a PSK or a PMK without introducing other entropy sources won’t satisfy the high-entropy requirement, and cannot sustain offline dictionary
attack against the short password. In my opinion, we do not need to consider password at all because non-AP AMP STAs are ultra-simple devices that most likely won’t have a human-computer interface, thus password (designed for human’s convenience) is not a
factor here. We can simply require AMP device manufacturer to program a device-specific 128-bit or 256-bit random PSK into every device that needs security functions.
I will partition current PDT security document into several small documents. We can address your first comment when we work together on the second small document that focus on
“PMK generation from PSK”, and we can address your second comment when we work together on the last small document on “secure data exchange”. I plan to add all needed details such as PN into “secure data exchange” subclause.
Thanks and best regards,
Hui
From: Solomon Trainin <solomon.trainin1@xxxxxxxxx>
Sent: Tuesday, May 12, 2026 9:03 AM
To: Luo Hui (CSS ICW ENG WFS) <Hui.Luo@xxxxxxxxxxxx>; STDS-802-11-TGBP@xxxxxxxxxxxxxxxxx
Subject: RE: [STDS-802-11-TGBP] PDT Secure Communication
|
Caution: This
e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet
guide to help you identify Phishing email. |
Hi Hui
Please see below
From: Hui.Luo@xxxxxxxxxxxx [mailto:Hui.Luo@xxxxxxxxxxxx]
Sent: Tuesday, May 12, 2026 3:23 PM
To: solomon.trainin1@xxxxxxxxx;
STDS-802-11-TGBP@xxxxxxxxxxxxxxxxx
Subject: RE: [STDS-802-11-TGBP] PDT Secure Communication
Hi Solomon,
Thanks for responding quickly!
Please see my comments below ---
“PMK = PSK is certainly a method, but “some parameters” could be more general. This was originally proposed by Rojan in 11-25/0819”
Actually, the PBKDF is used to derive the PMK from the password, which is substantially shorter than the PSK.
But in any case, what is the computation method for the mentioned PBKDF?
We have not got into details on how to generate PMK from PSK. That would need a consensus in the future. That’s why “some parameters for generating a PMK from PSK”
is used in current text.
[ST] I think it is not only about the parameters, it is also about the computation method
“Data will be encrypted by an AEAD cipher using TK as the key. The AAD of the AEAD cipher includes all fields that need protection plus SNonce. MIC is generated by the AEAD cipher.”
I think it shall be clarified in the sentence.
Sure, I will improve the clarify of current text (copied below), which should have covered the above idea but I will take a look again.
- If there are uplink data pending for encrypted transmission, the non-AP AMP STA sends the SNonce, the encrypted uplink data,
and a MIC to the AMP AP in the first uplink AMP frame, where the
[ST] encryption and the MIC is generated by an AEAD cipher using the TK as the key with the SNonce included in the AAD
[ST]
and the uplink data as the encrypted data(12.5.2.3, 12.5.4.3).
[ST] Please see my editing. There is still a question whether some protection parameters shall be present in the protection header
Best regards,
Hui
From: Solomon Trainin <solomon.trainin1@xxxxxxxxx>
Sent: Tuesday, May 12, 2026 7:33 AM
To: Luo Hui (CSS ICW ENG WFS) <Hui.Luo@xxxxxxxxxxxx>;
STDS-802-11-TGBP@xxxxxxxxxxxxxxxxx
Subject: RE: [STDS-802-11-TGBP] PDT Secure Communication
|
Caution: This
e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet
guide to help you identify Phishing email. |
Hi, Hui!
Thanks for your prompt response.
Below are some more thoughts related to this topic.
“PMK = PSK is certainly a method, but “some parameters” could be more general. This was originally proposed by Rojan in 11-25/0819”
Actually, the PBKDF is used to derive the PMK from the password, which is substantially shorter than the PSK.
But in any case, what is the computation method for the mentioned PBKDF?
“Data will be encrypted by an AEAD cipher using TK as the key. The AAD of the AEAD cipher includes all fields that need protection plus SNonce. MIC is generated by the AEAD cipher.”
I think it shall be clarified in the sentence.
Best Regards,
Solomon Trainin
+972547885738
From: Hui.Luo@xxxxxxxxxxxx [mailto:Hui.Luo@xxxxxxxxxxxx]
Sent: Tuesday, May 12, 2026 1:17 PM
To: solomon.trainin1@xxxxxxxxx;
STDS-802-11-TGBP@xxxxxxxxxxxxxxxxx
Subject: RE: [STDS-802-11-TGBP] PDT Secure Communication
Hi Solomon,
Thanks for sharing your comments! Please see my replies next to your comments in the attached document.
Best regards,
Hui
From: Solomon Trainin <solomon.trainin1@xxxxxxxxx>
Sent: Monday, May 11, 2026 12:36 PM
To: STDS-802-11-TGBP@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-11-TGBP] PDT Secure Communication
|
Caution: This
e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet
guide to help you identify Phishing email. |
Hi Hui,
I have a few questions regarding your PDT. Please see in the attachment.
Best Regards,
Solomon Trainin
+972547885738
|
|
Virus-free.www.avg.com |
To unsubscribe from the STDS-802-11-TGBP list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBP&A=1
To unsubscribe from the STDS-802-11-TGBP list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBP&A=1