请输入您要查询的百科知识:

 

词条 IEEE 802.11w-2009
释义

  1. Protected management frames

      Overview    Classes  

  2. Unprotected frames

  3. Protected frames

  4. Replay protection

  5. Usage

  6. See also

  7. References

  8. External links

{{more footnotes|date=August 2013}}

IEEE 802.11w-2009 is an approved amendment to the IEEE 802.11 standard to increase the security of its management frames.

Protected management frames

Current 802.11 standard defines "frame" types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. TGw is working on improving the IEEE 802.11 Medium Access Control layer. The objective of this is to increase the security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions interact with IEEE 802.11r and IEEE 802.11u.

Overview

  • Single and unified solution needed for all IEEE 802.11 Protection-capable Management Frames.
  • It uses the existing security mechanisms rather than creating new security scheme or new management frame format.
  • It is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP.
  • Its use is optional and can be negotiable between STAs.

Classes

  • Class 1
    • Beacon and probe request/response
    • Authentication and de-authentication
    • Announcement traffic indication message (ATIM)
    • Spectrum management action
    • Radio measurement action between STAs in IBSS
  • Class 2
    • Association request/response
    • Re-association request/response
    • Disassociation
  • Class 3
    • Disassociation/de-authentication
    • QoS action frame
    • Radio measurement action in infrastructure BSS
    • Future 11v management frames

Unprotected frames

Infeasible/not possible to protect the frame sent before four-ways handshake because it is sent prior to key establishment. The management frames, which are sent after key establishment, can be protected. Any management frame that is sent before key establishment is infeasible to protect.

Infeasible to protect:

  • Beacon and probe request/response
  • Announcement traffic indication message (ATIM)
  • Authentication
  • Association request/response
  • Spectrum management action

Protected frames

Protection-capable management frames are those sent after key establishment that can be protected using existing protection key hierarchy in 802.11 and its amendments.

Only TKIP/AES frames are protected and WEP/open frames are not protected

  • Disassociation and deauthentication
  • Radio measurement action for infrastructure BSS (802.11k frames)
  • QoS action frame (802.11e frames)
  • Future 11v management frames (802.11v frames)

Protection-capable Management Frames are protected by the same cipher suite as an ordinary data MPDU.

  • MPDU payload is TKIP or CCMP encrypted.
  • MPDU payload and header are TKIP or CCMP integrity protected.
  • Protected frame subfield of frame control field is set.
  • Only cipher suites already implemented required.
  • Sender's pairwise temporal key (PTK) protects unicast management frame, and group temporal key (GTK) is used to protect broadcast/multicast management frame.
  • A RSN (802.11i) IE capability bit used to signal whether Protection-capable Management frames are protected.

Replay protection

Replay protection is provided by already existing mechanisms. Specifically, there is a (per-station per-key per-priority) counter of each transmitted frame; this is used as a nonce/initialisation vector (IV) in cryptographic encapsulation/decapsulation, and the receiving station ensures that the received counter is increasing.

Usage

The 802.11w standard is implemented in Linux and BSD's as part of the 80211mac driver code base, which is used by several wireless driver interfaces; i.e., ath9k. The feature is easily enabled in most recent kernels and Linux OS's using these combinations. OpenWrt in particular provides an easy toggle as part of the base distribution. The feature has been implemented for the first time into Microsoft operating systems in Windows 8. This has caused a number of compatibility issues particularly with wireless access points that are not compatible with the standard. Rolling back the wireless adapter driver to one from Windows 7 usually fixes the issue.

Wireless LANs send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that forge disassociation requests that appear to be sent by valid equipment.[1]

See also

  • IEEE 802.11i Enhanced Security
  • IEEE 802.11r Fast BSS Transition
  • IEEE 802.11u Interworking with non-802.11 networks

References

1. ^http://webcache.googleusercontent.com/search?q=cache:xxpIIlf9q5sJ:www.ieee802.org/21/sept05_meeting_docs/21-05-0381-00-0000-802-11-liaison-September05.ppt+802.11w&hl=en&client=firefox-a{{Dead link|date=October 2011}}

External links

  • Status of the project 802.11w IEEE Task Group w (TGw)
  • Tutorial on 802.11w
  • Cisco 802.11r, 802.11k, and 802.11w Deployment Guide, Cisco IOS-XE Release 3.3 [https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_release33/b_802point11rkw_deployment_guide_cisco_ios_xe_release33_chapter_0100.html Chapter: 802.11w Protected Management Frames]
{{IEEE standards}}{{DEFAULTSORT:Ieee 802.11w-2009}}802.11w

1 : IEEE 802.11
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/23 7:26:24