Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Protected management frames 1.1 Overview 1.2 Classes 2 Unprotected frames 3 Protected frames 4 Replay protection 5 Usage 6 See also 7 References 8 External links

IEEE 802.11w-2009

●Català ●Español ●Français ●한국어 ●Polski ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (August 2013) (Learn how and when to remove this message)

IEEE 802.11w-2009 is an approved amendment to the IEEE 802.11 standard to increase the security of its management frames.

Protected management frames[edit]

Current 802.11 standard defines "frame" types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. Task Group 'w' worked on improving the IEEE 802.11 Medium Access Control layer.^[1] Its objective was to increase security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions interact with IEEE 802.11r and IEEE 802.11u.

Overview[edit]

Single and unified solution needed for all IEEE 802.11 Protection-capable Management Frames.
It uses the existing security mechanisms rather than creating new security scheme or new management frame format.
It is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP.
Its use is optional and can be negotiable between STAs.

Classes[edit]

Class 1
- Beacon and probe request/response
- Authentication and de-authentication
- Announcement traffic indication message (ATIM)
- Spectrum management action
- Radio measurement action between STAs in IBSS
Class 2
- Association request/response
- Re-association request/response
- Disassociation
Class 3
- Disassociation/de-authentication
- QoS action frame
- Radio measurement action in infrastructure BSS
- Future 11v management frames

Unprotected frames[edit]

It is infeasible/not possible to protect the frame sent before four-ways handshake because it is sent prior to key establishment. The management frames, which are sent after key establishment, can be protected.

Infeasible to protect:

Beacon and probe request/response
Announcement traffic indication message (ATIM)
Authentication
Association request/response
Spectrum management action

Protected frames[edit]

Protection-capable management frames are those sent after key establishment that can be protected using existing protection key hierarchy in 802.11 and its amendments.

Only TKIP/AES frames are protected and WEP/open frames are not protected.

The following management frames can be protected:

Disassociate
Deauthenticate
Action Frames: Block ACK Request/Response (AddBA), QoS Admission Control, Radio Measurement, Spectrum Management, Fast BSS Transition
Channel Switch Announcement directed to a client (Unicast)

Management frames that are required before AP and client have exchanged the transmission keys via the 4 way handshake remain unprotected:

Beacons
Probes
Authentication
Association
Announcement Traffic Indication Message
Channel Switch Announcement as Broadcast

Uni-cast Protection-capable Management Frames are protected by the same cipher suite as an ordinary data MPDU.

MPDU payload is TKIP or CCMP encrypted.
MPDU payload and header are TKIP or CCMP integrity protected.
Protected frame field of frame control field is set.
Only cipher suites already implemented are required.
Sender's pairwise temporal key (PTK) protects unicast management frame.

Broad-/Multicast Robust Management Frames are protected using Broadcast/multicast integrity protocol (BIP)

Use Integrity Group Temporal Key (IGTK) received during WPA key handshake
Use Information Element: Management MIC IE with Sequence Number + Cryptographic Hash (AES128-CMAC based)

Replay protection[edit]

Replay protection is provided by already existing mechanisms. Specifically, there is a (per-station, per-key, per-priority) counter for each transmitted frame; this is used as a nonce/initialization vector (IV) in cryptographic encapsulation/decapsulation, and the receiving station ensures that the received counter is increasing.

Usage[edit]

The 802.11w amendment is implemented in Linux and BSDs as part of the 80211mac driver code base, which is used by several wireless driver interfaces; i.e., ath9k. The feature is easily enabled in most kernels and Linux OS's using these combinations. OpenWrt in particular provides an easy toggle as part of the base distribution. The feature has been implemented for the first time into Microsoft operating systems in Windows 8. This has caused a number of compatibility issues particularly with wireless access points that are not compatible with the standard. Rolling back the wireless adapter driver to one from Windows 7 usually fixes the issue.

Wireless LANs without this standard send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that forge disassociation requests (deauth) that appear to be sent by valid equipment ^[2] such as Evil Twin attacks.

References[edit]

^ "Quick Guide to IEEE 802.11 Activities". IEEE802. IEEE. Archived from the original on 3 November 2019. Retrieved 18 October 2019.

^ Hunter, David. "Liaison Report – 802.11 Work Related to 802.21". Archived from the original on 2022-06-18. Retrieved 2020-08-24.

External links[edit]

Status of the project 802.11w IEEE Task Group w (TGw)
Tutorial on 802.11w
Cisco 802.11r, 802.11k, and 802.11w Deployment Guide, Cisco IOS-XE Release 3.3 Chapter: 802.11w Protected Management Frames

IEEE standards

Current

802 series

802	.2 .4 .5 .6 .7 .8 .9 .10 .12 .14 .16 WiMAX · d · e .17 .18 .20 .21 .22 .24
802.1	D p Q Qav Qat Qay w X ab ad AE ag ah ak aq AS AX (LACP) az BA
802.3 (Ethernet)	-1983 a b d e i j u x y z ab ac ad ae af ah ak an aq at au av az ba bt bu by bz ca cb cc cd ce cg ch ck cm cn cp cq cr cs ct cu cv cw cx cy cz da db dd de df
802.11 (Wi-Fi)	-1997 legacy mode a b c d e f g h i j k n (Wi-Fi 4) p r s u v w y z aa ac (Wi-Fi 5) ad (WiGig) ae af ah ai aj ak aq ax (Wi-Fi 6) ay az ba bb bc bd be (Wi-Fi 7) bf bh bi bk bn (Wi-Fi 8)
802.15	.1 (Bluetooth) .2 .3 .4 (Zigbee) .4a .4b .4c .4d .4e .4f .4g .4z .5 .6 .7

Proposed

Superseded

See also: IEEE Standards Association; Category:IEEE standards

Retrieved from "https://en.wikipedia.org/w/index.php?title=IEEE_802.11w-2009&oldid=1226549539" Category: ●IEEE 802.11 Hidden categories: ●Articles with short description ●Short description is different from Wikidata ●Articles lacking in-text citations from August 2013 ●All articles lacking in-text citations ●This page was last edited on 31 May 2024, at 10:35 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view