IEEE 802.11w-2009 is an approved amendment to the IEEE 802.11 standard to enhance the security of its management personnel.
Content
Protected Management Frames
The current 802.11 standard defines frame types for use in managing and monitoring wireless links. IEEE 802.11w is the standard for secure management frames for the IEEE 802.11 family of standards. TGw is working to improve the IEEE 802.11 access control level. The purpose of this is to increase security by ensuring the confidentiality of data from management personnel, mechanisms ensuring data integrity, data source authenticity and replay protection. These extensions interact with IEEE 802.11r and IEEE 802.11u.
Overview
- A single and unified solution for all IEEE 802.11 protected management frames.
- It uses existing security mechanisms, rather than creating a new security scheme or a new control frame format.
- This is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP .
- Its use is not mandatory and can be negotiated between STAs.
Classes
- 1 class
- Lighthouse and probe request / response
- Authentication and de-authentication
- Message with traffic indication (announcement traffic indication message - ATIM)
- Spectrum of action management
- The effect of radio measurements between STAs in IBSS
- 2 class
- Association request / response
- Re-association request / response
- Dissociation
- 3 class
- Dissociation / deauthentication
- QoS Action Frame
- Radio metering actions in the BSS infrastructure
- Future 11v control footage
Unprotected frames
It is impossible to protect a frame sent before the 4-step “handshake” because it was sent before the key was created. Control frames sent after key creation can be protected. Any control frames that are sent before key creation are not protected.
- signal (beacon ) and trial (probe) frame request / response
- Announcement Traffic Indication Message (ATIM)
- Authentication
- Association request / response
- Spectrum Management Action
Protected Frames
Management frames with security are those that are sent after the key is established and can be protected using the existing hierarchy of security keys in 802.11 and its corrections. Only TKIP / AES frames are protected, and WEP / open frames are not protected.
- Disconnection and deauthentication
- Radio Measurement Action for BSS Infrastructure (802.11k Frames)
- QoS Action Frame (802.11e Frames)
- Future 11v control frames (802.11v frames)
Security control frames with protection are protected by the same cipher suite as regular MPDU data.
- MPDU payload is encrypted using TKIP or CCMP .
- The payload and MPDU header are protected by TKIP or CCMP .
- The subfield of the protected frame of the frame control field is set.
- Only already implemented cipher suites are required.
- The pairwise temporary key of the sender (PTK) protects the unicast control frame, and the group temporary key (GTK) is used to protect the broadcast / multicast control frame.
- The IE RSN (802.11i) capability bit used to indicate whether protected control frames are protected.
Replay protection
Protection against repetition is provided by existing mechanisms. In particular, there is a counter (for each station per key for each priority) of each transmitted frame; is used as a vector / initialization (IV) in cryptographic encapsulation / decapsulation, and the receiving station ensures that the received counter is incremented.
Use
The 802.11w standard is implemented in Linux and BSD as part of the 80211mac driver codebase, which is used by several wireless driver interfaces, i.e., ath9k . This feature is easily enabled in most recent Linux kernels and operating systems using these combinations. In particular, OpenWrt provides a simple switch as part of the base distribution. This feature was first implemented in Microsoft operating systems on Windows 8. This caused a number of compatibility issues, especially with wireless access points that are not compatible with the standard. Reversing the wireless adapter driver to one of Windows 7 usually fixes the problem. Wireless LANs send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that fake dissociation requests that appear to be sent by existing equipment.