Amendment Standard – Superseded. Security mechanisms for IEEE 802.11 are defined in this amendment, which includes a definition of WEP for backward compatibility with the original standard, IEEE Std 802.11, 1999 Edition. This amendment defines TKIP and CCMP, which provide more robust data protection mechanisms than WEP affords. It introduces the concept of a security association into IEEE 802.11 and defines security association management protocols called the 4-Way Handshake and the Group Key Handshake. Also, it specifies how IEEE 802.1X may be utilized by IEEE 802.11 LANs to effect authentication.

PDF Catalog

PDF Pages	PDF Title
3	Cover
5	Local and Metropolitan Area Networks—Specific requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Lay
9	Introduction Participants
15	Contents
20	1. Overview 1.2 Purpose
21	2. Normative references 3. Definitions
25	4. Abbreviations and acronyms
27	5. General description 5.1 General description of the architecture 5.1.1 How wireless LAN systems are different 5.1.1.4 Interaction with other IEEE 802® layers 5.1.1.5 Interaction with non-IEEE 802 protocols 5.2 Components of the IEEE 802.11 architecture 5.2.2 Distribution system (DS) concepts 5.2.2.2 RSNA
28	5.3 Logical service interfaces 5.3.1 Station service (SS) 5.4 Overview of the services 5.4.2 Services that support the distribution service 5.4.2.2 Association 5.4.2.3 Reassociation 5.4.3 Access control and confidentiality controlservices
29	5.4.3.1 Authentication
30	5.4.3.2 Deauthentication 5.4.3.3 PrivacyConfidentiality
31	5.4.3.4 Key management 5.4.3.5 Data origin authenticity 5.4.3.6 Replay detection 5.6 Differences between ESS and IBSS LANs
32	5.7 Message information contents that support the services 5.7.5 PrivacyConfidentiality 5.7.6 Authentication 5.7.7 Deauthentication 5.8 Reference model Figure 11- Portion of the ISO/IEC basic reference model covered in this standard
33	5.9 IEEE 802.11 and IEEE 802.1X 5.9.1 IEEE 802.11 usage of IEEE 802.1X 5.9.2 Infrastructure functional model overview 5.9.2.1 AKM operations with AS
34	Figure 11a- Establishing the IEEE 802.11 association Figure 11b- IEEE 802.1X EAP authentication
35	Figure 11c- Establishing pairwise and group keys
36	5.9.2.2 Operations with PSK 5.9.3 IBSS functional model description 5.9.3.1 Key usage 5.9.3.2 Sample IBSS 4-Way Handshakes Figure 11d- Delivery of subsequent group keys
37	Figure 11e- Sample 4-Way Handshakes in an IBSS
38	5.9.3.3 IBSS IEEE 802.1X Example 5.9.4 Authenticator-to-AS protocol
39	5.9.5 PMKSA caching 6. MAC service definition 6.1 Overview of MAC services 6.1.2 Security services Figure 11f- Example using IEEE 802.1X authentication
40	6.1.4 MAC data service architecture
41	7. Frame formats 7.1 MAC frame formats 7.1.3 Frame fields 7.1.3.1 Frame Control field Figure 11g- MAC data plane architecture
42	7.1.3.1.9 WEPProtected Frame field 7.2 Format of individual frame types 7.2.2 Data frames 7.2.3 Management frames 7.2.3.1 Beacon frame format Figure 13- Frame Control field Table 5- Beacon frame body
43	7.2.3.4 Association Request frame format 7.2.3.6 Reassociation Request frame format 7.2.3.9 Probe Response frame format 7.2.3.10 Authentication frame format Table 7- Association Request frame body Table 9- Reassociation Request frame body Table 12- Probe Response frame body
44	7.3 Management frame body components 7.3.1 Fixed fields 7.3.1.4 Capability Information field 7.3.1.7 Reason Code field Table 18- Reason codes
45	7.3.1.9 Status Code field 7.3.2 Information elements Table 19- Status codes Table 20- Element IDs
46	7.3.2.25 RSN information element Figure 46ta- RSN information element format
47	7.3.2.25.1 Cipher suites Figure 46tb- Suite selector format Table 20da- Cipher suite selectors
48	7.3.2.25.2 AKM suites Table 20db- Cipher suite usage
49	7.3.2.25.3 RSN capabilities Figure 46tc- RSN Capabilities field format Table 20dc- AKM suite selectors
50	7.3.2.25.4 PMKID Table 20dd- PTKSA/GTKSA/STAKeySA replay counters usage
51	8. Security 8.1 Framework 8.1.1 Security methods 8.1.2 RSNA equipment and RSNA capabilities 8.1.3 RSNA establishment
53	8.1.4 RSNA assumptions and constraints (informative) 8.2 Pre-RSNA security methods
54	8.2.1 Wired equivalent privacy (WEP) 8.2.1.1 WEP overview 8.2.1.2 WEP MPDU format Figure 43- Construction of expanded WEP MPDU
55	8.2.1.3 WEP state 8.2.1.4 WEP procedures 8.2.1.4.1 WEP ICV algorithm 8.2.1.4.2 WEP encryption algorithm 8.2.1.4.3 WEP seed construction
56	8.2.1.4.4 WEP MPDU encapsulation 8.2.1.4.5 WEP MPDU decapsulation Figure 43a- WEP encapsulation block diagram
57	8.2.2 Pre-RSNA authentication 8.2.2.1 Overview 8.2.2.2 Open System authentication 8.2.2.2.1 Open System authentication (first frame) Figure 43b- WEP decapsulation block diagram
58	8.2.2.2.2 Open System authentication (final frame) 8.2.2.3 Shared Key authentication 8.2.2.3.1 Shared Key authentication (first frame)
59	8.2.2.3.2 Shared Key authentication (second frame) 8.2.2.3.3 Shared Key authentication (third frame) 8.2.2.3.4 Shared Key authentication (final frame)
60	8.2.2.3.5 Shared key MIB attributes
62	8.3 RSNA data confidentiality protocols 8.3.1 Overview 8.3.2 Temporal Key Integrity Protocol (TKIP) 8.3.2.1 TKIP overview 8.3.2.1.1 TKIP encapsulation
63	8.3.2.1.2 TKIP decapsulation Figure 43c- TKIP encapsulation block diagram
64	8.3.2.2 TKIP MPDU formats Figure 43d- TKIP decapsulation block diagram Figure 43e- Construction of expanded TKIP MPDU
65	8.3.2.3 TKIP MIC 8.3.2.3.1 Motivation for the TKIP MIC
66	Figure 43f- TKIP MIC relation to IEEE 802.11 processing (informative) Figure 43g- TKIP MIC processing format
67	8.3.2.3.2 Definition of the TKIP MIC Figure 43h- Michael message processing
68	8.3.2.4 TKIP countermeasures procedures Figure 43i- Michael block function
69	8.3.2.4.1 TKIP countermeasures for an Authenticator
70	8.3.2.4.2 TKIP countermeasures for a Supplicant Figure 43j- Authenticator MIC countermeasures
71	8.3.2.5 TKIP mixing function 8.3.2.5.1 S-Box Figure 43k- Supplicant MIC countermeasures
73	8.3.2.5.2 Phase 1 Definition (Figure 43l) Figure 43l- Phase 1 key mixing
74	8.3.2.5.3 Phase 2 definition (see Figure 43m)
75	8.3.2.6 TKIP replay protection procedures Figure 43m- Phase 2 key mixing
76	8.3.3 CTR with CBC-MAC Protocol (CCMP) 8.3.3.1 CCMP overview 8.3.3.2 CCMP MPDU format
77	8.3.3.3 CCMP encapsulation Figure 43n- Expanded CCMP MPDU Figure 43o- CCMP encapsulation block diagram
78	8.3.3.3.1 PN processing 8.3.3.3.2 Construct AAD 8.3.3.3.3 Construct CCM nonce Figure 43p- AAD construction
79	8.3.3.3.4 Construct CCMP header 8.3.3.3.5 CCM originator processing 8.3.3.4 CCMP decapsulation Figure 43q- Nonce construction
80	8.3.3.4.1 CCM recipient processing Figure 43r- CCMP decapsulation block diagram
81	8.3.3.4.2 Decrypted CCMP MPDU 8.3.3.4.3 PN and replay detection 8.4 RSNA security association management 8.4.1 Security associations 8.4.1.1 Security association definitions
82	8.4.1.1.1 PMKSA 8.4.1.1.2 PTKSA 8.4.1.1.3 GTKSA
83	8.4.1.1.4 STAKeySA 8.4.1.2 Security association life cycle 8.4.1.2.1 Security association in an ESS
84	8.4.1.2.2 Security association in an IBSS
85	8.4.2 RSNA selection 8.4.3 RSNA policy selection in an ESS
86	8.4.3.1 TSN policy selection in an ESS 8.4.4 RSNA policy selection in an IBSS
87	8.4.4.1 TSN policy selection in an IBSS 8.4.5 RSN management of the IEEE 802.1X Controlled Port 8.4.6 RSNA authentication in an ESS
88	8.4.6.1 Preauthentication and RSNA key management
89	8.4.6.2 Cached PMKSAs and RSNA key management 8.4.7 RSNA authentication in an IBSS
90	8.4.8 RSNA key management in an ESS
91	8.4.9 RSNA key management in an IBSS 8.4.10 RSNA security association termination
92	8.5 Keys and key distribution 8.5.1 Key hierarchy
93	8.5.1.1 PRF
94	8.5.1.2 Pairwise key hierarchy Figure 43s- Pairwise key hierarchy
95	8.5.1.3 Group key hierarchy
96	8.5.2 EAPOL-Key frames Figure 43t- Group key hierarchy (informative)
97	Figure 43u- EAPOL-Key frame Figure 43v- Key Information bit layout
99	Table 20f- Cipher suite key lengths
100	Figure 43w- KDE format Table 20g- Key RSC field Table 20h- KDE
101	Figure 43x- GTK KDE format Figure 43y- STAKey KDE format Figure 43z- MAC address KDE format
102	Figure 43aa- PMKID KDE format
103	8.5.2.1 STAKey Handshake for STA-to-STA link security 8.5.2.2 EAPOL-Key frame notation
104	8.5.3 4-Way Handshake Figure 43ab- STAKey message exchange
105	8.5.3.1 4-Way Handshake Message 1
106	8.5.3.2 4-Way Handshake Message 2 8.5.3.3 4-Way Handshake Message 3
108	8.5.3.4 4-Way Handshake Message 4 8.5.3.5 4-Way Handshake implementation considerations
109	8.5.3.6 Sample 4-Way Handshake (informative) Figure 43ac- Sample 4-Way Handshake
110	8.5.3.7 4-Way Handshake analysis (informative)
111	8.5.4 Group Key Handshake
112	8.5.4.1 Group Key Handshake Message 1
113	8.5.4.2 Group Key Handshake Message 2 8.5.4.3 Group Key Handshake implementation considerations 8.5.4.4 Sample Group Key Handshake (informative)
114	8.5.5 STAKey Handshake Figure 43ad- Sample Group Key Handshake
115	8.5.5.1 STAKey Request message 8.5.5.2 STAKey Message 1
116	8.5.5.3 STAKey Message 2 8.5.5.4 STAKey Message 1 and Message 2 to the initiating STA
117	8.5.6 RSNA Supplicant key management state machine 8.5.6.1 Supplicant state machine states Figure 43ae- RSNA Supplicant key management state machine
118	8.5.6.2 Supplicant state machine variables 8.5.6.3 Supplicant state machine procedures
121	8.5.7 RSNA Authenticator key management state machine
122	Figure 43af- Authenticator state machines, part 1
123	Figure 43ag- Authenticator state machines, part 2 Figure 43ah- Authenticator state machines, part 3
124	8.5.7.1 Authenticator state machine states 8.5.7.1.1 Authenticator state machine: 4-Way Handshake (per STA) Figure 43ai- Authenticator state machines, part 4
125	8.5.7.1.2 Authenticator state machine: Group Key Handshake (per STA) 8.5.7.1.3 Authenticator state machine: Group Key Handshake (global) 8.5.7.2 Authenticator state machine variables
127	8.5.7.3 Authenticator state machine procedures 8.5.8 Nonce generation (informative) 8.6 Mapping EAPOL keys to IEEE 802.11 keys 8.6.1 Mapping PTK to TKIP keys 8.6.2 Mapping GTK to TKIP keys
128	8.6.3 Mapping PTK to CCMP keys 8.6.4 Mapping GTK to CCMP keys 8.6.5 Mapping GTK to WEP-40 keys 8.6.6 Mapping GTK to WEP-104 keys 8.7 Per-frame pseudo-code 8.7.1 WEP frame pseudo-code
130	8.7.2 RSNA frame pseudo-code 8.7.2.1 Per-MSDU Tx pseudo-code
131	8.7.2.2 Per-MPDU Tx pseudo-code 8.7.2.3 Per-MPDU Rx pseudo-code
132	8.7.2.4 Per-MSDU Rx pseudo-code
133	10. Layer management 10.3 MLME SAP interface 10.3.2 Scan 10.3.2.2 MLME-SCAN.confirm 10.3.2.2.2 Semantics of the service primitive 10.3.6 Associate 10.3.6.1 MLME-ASSOCIATE.request 10.3.6.1.2 Semantics of the service primitive 10.3.6.3 MLME-ASSOCIATE.indication 10.3.6.3.2 Semantics of the service primitive
134	10.3.7 Reassociate 10.3.7.1 MLME-REASSOCIATE.request 10.3.7.1.2 Semantics of the service primitive 10.3.7.3 MLME-REASSOCIATE.indication 10.3.7.3.2 Semantics of the service primitive
135	10.3.17 SetKeys 10.3.17.1 MLME-SETKEYS.request 10.3.17.1.1 Function 10.3.17.1.2 Semantics of the service primitive
136	10.3.17.1.3 When generated 10.3.17.1.4 Effect of receipt 10.3.17.2 MLME-SETKEYS.confirm 10.3.17.2.1 Function 10.3.17.2.2 Semantics of the service primitive 10.3.17.2.3 When generated 10.3.17.2.4 Effect of receipt 10.3.18 DeleteKeys 10.3.18.1 MLME-DELETEKEYS.request 10.3.18.1.1 Function 10.3.18.1.2 Semantics of the service primitive
137	10.3.18.1.3 When generated 10.3.18.1.4 Effect of receipt 10.3.18.2 MLME-DELETEKEYS.confirm 10.3.18.2.1 Function 10.3.18.2.2 Semantics of the service primitive 10.3.18.2.3 When generated 10.3.18.2.4 Effect of receipt 10.3.19 MIC (Michael) failure event 10.3.19.1 MLME-MICHAELMICFAILURE.indication 10.3.19.1.1 Function
138	10.3.19.1.2 Semantics of the service primitive 10.3.19.1.3 When generated 10.3.19.1.4 Effect of receipt 10.3.20 EAPOL 10.3.20.1 MLME-EAPOL.request 10.3.20.1.1 Function 10.3.20.1.2 Semantics of the service primitive
139	10.3.20.1.3 When generated 10.3.20.1.4 Effect of receipt 10.3.20.2 MLME-EAPOL.confirm 10.3.20.2.1 Function 10.3.20.2.2 Semantics of the service primitive 10.3.20.2.3 When generated 10.3.20.2.4 Effect of receipt
140	10.3.21 MLME-STAKEYESTABLISHED 10.3.21.1 MLME-STAKEYESTABLISHED.indication 10.3.21.1.1 Function 10.3.21.1.2 Semantics of the service primitive 10.3.21.1.3 When generated 10.3.21.1.4 Effect of receipt 10.3.22 SetProtection 10.3.22.1 MLME-SETPROTECTION.request 10.3.22.1.1 Function 10.3.22.1.2 Semantics of the service primitive
141	10.3.22.1.3 When generated 10.3.22.1.4 Effect of receipt 10.3.22.2 MLME-SETPROTECTION.confirm 10.3.22.2.1 Function 10.3.22.2.2 Semantics of the service primitive 10.3.22.2.3 When generated
142	10.3.22.2.4 Effect of receipt 10.3.23 MLME-PROTECTEDFRAMEDROPPED 10.3.23.1 MLME- PROTECTEDFRAMEDROPPED.indication 10.3.23.1.1 Function 10.3.23.1.2 Semantics of the service primitive 10.3.23.1.3 When generated 10.3.23.1.4 Effect of receipt 11. MAC sublayer management entity 11.3 Association and reassociation
143	11.3.1 Authentication-originating STA 11.3.2 Authentication-destination STA 11.3.3 Deauthentication-originating STA 11.3.4 Deauthentication-destination STA
144	11.4 Association, reassociation, and disassociation 11.4.1 STA association procedures 11.4.2 AP association procedures
145	11.4.3 STA reassociation procedures 11.4.4 AP reassociation procedures
146	11.4.5 STA disassociation procedures 11.4.6 AP disassociation procedures
147	Annex A (informative) Protocol Implementation Conformance Statements (PICS) A.4 PICS proforma-IEEE Std 802.11, 1999 Edition A.4.4 MAC protocol
149	Annex C (normative) Formal description of MAC operation C.3 State machines for MAC stations C.4 State machines for MAC AP
150	Annex D (normative) ASN.1 encoding of the MAC and PHY MIB
166	Annex E (informative) Bibliography E.1 General
167	Annex H (informative) RSNA reference implementations and test vectors H.1 TKIP temporal key mixing function reference implementation and test vector
175	H.1.1 Test vectors
176	H.2 Michael reference implementation and test vectors H.2.1 Michael test vectors
177	H.2.2 Sample code for Michael Table H.1- Test vectors for block function Table H.2- Test vectors for Michael
183	H.3 PRF reference implementation and test vectors H.3.1 PRF reference code
184	H.3.2 PRF test vectors H.4 Suggested pass-phrase-to-PSK mapping H.4.1 Introduction
185	H.4.2 Reference implementation
186	H.4.3 Test vectors H.5 Suggestions for random number generation
187	H.5.1 Software sampling
188	H.5.2 Hardware-assisted solution Figure H.1- Randomness generating circuit
189	H.6 Additional test vectors H.6.1 Notation H.6.2 WEP encapsulation Table H.3- Notation example Table H.4- Sample plaintext MPDU
190	H.6.3 TKIP test vector Table H.5- RC4 encryption Table H.6- Expanded MPDU after WEP encapsulation Table H.7- Sample TKIP parameters
191	H.6.4 CCMP test vector Table H.8- Sample plaintext and ciphertext MPDUs, using parameter from Table H.7
192	H.6.5 PRF test vectors Table H.9- RSN PRF Test Vector 1 Table H.10- RSN PRF Test Vector 2
193	H.7 Key hierarchy test vectors H.7.1 Pairwise key derivation Table H.11- RSN PRF Test Vector 3 Table H.12- RSN PRF Test Vector 4 Table H.13- Sample values for pairwise key derivations
194	Table H.14- Sample derived TKIP temporal key (TK) Table H.15- Sample derived PTK
195	Annex I (normative) Patents

Published By	Publication Date	Number of Pages
IEEE	2006


PDF Format	Searchable	Printable	Preview Now

Standard Title	ISO/IEC/IEEE International Standard – Information technology – Telecommunications and information exchange between systems- Local and metropolitan area networks- Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 6: Medium Access Control(MAC) Security Enhancements
Published Code	IEEE
Publication Date	2006

IEEE 8802-11:2005/AMD6-2006

PDF Catalog

Related products