IWLAN standards and protocol info

IEEE 802.11i: WLAN Security Standards


The standard IEEE 802.11i is designed to provide secured communication of wireless LAN as defined by all the IEEE 802.11 specifications. IEEE 802.11i enhances the WEP (Wireline Equivalent Privacy), a technologies used for many years for the WLAN security, in the areas of encryption, authentication and key management. IEEE 802.11i is based on the Wi-Fi Protected Access(WPA), which is a quick fix of the WEB weaknesses.

The IEEE 802.11i has the following key components:

1. Temporal Key Integrity Protocol (TKIP): a data-confidentiality protocol that was designed to improve the security of products that implemented WEP. TKIP uses a message integrity code called Michael, which enables devices to authenticate that the packets are coming from the claimed source. Also TKIP uses a mixing function to defeat weak-key attacks, which enabled attackers to decrypt traffic.

2. Counter-Mode/CBC-MAC Protocol (CCMP): a data-confidentiality protocol that handles packet authentication as well as encryption. For confidentiality, CCMP uses AES in counter mode. For authentication and integrity, CCMP uses Cipher Block Chaining Message Authentication Code (CBC-MAC). In IEEE 802.11i, CCMP uses a 128-bit key. CCMP protects some fields that aren't encrypted. The additional parts of the IEEE 802.11 frame that get protected are known as additional authentication data (AAD). AAD includes the packets source and destination and protects against attackers replaying packets to different destinations.

3.IEEE 802.1x: offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1X ties a protocol called EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods.

4. EAP encapsulation over LANs (EAPOL)– it is the key protocol in IEEE 802.1x for key exchange. Two main EAPOL-key exchanges are defined in IEEE 802.11i. The first is referred to as the 4-way handshake and the second is the group key handshake.

Because IEEE 802.11i has more than one data-confidentiality protocol, IEEE 802.11i provides an algorithm for the IEEE 802.11i client card and access point to negotiate which protocol to use during specific traffic circumstances and to discover any unknown security parameters. 

The 802.11 stack structure is as follows:



Protocol Structure - IEEE 802.11i: WLAN Security Standards

IEEE 802.11i Components:
 

CCMP MPDU Format
 

CCMP CBC-MAC IV format
 

CCMP CTR Format
 

TKIP MPDU Format


Related Protocols
IEEE 802.2 , 802.3, 802.1x, EAP, EAPoL , 802.11, 802.11a, 802.11b, 802.11g, 802.11n , WEP, WPA

Sponsor Source

IEEE802.11i is defined by IEEE (http://www.ieee.org ) 802.11i specifications.

Comments

Post a Comment

Popular posts from this blog

Common Channel Signaling System No. 7

Image
Overview Common Channel Signaling System No. 7  (i.e.,  SS7  or  C7 ) is a global standard for telecommunications defined by the  International Telecommunication Union  (ITU)  Telecommunication Standardization Sector  (ITU-T). The standard defines the procedures and protocol by which network elements in the public switched telephone network (PSTN) exchange information over a digital signaling network to effect wireless (cellular) and wireline call setup, routing and control. The ITU definition of SS7 allows for national variants such as the  American National Standards Institute  (ANSI) and  Bell Communications Research  (Telcordia Technologies) standards used in North America and the  European Telecommunications Standards Institute  (ETSI) standard used in Europe. The SS7 network and protocol are used for: basic call setup, management, and tear down wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber authentication local number por
Read more