IEEE802.11i
IEEE 802.11i defines protocols to protect data transfer. These protocols are:
- CCMP (Cipher Block Chaining Message Authentication Code Protocol: A Encryption Protocol based upon AES and is more advance than WRAP)
- WRAP (Wireless Robust Authentication Protocol: A Encryption Protocol based upon AES)
- TKIP (Temporal Key Integrity Protocol, For Legacy Devices Only)
IEEE 802.11i utilizes Extensible Authentication Protocol as the end-to-end authentication methods
The data transfer of 802.11i will never send or receive unprotected packets. Two EAPOL-key exchanges are defined in IEEE802.11i. First is the 4-way handshake and the second is the group key handshake.
802.11i data protocols provide confidentiality, data origin authenticity, replay protection. These protocols require a new key on every session.
IEEE 802.11r
IEEE802.11r strengthens wireless voice by speed up the handoffs between access points or cells in a wireless LAN. This protocol allows a wireless client to establish a security and QoS state at a new access point before make a transition. This minimizes the connectivity loss as well as application disruption.
When an 802.11r compliant station enters a mobility zone, it will perform authentication using EAP. This 802.11r standard applies to a 3-tier reference architecture that divides the access network into mobility zones. During the initial association in a mobility zone, 802.11r capable STA and AP will perform an Open system Authentication exchange followed by a FT Re-association Exchange.
Diagram: How 802.11r works
IEEE 802.11k
802.11k defines and exposes radio and network information so as to facilitate radio resource management of a mobile wireless LAN. Works on the stand began in late 2002. Some of the measurements 802.11k defines are:
- Roaming decisions
- RF channel knowledge
- Hidden nodes
- Client statistics
- Transmit Power Control (TCP)
802.11k is designed to be implemented in software and existing WLAN equipment can be upgraded to support it. And for the standard to be effective, both clients and infrastructure will need to support the standard.
IEEE 802.11w
IEEE802.11w will improve wireless security. It builds on the 802.11i framework to protect against subtle attacks on wireless LAN (WLAN) management frames. It aims to mitigate certain types of WLAN DoS attacks such as de-authentication attack and dis-association attack. IEEE802.11w extends strong cryptographic protection to only some specified management frames such as de-authentication frames, disassociation frames and action management frames. 802.11w is a good first line of dense in mitigating WLAN DoS attacks and should be complemented by a DoS detection and mitigation strategy based on a Wireless Intrusion Prevention System (WIPS).
Reference
http://www.tech-faq.com/80211i.html
http://csrc.nist.gov/archive/wireless/S10_802.11i%20Overview-jw1.pdf
http://www.networkworld.com/news/tech/2005/082205techupdate.html
http://www.codealias.info/_media/technotes/80211r-key.jpeg?w=450&h=&cache=cache
http://www.intel.com/standards/case/case_802_11.htm
http://www.networkworld.com/news/tech/2004/0329techupdate.html
http://www.networkworld.com/graphics/2004/0329tu.gif
http://www.networkworld.com/columnists/2006/052906-wireless-security.html
http://www.cwnp.com/cwnp_wifi_blog/wireless-lan-security-and-ieee-802-11w
http://www.codealias.info/_media/technotes/80211r-key.jpeg?w=450&h=&cache=cache
http://www.intel.com/standards/case/case_802_11.htm
http://www.networkworld.com/news/tech/2004/0329techupdate.html
http://www.networkworld.com/graphics/2004/0329tu.gif
http://www.networkworld.com/columnists/2006/052906-wireless-security.html
http://www.cwnp.com/cwnp_wifi_blog/wireless-lan-security-and-ieee-802-11w
No comments:
Post a Comment