EAP Packets and EAPoL Frames
All EAPoL frames are normal IEEE 802.11 data frames, thus they follow the format of IEEE 802.11 MSDUs and MPDUs. With reference to the IEEE 802.11 frame format defined in IEEE 802.11-1999 Clause 7.1.2, an MPDU may be up to 2346 octets in length, which encapsulates an MSDU payload that is up to 2312 octets in length. The remaining 34 octets in the MPDU comprise the IEEE 802.11 header (24 or 30 octets) and the four-octet Frame Check Sequence that concludes the frame. For practical reasons, it is safer to presume that the long form of the MPDU header will be used, so that the MSDU will not need to be fragmented.
EAPoL messages, like other data packets (MSDUs) that are transmitted over IEEE 802.11 LANs, are de-multiplexed using information contained in the LLC (or LLC/SNAP) header, which comprises the first three (or eight) octets of the MSDU. In the particular case of EAPoL frames, LLC/SNAP encapsulation is used. Figure 7-20 illustrates an MPDU that contains an EAP packet, encapsulated in an EAPoL (IEEE 802.1X) header.
IEEE 802.11r
Access points that support 802.11 fast transitions advertise this capability in Beacon and Probe responseframes by including a Mobility Domain Information Element (MDIE) described in 802.11r.
During the initial association in a mobility zone, a 802.11r capable STA and AP perform an Open System Authentication exchange, followed by a a FT Reassociation Exchange that differs from 802.11 Reassociation Exchange by including an MDIE in the Reassociation Request to indicate that the STA wishes to use 802.11r. Moreover, a Fast Transition Information Element (FTIE) is included in the Reassiciation Responseframe issued by the AP. The FTIE carries the R0KH-ID as well as the current access point's R1KH-ID. After successful 802.11X authentication, the AP and STA engage in a FT four-way handshake that differs from the 802.11i handshake by carrying extra MDIE and FTIE components, needed for the derivation of PMK-R1s and PTKs.
Exchanges for performing subsequent handoffs within the mobility domain are slightly different. The 802.11r amendment attempts to reduce latency by overlaying key management on top of the 802.11 re association process. The Authentication Exchange and the Association Exchange are used to perform a FT Protocolexchange that allows the STA and AP to agree on the PMK-R1 and derive PTKs. The FT protocol thus replaces the FT four-way handshake and reduces the total number of messages to perform a full re-association to four.
When the STA wishes to (pre-)associate with an AP over the distribution system, the STA and the AP perform an Over the DS FT Protocol exchange. The AP to which the STA is currently associated routes the frames between the STA and the target AP. The FT protocol over the DS uses a new FT Request/Response (Actionframes) Exchange to replace the Authentication exchange followed by an Association Exchange to negociate ciphersuites and derive PTKs on both the STA and the AP.
IEEE 802.11k
• Allow encapsulation of Action frames as data frames
• Does not affect other management frames
Incoming
• Incoming Action Ethertype data frame passed up by driver to the OS
• OS passes information back down to the driver via an OID
• Result: no special treatment for Action Ethertype in driver.
Outgoing
• Driver requests formation of an Action frame from the OS.
• OS encapsulates Action frame in an Action Ethertype and sends it back down to the driver.
Pros
• Guaranteed to work on all existing hardware.
• No need for separate negotiation, configuration or policy
• No changes to existing security mechanisms.
• RRM uses implemented ciphersuites.
• No modifications to 4-way handshake.
• Compatible with WPA2 driver model.
• Driver passes up SMI-Information frames to OS as data
• OS reflects SMI-Information frames back down to the driver via OIDs
• Enables sending of RRM frames over the DS in future.
Cons
• Requires allocation of new Ethertype
• Experimental Ethertype used until actual Ethertype allocated
IEEE 802.11w
IEEE 802.11w, an amending standard for 802.11i, provides protection for management frames in WLAN. However, the frames are vulnerable to be eavesdropped, forged and distorted before the Four-Way Handshake complete. An improved mechanism named Temporary Safe Tunnel (TST) is proposed to solve the problem above. Since TST has been meticulously designed, it is low cost and improves the security of WLAN.
References:
No comments:
Post a Comment