IEEE HomeSearch IEEE ShopWeb Account Contact IEEE IEEE
MembershipPublicationsServicesStandardsConferencesCareers/Jobs
IEEE-SA IEEE-SA Member Area Search our standards database for Abstract, Sponsor, Status, Contact,Ordering and Historical information. IEEE-SA Standards Association
Products & ServicesIEEE-SA MembershipStandards DevelopmentNews & InformationnavFillerHOMEHOME Icon

IEEE Std 802.11i™-2004 Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) SpecificationsAmendment 6: Medium Access Control (MAC) Security Enhancements -Description

Abstract: Security mechanisms for IEEE 802.11 are defined in this amendment, which includes a definition of WEP for backward compatibility with the original standard, IEEE Std 802.11 1999 Edition. This amendment defines TKIP and CCMP, which provide more robust data protection mechanisms than WEP affords. It introduces the concept of a security association into 802.11 and defines security association management protocols called the 4-Way Handshake and the Group Key Handshake. Also, it specifies how IEEE 802.1X may be utilized by IEEE 802.11 LANs to effect authentication.

Keywords: AES, authentication, CCM, CCMP, confidentiality, countermeasures, data authenticity, EAPOL-Key, 4-Way Handshake, Group Key Handshake, IEEE 802.1X, key management, key mixing, Michael, RC4, replay protection, robust security network, RSN, security, security association, TKIP, WEP

Content +

  • 1. Overview
    • 1.2 Purpose
    • 2. Normative references
    • 3. Definitions
    • 4. Abbreviations and acronyms
    • 5. General description
    • 5.1 General description of the architecture
      • 5.1.1 How wireless LAN systems are different
    • 5.2 Components of the IEEE 802.11 architecture
      • 5.2.2 Distribution system (DS) concepts
    • 5.3 Logical service interfaces
      • 5.3.1 Station service (SS)
    • 5.4 Overview of the services
      • 5.4.2 Services that support the distribution service
      • 5.4.3 Access control and confidentiality controlservices
    • 5.6 Differences between ESS and IBSS LANs
    • 5.7 Message information contents that support the services
      • 5.7.5 PrivacyConfidentiality
      • 5.7.6 Authentication
      • 5.7.7 Deauthentication
    • 5.8 Reference model
    • 5.9 IEEE 802.11 and IEEE 802.1X
      • 5.9.1 IEEE 802.11 usage of IEEE 802.1X
      • 5.9.2 Infrastructure functional model overview
      • 5.9.3 IBSS functional model description
      • 5.9.4 Authenticator-to-AS protocol
      • 5.9.5 PMKSA caching
    • 6. MAC service definition
    • 6.1 Overview of MAC services
      • 6.1.2 Security services
      • 6.1.4 MAC data service architecture
    • 7. Frame formats
    • 7.1 MAC frame formats
      • 7.1.3 Frame fields
    • 7.2 Format of individual frame types
      • 7.2.2 Data frames
      • 7.2.3 Management frames
    • 7.3 Management frame body components
      • 7.3.1 Fixed fields
      • 7.3.2 Information elements
    • 8. Security
    • 8.1 Framework
      • 8.1.1 Security methods
      • 8.1.2 RSNA equipment and RSNA capabilities
      • 8.1.3 RSNA establishment
      • 8.1.4 RSNA assumptions and constraints (informative)
    • 8.2 Pre-RSNA security methods
      • 8.2.1 Wired equivalent privacy (WEP)
      • 8.2.2 Pre-RSNA authentication
    • 8.3 RSNA data confidentiality protocols
      • 8.3.1 Overview
      • 8.3.2 Temporal Key Integrity Protocol (TKIP)
      • 8.3.3 CTR with CBC-MAC Protocol (CCMP)
    • 8.4 RSNA security association management
      • 8.4.1 Security associations
      • 8.4.2 RSNA selection
      • 8.4.3 RSNA policy selection in an ESS
      • 8.4.4 RSNA policy selection in an IBSS
      • 8.4.5 RSN management of the IEEE 802.1X Controlled Port
      • 8.4.6 RSNA authentication in an ESS
      • 8.4.7 RSNA authentication in an IBSS
      • 8.4.8 RSNA key management in an ESS
      • 8.4.9 RSNA key management in an IBSS
      • 8.4.10 RSNA security association termination
    • 8.5 Keys and key distribution
      • 8.5.1 Key hierarchy
      • 8.5.2 EAPOL-Key frames
      • 8.5.3 4-Way Handshake
      • 8.5.4 Group Key Handshake
      • 8.5.5 STAKey Handshake
      • 8.5.6 RSNA Supplicant key management state machine
      • 8.5.7 RSNA Authenticator key management state machine
      • 8.5.8 Nonce generation (informative)
    • 8.6 Mapping EAPOL keys to IEEE 802.11 keys
      • 8.6.1 Mapping PTK to TKIP keys
      • 8.6.2 Mapping GTK to TKIP keys
      • 8.6.3 Mapping PTK to CCMP keys
      • 8.6.4 Mapping GTK to CCMP keys
      • 8.6.5 Mapping GTK to WEP-40 keys
      • 8.6.6 Mapping GTK to WEP-104 keys
    • 8.7 Per-frame pseudo-code
      • 8.7.1 WEP frame pseudo-code
      • 8.7.2 RSNA frame pseudo-code
    • 10. Layer management
    • 10.3 MLME SAP interface
      • 10.3.2 Scan
      • 10.3.6 Associate
      • 10.3.7 Reassociate
      • 10.3.17 SetKeys
      • 10.3.18 DeleteKeys
      • 10.3.19 MIC (Michael) failure event
      • 10.3.20 EAPOL
      • 10.3.21 MLME-STAKEYESTABLISHED
      • 10.3.22 SetProtection
      • 10.3.23 MLME-PROTECTEDFRAMEDROPPED
    • 11. MAC sublayer management entity
    • 11.3 Association and reassociation
      • 11.3.1 Authentication—originating STA
      • 11.3.2 Authentication—destination STA
      • 11.3.3 Deauthentication—originating STA
      • 11.3.4 Deauthentication—destination STA
    • 11.4 Association, reassociation, and disassociation
      • 11.4.1 STA association procedures
      • 11.4.2 AP association procedures
      • 11.4.3 STA reassociation procedures
      • 11.4.4 AP reassociation procedures
      • 11.4.5 STA disassociation procedures
      • 11.4.6 AP disassociation procedures
  • Annex A Protocol Implementation Conformance Statements (PICS)
    • A.4 PICS proforma—IEEE 802.11, 1999 Edition
      • A.4.4 MAC protocol
  • Annex C Formal description of MAC operation
    • C.3 State machines for MAC stations
    • C.4 State machines for MAC AP
  • Annex D ASN.1 encoding of the MAC and PHY MIB
  • Annex E Bibliography
    • E.1 General
  • Annex H RSNA reference implementations and test vectors
    • H.1 TKIP temporal key mixing function reference implementation and test vector
      • H.1.1 Test vectors
    • H.2 Michael reference implementation and test vectors
      • H.2.1 Michael test vectors
      • H.2.2 Sample code for Michael
    • H.3 PRF reference implementation and test vectors
      • H.3.1 PRF reference code
      • H.3.2 PRF test vectors
    • H.4 Suggested pass-phrase-to-PSK mapping
      • H.4.1 Introduction
      • H.4.2 Reference implementation
      • H.4.3 Test vectors
    • H.5 Suggestions for random number generation
      • H.5.1 Software sampling
      • H.5.2 Hardware-assisted solution
    • H.6 Additional test vectors
      • H.6.1 Notation
      • H.6.2 WEP encapsulation
      • H.6.3 TKIP test vector
      • H.6.4 CCMP test vector
      • H.6.5 PRF test vectors
    • H.7 Key hierarchy test vectors
      • H.7.1 Key hierarchy test vectors

links: [Standard Status] - [Purchase] - [PDF*] - [LAN/MAN (802) Collection - Description]

available for Standards Online LAN/MAN (802) Collection subscribers only
spacer

Copyright ©2004 IEEE-SA
Contact IEEE-SA
(m.v.rodriguez@ieee.org)
URL: http://standards.ieee.org/reading/ieee/std_public/description/lanman/802.11i-2004_desc.html

 spacer