|
802.11 Fast BSS Transition (FT) – Part 2 of 2 |
|
|
|
Written by Devin Akin
|
|
Wednesday, 22 August 2007 |
|
The IEEE 802.11r amendment introduces a new 3-tier AKM architecture and some new terminology such as Mobility Domain, Key Holders, RICs, and two tiers of Pairwise Master Keys (PMKs). A Mobility Domain is a set of BSSs, within the same ESS, identified by a Mobility Domain Identifier (a numerical value). Fast BSS Transition (FT) is not specified between Mobility Domains. The definition of an authenticator is, under the new amendment, split into two pieces – each being responsible for certain tasks. These two pieces are called the PMK-R0 Key Holder (R0KH) and the PMK-R1 Key Holder (R1KH). These could, in many instances, be considered the WLAN controller (R0KH) and the lightweight AP (R1KH) though this is not a requirement of the amendment.
To contrast with the current AKM structure, the 802.11r authentication server (typically a RADIUS server) sends the Master Session Key (MSK), which is formed at the supplicant and authentication server during the “Initial Mobility Domain Association (IMDA)”, to the authenticator instead of the PMK that is currently sent using 802.11i AKM. This MSK is used to derive the same PMK-R0 (the highest level PMK) on both the supplicant and authenticator. From this PMK-R0, a set of unique-per-AP PMK-R1 keys (the second highest level PMK) is derived on the supplicant and authenticator. The R0KH then distributes (through a mutually-authenticated and confidential connection) each PMK-R1 to the correct R1KH.
Once the PMK-R1 keys are held by the R1KH and the supplicant (which is both an S0KH and S1KH), the FT 4-Way Handshake (performed only once, during the IMDA) can proceed for the purpose of establishing a PTK which will be used for data frame encryption. From there, the FT reassociation mechanism is handled either over-the-DS as part of an FT Request/Response (using Action frames) or over-the-air as part of an authentication request/response procedure. The 802.11r amendment additionally specifies the use of Resource Information Containers (RICs), which are sequences of information elements that include resource request and response parameters. RICs are used as bolt-on parts of over-the-air and over-the-DS FT protocols allowing the supplicant to request resources from new APs for QoS purposes.
For more detailed information on IEEE 802.11r Robust Security Network (RSN) Fast BSS Transition (FT), refer to the CWNP whitepaper by the same name found here:
http://www.cwnp.com/learning_center/search_details.php?doc_id=j8s5
 |
RSS Feed
Delicious
Digg
NewsVine
YahooMyWeb
Subscribe to this comment's feed
1.The BSSs in a Mobility Domain must be in the same channel or can be in different channels in 802.11r?
2.It said:"The R0KH then distributes (through a mutually-authenticated and confidential connection) each PMK-R1 to the correct R1KH."
I want to know how the R0KH distributes each PMK-R1 to the correct R1KH in details?
3.When in Initial Mobility Domain Association , R0KH and R1KH may be the same AP, but along with STA's roaming, R1KH(target AP) should be changed even not communicate with R0KH directly; Before reassociation, the new R1KH must communicate with R0KH(initial AP) to get PMK-R1. This communication must be in wireless or in wired network? This course is between R0KH and R1KH, how different with 802.11i(target-AP and authentication server) before reassociation?This can save roaming time?
Sincerely look forward to your answer! Thank you!