802.11 Fast BSS Transition (FT) Part 2 of 2

802.11 Fast BSS Transition (FT) Part 2 of 2

By CWNP On 08/22/2007 - 8 Comments

The IEEE 802.11r amendment introduces a new 3-tier AKM architecture and some new terminology such as Mobility Domain, Key Holders, RICs, and two tiers of Pairwise Master Keys (PMKs).  A Mobility Domain is a set of BSSs, within the same ESS, identified by a Mobility Domain Identifier (a numerical value).  Fast BSS Transition (FT) is not specified between Mobility Domains.  The definition of an authenticator is, under the new amendment, split into two pieces – each being responsible for certain tasks.  These two pieces are called the PMK-R0 Key Holder (R0KH) and the PMK-R1 Key Holder (R1KH).  These could, in many instances, be considered the WLAN controller (R0KH) and the lightweight AP (R1KH) though this is not a requirement of the amendment.


To contrast with the current AKM structure, the 802.11r authentication server (typically a RADIUS server) sends the Master Session Key (MSK), which is formed at the supplicant and authentication server during the “Initial Mobility Domain Association (IMDA)”, to the authenticator instead of the PMK that is currently sent using 802.11i AKM.  This MSK is used to derive the same PMK-R0 (the highest level PMK) on both the supplicant and authenticator.  From this PMK-R0, a set of unique-per-AP PMK-R1 keys (the second highest level PMK) is derived on the supplicant and authenticator.  The R0KH then distributes (through a mutually-authenticated and confidential connection) each PMK-R1 to the correct R1KH.  

Once the PMK-R1 keys are held by the R1KH and the supplicant (which is both an S0KH and S1KH), the FT 4-Way Handshake (performed only once, during the IMDA) can proceed for the purpose of establishing a PTK which will be used for data frame encryption.  From there, the FT reassociation mechanism is handled either over-the-DS as part of an FT Request/Response (using Action frames) or over-the-air as part of an authentication request/response procedure.  The 802.11r amendment additionally specifies the use of Resource Information Containers (RICs), which are sequences of information elements that include resource request and response parameters.  RICs are used as bolt-on parts of over-the-air and over-the-DS FT protocols allowing the supplicant to request resources from new APs for QoS purposes.

For more detailed information on IEEE 802.11r Robust Security Network (RSN) Fast BSS Transition (FT), refer to the CWNP whitepaper by the same name found here:

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to 802.11 Fast BSS Transition (FT) Part 2 of 2

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More