802.11 Fast BSS Transition (FT) Part 2 of 2

802.11 Fast BSS Transition (FT) Part 2 of 2

By CWNP On 08/22/2007 - 3 Comments

The IEEE 802.11r amendment introduces a new 3-tier AKM architecture and some new terminology such as Mobility Domain, Key Holders, RICs, and two tiers of Pairwise Master Keys (PMKs).  A Mobility Domain is a set of BSSs, within the same ESS, identified by a Mobility Domain Identifier (a numerical value).  Fast BSS Transition (FT) is not specified between Mobility Domains.  The definition of an authenticator is, under the new amendment, split into two pieces – each being responsible for certain tasks.  These two pieces are called the PMK-R0 Key Holder (R0KH) and the PMK-R1 Key Holder (R1KH).  These could, in many instances, be considered the WLAN controller (R0KH) and the lightweight AP (R1KH) though this is not a requirement of the amendment.


To contrast with the current AKM structure, the 802.11r authentication server (typically a RADIUS server) sends the Master Session Key (MSK), which is formed at the supplicant and authentication server during the “Initial Mobility Domain Association (IMDA)”, to the authenticator instead of the PMK that is currently sent using 802.11i AKM.  This MSK is used to derive the same PMK-R0 (the highest level PMK) on both the supplicant and authenticator.  From this PMK-R0, a set of unique-per-AP PMK-R1 keys (the second highest level PMK) is derived on the supplicant and authenticator.  The R0KH then distributes (through a mutually-authenticated and confidential connection) each PMK-R1 to the correct R1KH.  

Once the PMK-R1 keys are held by the R1KH and the supplicant (which is both an S0KH and S1KH), the FT 4-Way Handshake (performed only once, during the IMDA) can proceed for the purpose of establishing a PTK which will be used for data frame encryption.  From there, the FT reassociation mechanism is handled either over-the-DS as part of an FT Request/Response (using Action frames) or over-the-air as part of an authentication request/response procedure.  The 802.11r amendment additionally specifies the use of Resource Information Containers (RICs), which are sequences of information elements that include resource request and response parameters.  RICs are used as bolt-on parts of over-the-air and over-the-DS FT protocols allowing the supplicant to request resources from new APs for QoS purposes.

For more detailed information on IEEE 802.11r Robust Security Network (RSN) Fast BSS Transition (FT), refer to the CWNP whitepaper by the same name found here:

3 Responses to 802.11 Fast BSS Transition (FT) Part 2 of 2

Subscribe by Email
Kr Ashwin Says:
01/11/2018 at 04:49am Attachment: Download 15170770_912148562254198_1554389680130230932_n.jpg

Here is all the ideas you need to get to permanently remove any of the web where is my computer windows 10 Browser History and becomes to know through this tutorial free of cost and online.Thank you to share this post.

08/04/2008 at 09:00am
Some answers:

1. Channels have no bearing on mobility domains. Both Single Channel Architectures and Multiple Channel Architectures will support 802.11r.

2. This information is not provided by the 802.11r draft standard. This information is left to the discretion of the vendor building the implementation.

3. R0KH and R1KH are not different APs. The R0KH will likely be the controller, and the R1KH will likely be the AP. Refer to this document for more information:

08/04/2008 at 02:41am
Some questions:
1.The BSSs in a Mobility Domain must be in the same channel or can be in different channels in 802.11r?

2.It said:"The R0KH then distributes (through a mutually-authenticated and confidential connection) each PMK-R1 to the correct R1KH."
I want to know how the R0KH distributes each PMK-R1 to the correct R1KH in details?

3.When in Initial Mobility Domain Association , R0KH and R1KH may be the same AP, but along with STA's roaming, R1KH(target AP) should be changed even not communicate with R0KH directly; Before reassociation, the new R1KH must communicate with R0KH(initial AP) to get PMK-R1. This communication must be in wireless or in wired network? This course is between R0KH and R1KH, how different with 802.11i(target-AP and authentication server) before reassociation?This can save roaming time?

Sincerely look forward to your answer! Thank you!

<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More