IEEE 802.11r-2008

IEEE 802.11r-2008 or fast BSS transition (FT), also called fast roaming, is an amendment to the IEEE 802.11 standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another managed in a seamless manner. It was published on July 15, 2008. IEEE 802.11r-2008 was rolled up into 802.11-2012.[1]

Rationale for the amendment

802.11, commonly referred to as Wi-Fi, is widely used for wireless communications. Many deployed implementations have effective ranges of only a few hundred meters, so, to maintain communications, devices in motion that use it will need to handoff from one access point to another. In an automotive environment, this could easily result in a handoff every five to ten seconds.

Handoffs are already supported under the preexisting standard. The fundamental architecture for handoffs is identical for 802.11 with and without 802.11r: the mobile device is entirely in charge of deciding when to hand off and to which access point it wishes to hand off. In the early days of 802.11, handoff was a much simpler task for the mobile device. Only four messages were required for the device to establish a connection with a new access point (five if you count the optional "I'm leaving" message (deauthentication and disassociation packet) the client could send to the old access point). However, as additional features were added to the standard, including 802.11i with 802.1X authentication and 802.11e (QoS) or Wireless Multimedia Extensions (WMM) with admission control requests, the number of messages required went up dramatically. During the time these additional messages are being exchanged, the mobile device's traffic, including that from voice calls, cannot proceed, and the loss experienced by the user could amount to several seconds.[2] Generally, the highest amount of delay or loss that the edge network should introduce into a voice call is 50 ms.

802.11r was launched to attempt to undo the added burden that security and quality of service added to the handoff process, and restore it to the original four-message exchange. In this way, handoff problems are not eliminated, but at least are returned to the status quo ante.

The primary application currently envisioned for the 802.11r standard is voice over IP (VOIP) via mobile phones designed to work with wireless Internet networks, instead of (or in addition to) standard cellular networks.

Fast BSS Transition

IEEE 802.11r specifies fast Basic Service Set (BSS) transitions between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources (similar to RSVP but defined in 802.11e) to occur in parallel.

The key negotiation protocol in 802.11i specifies that, for 802.1X-based authentication, the client is required to renegotiate its key with the RADIUS or other authentication server supporting Extensible Authentication Protocol (EAP) on every handoff, a time-consuming process. The solution is to allow for the part of the key derived from the server to be cached in the wireless network, so that a reasonable number of future connections can be based on the cached key, avoiding the 802.1X process. A feature known as opportunistic key caching (OKC) exists today, based on 802.11i, to perform the same task. 802.11r differs from OKC by fully specifying the key hierarchy.

Protocol operation

The non-802.11r BSS transition goes through six stages:

  • Scanning – active or passive for other APs in the area.
  • Exchanging 802.11 authentication messages (first from the client, then from the AP) with the target access point.
  • Exchanging reassociation messages to establish connection at target AP.

At this point in an 802.1X BSS, the AP and Station have a connection, but are not allowed to exchange data frames, as they have not established a key.

  • 802.1X pairwise master key (PMK) negotiation.
  • Pairwise transient key (PTK) derivation – 802.11i 4-way handshake of session keys, creating a unique encryption key for the association based on the master key established from the previous step.
  • QoS admission control to re-establish QoS streams.

A fast BSS transition performs the same operations except for the 802.1X negotiation, but piggybacks the PTK and QoS admission control exchanges with the 802.11 Authentication and Reassociation messages.

Problems

In October 2017 security researchers Mathy Vanhoef (imec-DistriNet, KU Leuven) and Frank Piessens (imec-DistriNet, KU Leuven) published their paper "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (KRACK). This paper also listed a vulnerability of common 802.11r implementations and registered the CVE identifier CVE-2017-13082.

On August 4th, 2018 researcher Jens Steube (of Hashcat) described a new technique [3] to crack WPA PSK (Pre-Shared Key) passwords that he states will likely work against all 802.11i/p/r networks with roaming functions enabled.

See also

References


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.