RSN Information Element

The RSN information element was brought out by the IEEE 802.11i Task Group. RSN stands for Robust Security Network and it made AES cipher mandatory with the use of Robust Security Network.

The TKIP cipher can be used as Multicast/Broadcast cipher and so can WEP-40/WEP104, but if the authentication method is 802.1X then WEP-40/WEP-104/TKIP are not allowed as group cipher as well.

TKIP as a pairwise cipher with WEP-40/WEP104 as Group Cipher is also not supported

The RSN Information Element is provided below. The Size of the RSN IE is limited to a maximum of 255 bytes

Fig Courtesy – 802.11 Standard

Element ID – 48

Length – provides the number of bytes in the RSN Information element

Version – RSN version number – set to 1

Group Cipher Suite – it contains the Organizational Unique Identifier and the type of encryption selected. Default OUI is 00-0F-AC

Pairwise Cipher suite count – indicates the number of pairwise cipher suites supported

Pairwise Cipher suite list – list of different pairwise cipher suites supported

AKM Count – number of Authentication Key Management Suites supported

AKM Suite list – list of Authentication Key Management Suites

RSN Capabilities – provides additional capabilities supported

PMKID Count – The PMKID Count is used in the re-association request frame/FT authentication sequence frames only. It defines the number of Pairwise Master Key Security Association Identifiers in the PMKID List

PMKID List – List of PMKIDs

Group Management Cipher suite – cipher suite selected to protect group addressed robust management frames

The below Table taken from the 802.11-2012TM Standard indicates the different Cipher suite selections available for group/pairwise and group Management protection

The AKM Cipher list is shown below taken from the 802.11-2012TM Standard

Fig Courtesy – 802.11 Standard

802.1X and Pre-shared Key Authentication

Leave a Reply

Your email address will not be published. Required fields are marked *