AES Decapsulation

For reference – the interested reader can look at AES Encyption frame format and the AES Encapsulation process in the below articles

The AES decapsulation process is shown below

FIG Courtesy: 802.11 Standard

Some description of the parameters

TK – AES Temporal Key – obtained during EAPOL handshake

PN – Packet Number – initialized to 1 when the Temporal Key (TK) is initialized/refreshed. It increases monotonically for each encrypted packet with the initialized Temporal Key (TK)

AAD – Additional Authentication Data – created from the MPDU header. The AAD construction will be seen in the Encapsulation description below

A2 – MPDU Address field 2

Key ID – Key Identifier obtained during EAPOL handshake

Priority – The QoS TID value of the MPDU packet – set to zero when no QoS Control field is present

The steps involved in the Decapsulation process are described below

  1. The encrypted MPDU is parsed to construct the AAD and nonce values.
  2. The AAD is formed from the MPDU header of the encrypted MPDU.
  3. The Nonce value is constructed from the A2, PN, and Nonce Flags fields.
  4. The MIC is extracted for use in the CCM integrity checking.
  5. The CCM recipient processing uses the temporal key, AAD, nonce, MIC, and MPDU cipher text data to recover the MPDU plaintext data as well as to check the integrity of the AAD and MPDU plaintext data.
  6. The received MPDU header and the MPDU plaintext data from the CCM recipient processing are concatenated to form a plaintext MPDU.
  7. The decryption processing prevents replay of MPDUs by validating that the PN in the MPDU is greater than the replay counter maintained for the session

Next up, we shall look at CSMA/CA mechanisms that were introduced in WLAN. We will also understand the working of Wireless Multi-Media (WMM)/EDCF mechanism for QoS which is currently used by WLAN Stations.

Distributed Co-ordination Function

Leave a Reply

Your email address will not be published. Required fields are marked *