Broadcast Integrity protocol provides data integrity and replay protection to broadcast/multicast robust management frames. An IGTKSA (Integrity Group Temporal Key Security Association) should be established and an IGTK (Integrity Group Temporal Key) should be available for encrypting the Broadcast/Multicast frames.
Let us take a brief look at the BIP frame format, Management MIC Element and AAD (Additional Authentication Data) mechanisms before we look at how the BIP algorithm is employed for transmit and receive of Robust Management Frames.
The encryption algorithm used by BIP is AES-128 in CMAC Mode. The AES-128 (CMAC Mode) algorithm is described in the National Institute of Standards and Technology (NIST) document – NIST SP 800-38B specification.
For More interested readers – the below provides the link for the NIST document
http://dx.doi.org/10.6028/NIST.SP.800-38B-2005
The AES Block Size is 128 bytes and the integrity Key is also 128 bytes. The below formula indicates the operation of generating the MIC value using the IGTK and the AES algorithm
MIC = L(CMAC Output, 0, 64)
The above formula follows the below convention
- MIC = L(Str, F, L) – where
- L – (outside the braces) – stands for “from the left”
- Str – ouput string – in this case the AES CMAC output.
- F – stands for the starting byte value
- L – (inside the braces) – stands for the number of bytes to be extracted starting at location “F” and ending at “F+L-1”
Hence, the above formula expands to “from the left, starting at zero – extract 0 to 63 bits (64 bits in all) of the CMAC output to obtain the MIC value”
BIP Management MPDU (MMPDU) format
The Broadcast Integrity Protocol MMPDU Frame format is provided below
MME – Management MIC Element – this the MIC computed for the frame and it follows all other elements in the Frame but prior to the FCS.
The MME is shown pictorially below
From the Standard (802.11-2012)
- The element ID = 76 (in decimal)
- Length field is set to 16 which includes the KeyID, IPN and the MIC values
- The KeyID identifies the IGTK KeyID that is used in computing the MIC value. The IGTK KeyID is 4 or 5.
- The IPN field indicates a 48 bit unsigned integer that is used to detect replay of a robust management Frame
- The MIC field contains the MIC value computed over the robust management frame
Additional Authentication Data (AAD)
In addition to the IPN replay detection number – the BIP algorithm also incorporates Additional Authentication Data (which is used to compute the MIC). The AAD is computed from the 802.11 MPDU header and incorporates the below (as from the standard)
- FC—MPDU Frame Control field, with:
- Retry bit (bit 11) masked to 0
- Power Management bit (bit 12) masked to 0
- More Data bit (bit 13) masked to 0
- A1—MPDU Address 1 field.
- A2—MPDU Address 2 field.
- A3—MPDU Address 3 field.
The length of the AAD is 20 bytes. The AAD format is provided below
We will see in the next section, how the AAD/IPN and IGTK are employed to transmit/receive a robust management frame.