The Interested Reader can look at an overview of Management Frame Protection here <Management Frame Protection>
The first Part of this series for BIP is present here <Management Frame Protection – Understanding BIP – Part 1>
BIP Transmission
The following steps are taken to compute the MIC value for transmission. The standard defines the steps and is pretty straight-forward in understanding the same.
- Select the IGTK currently active for transmission of frames to the intended group of recipients and construct the MME with the MIC field masked to 0 and the KeyID field set to the corresponding IGTK KeyID value. The transmitter shall insert a monotonically increasing non-negative integer into the MME IPN field.
- Compute the AAD
- Compute AES-128-CMAC over the concatenation of (AAD || Management Frame Body including MME), and insert the 64-bit output into the MME MIC field.
- Compose the frame as the IEEE 802.11 header, management frame body, including MME, and FCS.The MME shall appear last in the frame body.
- Transmit the frame
BIP Reception
The following steps are under-taken by a STA on the receipt of a robust management frame
- Identify the appropriate IGTK key and associated state based on the MME KeyID field. If no such IGTK exists, silently drop the frame.
- Perform replay protection on the received frame. The receiver shall interpret the MME IPN field as a 48-bit unsigned integer. It shall compare this MME IPN integer value to the value of the receive replay counter for the IGTK identified by the MME Key ID field. If the integer value from the received MME IPN field is less than or equal to the replay counter value for this IGTK, the receiver shall discard the frame and increment the dot11RSNAStatsCMACReplays counter by 1.
- The receiver shall extract and save the received MIC value, and compute the AES-128-CMAC over the concatenation of (AAD || Management Frame Body including MME) with the MIC field masked to 0 in the MME. If the result does not match the received MIC value, then the receiver shall discard the frame and increment the dot11RSNAStatsCMACICVErrors counter by 1.
- If the replay protection succeeds, compute AAD for this management frame
- Extract and save the received MIC value, and compute the AES-128-CMAC over the concatenation of (AAD || Management Frame Body || MME) with the MIC field masked to 0 in the MME. If the result does not match the received MIC value, then the receiver shall discard the frame and increment the dot11RSNAStatsCMACICVErrors counter by 1.
- Update the replay counter for the IGTK identified by the MME Key ID field with the integer value of the MME IPN field.