For the Revere Direction Protocol to work – both the Transmitter and the receiver 802.11 stations need to support Reverse Direction Grant. 802.11 stations supporting Reverse Direction Grant would broadcast their support in the HT Capabilities element – RD Responder field. The HT capabilities element and the RD-Responder field present in the HT-Extended capabilities Info […]

The interested reader can look at an overview of Management Frame Protection in the following article<Management Frame Protection> Management Frame Protection is indicated in the 802.11 frames in the following manner. The RSN Capabilities indicate that the management protection is enabled. Management Frame Protection Required True (set to 1) – Management Frame Protection is required […]

In 802.11, data frames could be transmitted with encryption but management frames were always sent in the open (no encryption). The 802.11w standard amendment introduced management frame protection and the feature is deemed mandatory by the Wi-Fi alliance from 802.11ac onwards. The Management Frame protection would incorporate management frames that are transmitted after the AP […]

Broadcast Integrity protocol provides data integrity and replay protection to broadcast/multicast robust management frames. An IGTKSA (Integrity Group Temporal Key Security Association) should be established and an IGTK (Integrity Group Temporal Key) should be available for encrypting the Broadcast/Multicast frames. Let us take a brief look at the BIP frame format, Management MIC Element and […]

The Interested Reader can look at an overview of Management Frame Protection here <Management Frame Protection> The first Part of this series for BIP is present here <Management Frame Protection – Understanding BIP – Part 1> BIP Transmission The following steps are taken to compute the MIC value for transmission. The standard defines the steps […]

The interested Reader can look at Part 1 of the series here <Security Association (SA) Teardown Protection – Part 1> The different scenarios for SA security Teardown Protection and the message handling at that instance is provided below Scenario 1 – AP receives an association request from an Associated client – non-attack scenario The First […]

802.11w also introduced an association spoofing protection mechanism. It was to prevent replay attacks from tearing down an existing client association. It consists of two mechanisms – 1) Association comeback time 2) SA-Query Procedure Association comeback time When an Access Point (AP) receives an association request from a Client which has an existing association table […]

The TKIP encryption protocol was introduced to rectify the fallacies seen with WEP encryption till a time when a more secure encryption mechanism was developed (AES). Hence, the networks that supported TKIP became a Transition Stationary Network. The TKIP algorithm applied the below modifications to the existing WEP algorithm to address the WEP vulnerabilities The […]

Preauthentication allows a station to perform RSN authentication with an Access Point it is currently not associated to while associated to a different Access Point. This allows the station to move to a different Access point faster when the station has to roam and prevents the Data port being blocked on account of authentication during […]

The reader can understand the association mechanism between a WLAN station and Access point for 802.1X authentication here — <Wireless Capture Example – EAP Handshake – Part 1> and the EAP exchange mechanism in 802.1X here — <Wireless Capture Example – EAP Handshake – Part 2>. The final phase of the 802.1X authentication mechanism is […]