Protected Data Exchange

The fourth phase in the operation of an RSN is the protected data exchange phase. Before this phase, the AP and STA have already done the following:

 Become associated and negotiated a security policy (discovery phase)

 Mutually authenticated using EAP and derived a Master Session Key using the uncontrolled IEEE 802.1X port, or implicitly authenticated through a previously installed preshared key (authentication phase)

 Generated, distributed and confirmed the session keys through the 4-Way Handshake (KGD phase)

 Derived a pairwise transient key and unblocked the IEEE 802.1X ports (KGD phase). These actions have prepared the AP and STA to communicate securely. During the protected data exchange phase, the AP and STA may now share data securely. The traffic between the AP and STA is

protected using the data confidentiality and integrity algorithms chosen during the discovery phase. IEEE 802.11i supports three methods of data transfer: unicast, multicast, and broadcast.

For RSNs, unicast (also called “directed”) is the type of data transfer used most often during the protected data exchange phase. Unicast data transfer can occur when a unique association exists between the AP and the STA and a pairwise transient key is used for the protection of the traffic. Protections afforded unicast frames include encryption, integrity protection, and replay protection. Additionally, because data forgery is a major security concern in WLANs, unicast frames are equipped with a data origin

authentication mechanism that prevents masquerading attacks. The mechanism allows a STA to confirm whether or not a received data frame originated from the claimed STA.

The broadcast and multicast data transfer mechanisms (also called “group”) allow for common data to be transferred to multiple devices efficiently. Communication between the AP and the STAs is protected using CCMP. Unique Group Key Handshakes with each STA insert the GTK used with CCMP to protect the data exchanges. Because all STAs share the same GTK, a single breach of the GTK affects all STAs. 5.7 Connection Termination

The fifth and final phase in the operation of an RSNA is the connection termination phase. During this phase, the association between the STA and the AP is deleted, and the wireless connection is terminated. This phase provides the elegant teardown of a connection and a restoration to an initialized state. During the connection termination phase, the following events occur:

 The AP deauthenticates the STA.

 The security associations, used internally by the AP to keep track of associations between STAs and APs, are deleted.

 The temporal keys used for encrypting and protecting the integrity of data traffic are deleted.  The IEEE 802.1X controlled port returns to a blocked state so that user traffic cannot pass. The connection termination phase may be entered in several ways, including the following:

 Radio communication between the STA and AP is lost (e.g., STA moves out of range).  The 4-Way Handshake or Group Key Handshake times out during execution.  The RSNIE check during the 4-Way Handshake fails.

 The user powers down the STA or disables the NIC.

 The security policy indicates a termination of the connection (implementation-specific). This phase restores the AP and STA to an initialized state. If further communication is subsequently required, then these devices begin anew at the discovery phase with the re-discovery of the available resources and capabilities.

5.8 Summary

IEEE 802.11 defines how frames are exchanged between STAs and APs. There are three types of IEEE 802.11 frames, as follows:

5-21

 Data frames, which encapsulate packets from upper layer protocols, such as IP, which in turn might contain application data (e.g., e-mail, Web pages).

 Management frames, which include informational probes and beacons, and messages related to the management of association and authentication events.

 Control frames, which are used for requesting and controlling access to the wireless media, such as sending an acknowledgement after receiving a data frame.

By grouping the IEEE 802.11 frame exchanges by function, IEEE 802.11 operation may be thought of as occurring in the following five distinct phases:

 Phase 1: Discovery. The STA identifies an AP for a WLAN with which it wishes to

communicate. The STA locates an AP either by receiving one of the AP’s periodic transmissions of Beacon frames, or by sending a Probe Request to solicit a Probe Response from an AP. After the STA has identified an AP, the STA and the AP exchange frames to negotiate various parameters for their communications. By the end of the phase, the STA and AP have established a security policy that specifies several key security capabilities, such as data confidentiality and integrity protocols for protecting traffic, an authentication method, and a key distribution approach.

 Phase 2: Authentication. During this phase, the STA and AS prove their identities to each other. The authentication frames pass through the AP, which also blocks non-authentication traffic from the STA using IEEE 802.1X port-based access control. The actual authentication mechanism is implemented by the STA and AS using EAP, which provides a framework that allows the use of multiple methods for achieving authentication, including static passwords, dynamic passwords, and public key cryptography certificates. After authentication has been completed, the AAA key is installed in the STA and AS; it serves as a root key to enable the generation of other keys used to secure communications between the STA and AP.

 Phase 3: Key Generation and Distribution (KGD). During the KGD phase, the AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. The KGD phase employs two types of handshakes: a 4-Way Handshake and a Group Key Handshake. Both employ message encryption and integrity checking, using one of two confidentiality and integrity algorithms. For both types of handshakes, NIST requires the use of AES Key Wrap with HMAC-SHA-1-128 instead of RC4 encryption with HMAC-MD5 because AES and SHA-1 are FIPS-approved algorithms, and RC4 and MD5 are not.  Phase 4: Protected Data Transfer. The STA and AP share data securely, using the security

policy and cryptographic keys established during the first three phases. Because secure data transfer occurs between the STA and the AP only, organizations need to consider carefully the security of the data during the rest of its transit (e.g., on the DS).

 Phase 5: Connection Termination. During this phase, the STA and AP tear down their secure connection and delete their association, thereby terminating their wireless connection. The RSN framework introduces the authentication phase, the key generation and distribution phase, and the connection termination phase into IEEE 802.11 operation. Before the IEEE 802.11i amendment, IEEE 802.11 operation involved rudimentary authentication, but only as part of the discovery phase. The RSN framework also introduces new elements and techniques into the other phases, but the basic nature of the dialog remains the same.

Organizations that want to establish IEEE 802.11 RSNs should configure their APs so that they permit the establishment of RSNAs only. During the discovery phase, if an AP permits a WEP-based association with any STA, then not only is that association not an RSNA, but the WLAN is no longer an RSN. All associations must be RSNAs for the WLAN to be considered an RSN. Allowing any WEP-based associations creates significant security holes that can negatively impact the security of the other components of the WLAN. The communications between some STAs and APs will not be protected strongly, and having APs configured to permit the use of pre-RSN capabilities could allow attackers within range of the AP to establish unauthorized connections to it, potentially gaining access to other resources.

5-23

This page has been left blank intentionally.