IEEE 802.11w-2009

IEEE 802.11w-2009 is an approved amendment to the IEEE 802.11 standard to increase the security of its management frames.

Protected management frames

Current 802.11 standard defines "frame" types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. Task Group 'w' worked on improving the IEEE 802.11 Medium Access Control layer. Its objective was to increase security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions interact with IEEE 802.11r and IEEE 802.11u.

Overview

Single and unified solution needed for all IEEE 802.11 Protection-capable Management Frames.
It uses the existing security mechanisms rather than creating new security scheme or new management frame format.
It is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP.
Its use is optional and can be negotiable between STAs.
Classes
Class 1
* Beacon and probe request/response
* Authentication and de-authentication
* Announcement traffic indication message
* Spectrum management action
* Radio measurement action between STAs in IBSS
Class 2
* Association request/response
* Re-association request/response
* Disassociation
Class 3
* Disassociation/de-authentication
* QoS action frame
* Radio measurement action in infrastructure BSS
* Future 11v management frames
Unprotected frames

It is infeasible/not possible to protect the frame sent before four-ways handshake because it is sent prior to key establishment. The management frames, which are sent after key establishment, can be protected.
Infeasible to protect:

Beacon and probe request/response
Announcement traffic indication message
Authentication
Association request/response
Spectrum management action
Protected frames

Protection-capable management frames are those sent after key establishment that can be protected using existing protection key hierarchy in 802.11 and its amendments.
Only TKIP/AES frames are protected and WEP/open frames are not protected.
The following management frames can be protected:

Disassociate
Deauthenticate
Action Frames: Block ACK Request/Response, QoS Admission Control, Radio Measurement, Spectrum Management, Fast BSS Transition
Channel Switch Announcement directed to a client

Management frames that are required before AP and client have exchanged the transmission keys via the 4 way handshake remain unprotected:

Beacons
Probes
Authentication
Association
Announcement Traffic Indication Message
Channel Switch Announcement as Broadcast

Uni-cast Protection-capable Management Frames are protected by the same cipher suite as an ordinary data MPDU.

MPDU payload is TKIP or CCMP encrypted.
MPDU payload and header are TKIP or CCMP integrity protected.
Protected frame field of frame control field is set.
Only cipher suites already implemented are required.
Sender's pairwise temporal key protects unicast management frame.

Broad-/Multicast Robust Management Frames are protected using Broadcast/multicast integrity protocol

Use Integrity Group Temporal Key received during WPA key handshake
Use Information Element: Management MIC IE with Sequence Number + Cryptographic Hash
Replay protection

Replay protection is provided by already existing mechanisms. Specifically, there is a counter for each transmitted frame; this is used as a nonce/initialization vector in cryptographic encapsulation/decapsulation, and the receiving station ensures that the received counter is increasing.

Usage

The 802.11w standard is implemented in Linux and BSD's as part of the 80211mac driver code base, which is used by several wireless driver interfaces; i.e., ath9k. The feature is easily enabled in most recent kernels and Linux OS's using these combinations. OpenWrt in particular provides an easy toggle as part of the base distribution. The feature has been implemented for the first time into Microsoft operating systems in Windows 8. This has caused a number of compatibility issues particularly with wireless access points that are not compatible with the standard. Rolling back the wireless adapter driver to one from Windows 7 usually fixes the issue.
Wireless LANs without this standard send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that forge disassociation requests that appear to be sent by valid equipment such as Evil Twin attacks.

Popular movies

The Hunger Games (film) - 2012 American dystopian action thriller science fiction-adventure film directed by Gary Ross and based on Suzanne Collins’s 2008 novel of the same name. It is the first insta...
untitled Captain Marvel sequel - part of Marvel Cinematic Universe....
Killers of the Flower Moon (film project) - Killers of the Flower Moon - film project in United States of America. It was presented as drama, detective fiction, thriller. The film project starred Leonardo Dicaprio, Robert De Niro. Director of...
Five Nights at Freddy's (film) - Five Nights at Freddy's - film published in 2017 in United States of America. Scenarist of the film - Scott Cawthon....

Popular books

Book of Revelation - The Book of Revelation is the final book of the New Testament, and consequently is also the final book of the Christian Bible. Its title is derived from the first word of the Koine Greek text: apok...
Book of Genesis - account of the creation of the world, the early history of humanity, Israel's ancestors and the origins...
Gospel of Matthew - The Gospel According to Matthew is the first book of the New Testament and one of the three synoptic gospels. It tells how Israel's Messiah, rejected and executed in Israel, pronounces judgement on ...
Michelin Guide - Michelin Guides are a series of guide books published by the French tyre company Michelin for more than a century. The term normally refers to the annually published Michelin Red Guide , the oldest...
Psalms - The Book of Psalms , commonly referred to simply as Psalms , the Psalter or "the Psalms", is the first book of the Ketuvim , the third section of the Hebrew Bible, and thus a book of th...
Ecclesiastes - Ecclesiastes is one of 24 books of the Tanakh , where it is classified as one of the Ketuvim . Originally written c. 450–200 BCE, it is also among the canonical Wisdom literature of the Old Tes...
The 48 Laws of Power - non-fiction book by American author Robert Greene. The book...

Popular television series

The Crown (TV series) - historical drama web television series about the reign of Queen Elizabeth II, created and principally written by Peter Morgan, and produced by Left Bank Pictures and Sony Pictures Tel...
Friends - American sitcom television series, created by David Crane and Marta Kauffman, which aired on NBC from September 22, 1994, to May 6, 2004, lasting ten seasons. With an ensemble cast sta...
Young Sheldon - spin-off prequel to The Big Bang Theory and begins with the character Sheldon...
Modern Family - American television mockumentary family sitcom created by Christopher Lloyd and Steven Levitan for the American Broadcasting Company. It ran for eleven seasons, from September 23...
Loki (TV series) - upcoming American web television miniseries created for Disney+ by Michael Waldron, based on the Marvel Comics character of the same name. It is set in the Marvel Cinematic Universe, shar...
Game of Thrones - American fantasy drama television series created by David Benioff and D. B. Weiss for HBO. It...
Shameless (American TV series) - American comedy-drama television series developed by John Wells which debuted on Showtime on January 9, 2011. It...

IEEE 802.11w-2009

Protected management frames

Overview

Classes

Unprotected frames

Protected frames

Replay protection

Usage