4.5.4.4 Data confidentiality
In a wired LAN, only those STAs physically connected to the wire can send or receive LAN traffic. With awireless shared medium, there is no physical connection, and all STAs and certain other RF devices in or
near the LAN might be able to send, receive, and/or interfere with the LAN traffic. An IEEE 802.11-
compliant STA can receive like-PHY IEEE 802.11 traffic that is within range and can transmit to any other
IEEE 802.11 STA within range. Thus, the connection of a single wireless link (without data confidentiality)
to an existing wired LAN may seriously degrade the security level of the wired LAN.
To bring the security of the WLAN up to the level implicit in wired LAN design, IEEE Std 802.11 provides
the ability to protect the contents of messages. This functionality is provided by the data confidentiality
service. Data confidentiality is an SS.
IEEE Std 802.11 provides several cryptographic algorithms to protect data traffic, including: WEP, TKIP,
and CCMP. WEP and TKIP are based on the ARC419 algorithm, and CCMP is based on the advanced
encryption standard (AES). A means is provided for STAs to select the algorithm(s) to be used for a given
association.
IEEE Std 802.11 provides one security protocol, CCMP, for protection of individually addressed robust
management frames. This standard does not provide data confidentiality for group addressed robust
management frames.
IEEE Std 802.11 provides one security protocol, CCMP, for protection of individually addressed and group
addressed data frames between mesh STAs.
The default data confidentiality state for all IEEE 802.11 STAs is “in the clear,” i.e., without protection. If
the data confidentiality service is not invoked, all frames are sent unprotected. If this policy is unacceptable
to the sender, it does not send data frames; and if the policy is unacceptable to the receiver, it discards any
received data frames. Unprotected data frames and unprotected robust management frames received at a
STA configured for mandatory data confidentiality, as well as protected data frames and protected robust
management frames using a key not available at the receiving STA, are discarded without an indication to
LLC (or without indication to distribution services in the case of “To DS” frames received at an AP). These
frames are acknowledged on the WM [if received without frame check sequence (FCS) error] to avoid
wasting WM bandwidth on retries of frames that are being discarded.
No comments:
Post a Comment