Friday, 8 February 2013

Deauthentication


4.5.4.3 Deauthentication

The deauthentication service is invoked when an existing Open System, Shared Key, or SAE authentication
is to be terminated. Deauthentication is an SS.
When the deauthentication service is terminating SAE authentication any PTKSA, GTKSA, mesh TKSA, or
mesh GTKSA related to this SAE authentication is destroyed. If PMK caching is not enabled,
deauthentication also destroys any PMKSA created as a result of this successful SAE authentication.
In an ESS, because authentication is a prerequisite for association, the act of deauthentication causes the
STA to be disassociated. The deauthentication service may be invoked by either authenticated party (non-
AP STA or AP). Deauthentication is not a request; it is a notification. The association at the transmitting
STA is terminated when the STA sends a deauthentication notice to an associated STA. Deauthentication,
and if associated, disassociation cannot be refused by the receiving STA except when management frame
protection is negotiated and the message integrity check fails.
In an RSN ESS, Open System 802.11 authentication is required. In an RSN ESS, deauthentication results in
termination of any association for the deauthenticated STA. It also results in the IEEE 802.1X Controlled
Port for that STA being disabled and deletes the pairwise transient key security association (PTKSA). The
deauthentication notification is provided to IEEE Std 802.1X-2004 via the MAC layer.
In an RSNA, deauthentication also destroys any related pairwise transient key security association
(PTKSA), group temporal key security association (GTKSA), station-to-station link (STSL) master key
security association (SMKSA), STSL transient key security association (STKSA), and integrity group
temporal key security association (IGTKSA) that exist in the STA and closes the associated IEEE 802.1X
Controlled Port. If pairwise master key (PMK) caching is not enabled, deauthentication also destroys the
pairwise master key security association (PMKSA) from which the deleted PTKSA was derived.
In an RSN IBSS, Open System authentication is optional, but a STA is required to recognize
Deauthentication frames. Deauthentication results in the IEEE 802.1X Controlled Port for that STA being
disabled and deletes the PTKSA.




at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)