Friday, 8 February 2013

Robust security network association (RSNA)


 Robust security network association (RSNA)

An RSNA defines a number of security features in addition to wired equivalent privacy (WEP) and IEEE
802.11 authentication. These features include the following:
— Enhanced authentication mechanisms for STAs
— Key management algorithms
— Cryptographic key establishment
— Enhanced data cryptographic encapsulation mechanisms, such as Counter mode with Cipher-block
chaining Message authentication code Protocol (CCMP), and, optionally, Temporal Key Integrity
Protocol (TKIP).
— Fast basic service set (BSS) transition (FT) mechanism
— Enhanced cryptographic encapsulation mechanisms for robust management frames
An RSNA may rely on components external to the IEEE 802.11 architecture.
The first component is an IEEE 802.1X port access entity (PAE). PAEs are present on all STAs in an RSNA
and control the forwarding of data to and from the medium access control (MAC). An AP always
implements the Authenticator PAE and Extensible Authentication Protocol (EAP) Authenticator roles, and a

non-AP STA always implements the Supplicant PAE and EAP peer roles. In an IBSS each STA implements
both the Authenticator PAE and Supplicant PAE roles and both EAP Authenticator and EAP peer roles.
A second component is the Authentication Server (AS). The AS may authenticate the elements of the RSNA
itself, i.e., the STAs may provide material that the RSNA elements use to authenticate each other. The AS
communicates through the IEEE 802.1X Authenticator with the IEEE 802.1X Supplicant on each STA,
enabling the STA to be authenticated to the AS and vice versa. An RSNA depends upon the use of an EAP
method that supports mutual authentication of the AS and the STA, such as those that meet the requirements
in IETF RFC 4017. In certain applications, the AS may be integrated into the same physical device as the
AP, or into a STA in an IBSS.
In some applications, there is no need for a PAE or AS, and a STA and AP, or two STAs in an IBSS, or two
mesh STAs in an MBSS, may authenticate each other using a password.
An RSNA using fast BSS transition relies on an external protocol to distribute keys between the pairwise
master key (PMK) R0 key holder (R0KH) and PMK-R1 key holder (R1KH) Authenticator components.







at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)