SlideShare a Scribd company logo

Fast Roaming 802.11r.docx

N
Nitin381584

802.11r Fast Transition Roaming

Education
1 of 10
Download to read offline
The regular Wi-Fi association process Here are the normal, or pre 802.11r, steps followed by a client device as it connects to an access point or roams from one access point to another. 1. Authentication (client) 2. Authentication Response (AP) 3. (Re)Association Request (client) 4. (Re)Association Response (AP) 5. WPA2 Enterprise 802.1X/EAP (client, AP, and authentication server); skipped in WPA2 Personal 6. Four-way handshake #1 – AP nonce passed to client (AP) 7. Four-way handshake #2 – Supplicant nonce passed to AP (client) 8. Derivation of encryption key (AP and client independently) 9. Four-way handshake #3 – verification of derived encryption key and communication of group transient key (AP) 10. Four-way handshake #4 – acknowledgement of successful decryption (client) Note, a nonce is a pseudo-random number generated for the purpose of seeding the encryption algorithm. Both the AP (anonce) and the client supplicant device (snonce) generate their own nonces as part of the negotiation. 802.11r Fast Transition Roaming The initial handshake with the new Access Point (AP) occurs before client roams to the target AP, called as Fast Transition (FT). 802.11r eliminates the handshake overhead while roaming and thereby reduces the hand off times between APs, which provides security and QoS. It is useful for client devices with delay-sensitive applications, such as, voice and video over Wi-Fi. In fast BSS transition(802.11r) the complete roaming and key generation happens in just 4 frames message exchanges i.e. (Authentication Request, Authentication Response, Re-association Request, Re- association Response),Which significantly reduces the roaming time for WLANs running VoWiFi services. The 4 frames contains the sufficient information build a PTKSA between UE (STA) and targeted AP. AP announces support of over the air BSS transition in MDIE (Mobility Domian Information Element) in beacons, probe response and (Re)association response frames. UE which wish to associate to the FT enabled AP in its authentication and (Re)association request must have the matching MDIE information. Initial handshake allows the client and APs to do Pairwise Master Key (PMK) calculation in advance. Once the client performs the re-association request or response exchange with the new AP, the PMK keys are applied to the client and AP. The FT key hierarchy allows clients to make fast Base Station Subsystem (BSS) transitions between APs without the need for re-authentication at every AP. Methods of Client Roaming For a client to move from the current AP to target AP using FT protocols, the message exchanges are performed using one of the following methods:  Over-the-Air FT Roaming  Over-the-DS (Distribution System) FT Roaming
Over-the-Air Fast Transition Roaming The client communicates directly with the target AP using IEEE 802.11 authentication with the FT authentication algorithm. In FT key architecture, Key derivation follows following pattern: MSK —> PMKR0 —–>PMKR1s —-> PTK. Its has respective Key holders (KH) for holding and deriving PMK keys (R0 and R1) and distribute it to other key holders which are lower in key hierarchy. Note: S0, S1 indicates key holders on UE and R0, R1 indicates key holders on AP.
We will see further details in below with wireless captures: 1. APs announces support of over the air BSS transition in probe response frame below. Note that the Fast BSS transition over DS bit is set to 0 which means Over the Air. 2. UE(STA) connection to initial AP(00:b9:6f) , It includes initial AP association,802.1x authentication (EAP- AKA)in this case & after successful authentication from authentication server. Finally, 4 way handshake happens for generation of encryption keys. 3. When UE decides to roam it already knows the capabilities of target AP(ec:09:cf) in probe response. UE send authentication request with with SNonce and R0-KH id to target AP. PMK-R0 key holder identifier (R0KH-ID). In RSN information it has AKM as FT over IEEE 802.1x. SNonce contains value chosen by S1KH.
4. Target AP uses R1KH-ID indicates the identity of the R1KH, which is used by the S0KH and the R0KH for deriving the PMK-R1s.PMK-R1 key holder identifier (R1KH-ID).It sends R1KH id,ROKH id along with ANONCE in authentication response to UE. ANONCE contains value chosen by R1KH
5. UE generates PTK and PTK SA from PMK-R1 ,PMKR1Name,ANonce & SNonce.You can see in re-association message its MIC protected. 6. Targeted AP sends re-association response to UE.The GTK subelement contains the group temporal key, which is encrypted. GTK keys are sent to UE for encrypting multicast and broadcast traffic.
Roaming Over-the-Air Intra (Same) Controller When a client is roaming between AP1 and AP2 that are connected to the same controller, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2. 3. Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2. 4. Client completes its roam from AP1 to AP2. Roaming Over the Air Inter Controller When a client is roaming between AP1 and AP2 which are connected to different controllers such as WLC1 and WLC2, respectively, within mobility group, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2. 3. WLC-1 sends PMK and mobility message to WLC-2 about the roaming client that uses mobility infrastructure. 4. Client completes its roam from AP1 to AP2.
Over-the-Distribution System Fast Transition Roaming In roaming over the DS, the client communicates with the target AP through the current AP. The communication is in FT action frames between the client and the current AP through the controller.
Roaming Over the DS Intra Controller When a client is roaming between AP1 and AP2 that are connected to the same controller, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1. 3. The controller sends the pre-authentication information to AP2 as the APs are connected to the same controller. 4. Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2. 5. Client completes its roam from AP1 to AP2. Roaming Over the DS Inter Controller When a client is roaming between AP1 and AP2 that are connected to the different controllers such as WLC1 and WLC2 respectively within a mobility group, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2.
2. Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1. 3. WLC-1 sends Pairwise Master Key (PMK) and mobility message to WLC-2 about the roaming client. 4. Client completes its roam from AP1 to AP2. How to configure Fast Roaming in Cisco/ Cambium/ Aruba?
Fast Roaming 802.11r.docx

Recommended

Machakos University Online Voting Module
Machakos University Online Voting ModuleMachakos University Online Voting Module
Machakos University Online Voting ModuleMUC
 
Parallel Adder
Parallel Adder Parallel Adder
Parallel Adder Soudip Sinha Roy
 
Microprocessor for microwave oven
Microprocessor for microwave ovenMicroprocessor for microwave oven
Microprocessor for microwave ovenAkash Lal
 
Arithmetic Logic Unit .
Arithmetic Logic Unit .Arithmetic Logic Unit .
Arithmetic Logic Unit .Deyaa Ahmed
 
Combinational circuit
Combinational circuitCombinational circuit
Combinational circuitsaravana kumaar
 
8051 experiments1
8051 experiments18051 experiments1
8051 experiments1tt_aljobory
 
1.ripple carry adder, full adder implementation using half adder.
1.ripple carry adder, full adder implementation using half adder.1.ripple carry adder, full adder implementation using half adder.
1.ripple carry adder, full adder implementation using half adder.MdFazleRabbi18
 
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086samirbharat77
 

Recommended

Machakos University Online Voting Module
Machakos University Online Voting ModuleMachakos University Online Voting Module
Machakos University Online Voting ModuleMUC
 
Parallel Adder
Parallel Adder Parallel Adder
Parallel Adder Soudip Sinha Roy
 
Microprocessor for microwave oven
Microprocessor for microwave ovenMicroprocessor for microwave oven
Microprocessor for microwave ovenAkash Lal
 
Arithmetic Logic Unit .
Arithmetic Logic Unit .Arithmetic Logic Unit .
Arithmetic Logic Unit .Deyaa Ahmed
 
Combinational circuit
Combinational circuitCombinational circuit
Combinational circuitsaravana kumaar
 
8051 experiments1
8051 experiments18051 experiments1
8051 experiments1tt_aljobory
 
1.ripple carry adder, full adder implementation using half adder.
1.ripple carry adder, full adder implementation using half adder.1.ripple carry adder, full adder implementation using half adder.
1.ripple carry adder, full adder implementation using half adder.MdFazleRabbi18
 
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086
Addressing modes/Addressing Mode with illustration/ Addressing mode in 8086samirbharat77
 
Accessing I/O Devices
Accessing I/O DevicesAccessing I/O Devices
Accessing I/O DevicesSlideshare
 
Datapath Design of Computer Architecture
Datapath Design of Computer ArchitectureDatapath Design of Computer Architecture
Datapath Design of Computer ArchitectureAbu Zaman
 
Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04 Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04Cristian Ortiz Gómez
 
online voting system
online voting systemonline voting system
online voting systemstudent
 
basic computer programming and micro programmed control
basic computer programming and micro programmed controlbasic computer programming and micro programmed control
basic computer programming and micro programmed controlRai University
 
Assembler design option
Assembler design optionAssembler design option
Assembler design optionMohd Arif
 
Addressing in Computer Networks
Addressing in Computer NetworksAddressing in Computer Networks
Addressing in Computer NetworksJanki Shah
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_reportNikhil Gupta
 
Ch 26
Ch 26Ch 26
Ch 26soumya ranjan mohanty
 
Code Optimization using Code Re-ordering
Code Optimization using Code Re-orderingCode Optimization using Code Re-ordering
Code Optimization using Code Re-orderingArangs Manickam
 
Computer architecture addressing modes and formats
Computer architecture addressing modes and formatsComputer architecture addressing modes and formats
Computer architecture addressing modes and formatsMazin Alwaaly
 
Compiler Design Unit 5
Compiler Design Unit 5Compiler Design Unit 5
Compiler Design Unit 5Jena Catherine Bel D
 
Trends in budget spending in india
Trends in budget spending in indiaTrends in budget spending in india
Trends in budget spending in indiaShantanu Basu
 
Address translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhuteAddress translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhuteAniket Bhute
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoopAnoop Kumar
 
Chapter 5 counter
Chapter 5 counterChapter 5 counter
Chapter 5 counterCT Sabariah Salihin
 
SFH PROJECT.pptx
SFH PROJECT.pptxSFH PROJECT.pptx
SFH PROJECT.pptxKaransingh415757
 
Chapter 02 instructions language of the computer
Chapter 02 instructions language of the computerChapter 02 instructions language of the computer
Chapter 02 instructions language of the computerBảo Hoang
 
encoder and decoder in digital electronics
encoder and decoder in digital electronicsencoder and decoder in digital electronics
encoder and decoder in digital electronicsvikram rajpurohit
 
E-Voting Technology
E-Voting TechnologyE-Voting Technology
E-Voting TechnologyGautam Kumar
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
802.11r enhanced
802.11r enhanced802.11r enhanced
802.11r enhancedShashank Tadakamadla
 

More Related Content

What's hot

Accessing I/O Devices
Accessing I/O DevicesAccessing I/O Devices
Accessing I/O DevicesSlideshare
 
Datapath Design of Computer Architecture
Datapath Design of Computer ArchitectureDatapath Design of Computer Architecture
Datapath Design of Computer ArchitectureAbu Zaman
 
Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04 Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04Cristian Ortiz Gómez
 
online voting system
online voting systemonline voting system
online voting systemstudent
 
basic computer programming and micro programmed control
basic computer programming and micro programmed controlbasic computer programming and micro programmed control
basic computer programming and micro programmed controlRai University
 
Assembler design option
Assembler design optionAssembler design option
Assembler design optionMohd Arif
 
Addressing in Computer Networks
Addressing in Computer NetworksAddressing in Computer Networks
Addressing in Computer NetworksJanki Shah
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_reportNikhil Gupta
 
Code Optimization using Code Re-ordering
Code Optimization using Code Re-orderingCode Optimization using Code Re-ordering
Code Optimization using Code Re-orderingArangs Manickam
 
Computer architecture addressing modes and formats
Computer architecture addressing modes and formatsComputer architecture addressing modes and formats
Computer architecture addressing modes and formatsMazin Alwaaly
 
Trends in budget spending in india
Trends in budget spending in indiaTrends in budget spending in india
Trends in budget spending in indiaShantanu Basu
 
Address translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhuteAddress translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhuteAniket Bhute
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoopAnoop Kumar
 
Chapter 02 instructions language of the computer
Chapter 02 instructions language of the computerChapter 02 instructions language of the computer
Chapter 02 instructions language of the computerBảo Hoang
 
encoder and decoder in digital electronics
encoder and decoder in digital electronicsencoder and decoder in digital electronics
encoder and decoder in digital electronicsvikram rajpurohit
 
E-Voting Technology
E-Voting TechnologyE-Voting Technology
E-Voting TechnologyGautam Kumar
 

What's hot (20)

Accessing I/O Devices
Accessing I/O DevicesAccessing I/O Devices
Accessing I/O Devices
 
Datapath Design of Computer Architecture
Datapath Design of Computer ArchitectureDatapath Design of Computer Architecture
Datapath Design of Computer Architecture
 
Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04 Laboratorio de Microcomputadoras - Práctica 04
Laboratorio de Microcomputadoras - Práctica 04
 
online voting system
online voting systemonline voting system
online voting system
 
basic computer programming and micro programmed control
basic computer programming and micro programmed controlbasic computer programming and micro programmed control
basic computer programming and micro programmed control
 
Assembler design option
Assembler design optionAssembler design option
Assembler design option
 
Addressing in Computer Networks
Addressing in Computer NetworksAddressing in Computer Networks
Addressing in Computer Networks
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_report
 
Ch 26
Ch 26Ch 26
Ch 26
 
Code Optimization using Code Re-ordering
Code Optimization using Code Re-orderingCode Optimization using Code Re-ordering
Code Optimization using Code Re-ordering
 
Computer architecture addressing modes and formats
Computer architecture addressing modes and formatsComputer architecture addressing modes and formats
Computer architecture addressing modes and formats
 
Compiler Design Unit 5
Compiler Design Unit 5Compiler Design Unit 5
Compiler Design Unit 5
 
Trends in budget spending in india
Trends in budget spending in indiaTrends in budget spending in india
Trends in budget spending in india
 
Address translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhuteAddress translation-mechanism-of-80386 by aniket bhute
Address translation-mechanism-of-80386 by aniket bhute
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoop
 
Chapter 5 counter
Chapter 5 counterChapter 5 counter
Chapter 5 counter
 
SFH PROJECT.pptx
SFH PROJECT.pptxSFH PROJECT.pptx
SFH PROJECT.pptx
 
Chapter 02 instructions language of the computer
Chapter 02 instructions language of the computerChapter 02 instructions language of the computer
Chapter 02 instructions language of the computer
 
encoder and decoder in digital electronics
encoder and decoder in digital electronicsencoder and decoder in digital electronics
encoder and decoder in digital electronics
 
E-Voting Technology
E-Voting TechnologyE-Voting Technology
E-Voting Technology
 

Similar to Fast Roaming 802.11r.docx

802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
Improved secure address resolution protocol
Improved secure address resolution protocolImproved secure address resolution protocol
Improved secure address resolution protocolcsandit
 
Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas
 
Data link control & protocol concepts
Data link control & protocol conceptsData link control & protocol concepts
Data link control & protocol conceptsRaji Lakshmi
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Cs556 section3
Cs556 section3Cs556 section3
Cs556 section3farshad33
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 mohammad norozzudegan
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksDavid Sweigert
 
Web and internet technology notes for BCA students
Web and internet technology notes for BCA studentsWeb and internet technology notes for BCA students
Web and internet technology notes for BCA studentsnawejakhatar10063
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opernakruthi k
 
Best practices-lte-call-flow-guide
Best practices-lte-call-flow-guideBest practices-lte-call-flow-guide
Best practices-lte-call-flow-guideMorg
 
Lte call flows_att_best_practices_lte_pe
Lte call flows_att_best_practices_lte_peLte call flows_att_best_practices_lte_pe
Lte call flows_att_best_practices_lte_peHatim100
 

Similar to Fast Roaming 802.11r.docx (20)

802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
802.11r enhanced
802.11r enhanced802.11r enhanced
802.11r enhanced
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
Improved secure address resolution protocol
Improved secure address resolution protocolImproved secure address resolution protocol
Improved secure address resolution protocol
 
Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study )
 
Data link control & protocol concepts
Data link control & protocol conceptsData link control & protocol concepts
Data link control & protocol concepts
 
RIPP Notes
RIPP NotesRIPP Notes
RIPP Notes
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authentication
 
Cs556 section3
Cs556 section3Cs556 section3
Cs556 section3
 
Cs556 section3
Cs556 section3Cs556 section3
Cs556 section3
 
Lte imp
Lte impLte imp
Lte imp
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication Attacks
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Ieee 802.11overview
Ieee 802.11overviewIeee 802.11overview
Ieee 802.11overview
 
Web and internet technology notes for BCA students
Web and internet technology notes for BCA studentsWeb and internet technology notes for BCA students
Web and internet technology notes for BCA students
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration Flow
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
Best practices-lte-call-flow-guide
Best practices-lte-call-flow-guideBest practices-lte-call-flow-guide
Best practices-lte-call-flow-guide
 
Lte call flows_att_best_practices_lte_pe
Lte call flows_att_best_practices_lte_peLte call flows_att_best_practices_lte_pe
Lte call flows_att_best_practices_lte_pe
 

Recently uploaded

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

Fast Roaming 802.11r.docx

  • 1. The regular Wi-Fi association process Here are the normal, or pre 802.11r, steps followed by a client device as it connects to an access point or roams from one access point to another. 1. Authentication (client) 2. Authentication Response (AP) 3. (Re)Association Request (client) 4. (Re)Association Response (AP) 5. WPA2 Enterprise 802.1X/EAP (client, AP, and authentication server); skipped in WPA2 Personal 6. Four-way handshake #1 – AP nonce passed to client (AP) 7. Four-way handshake #2 – Supplicant nonce passed to AP (client) 8. Derivation of encryption key (AP and client independently) 9. Four-way handshake #3 – verification of derived encryption key and communication of group transient key (AP) 10. Four-way handshake #4 – acknowledgement of successful decryption (client) Note, a nonce is a pseudo-random number generated for the purpose of seeding the encryption algorithm. Both the AP (anonce) and the client supplicant device (snonce) generate their own nonces as part of the negotiation. 802.11r Fast Transition Roaming The initial handshake with the new Access Point (AP) occurs before client roams to the target AP, called as Fast Transition (FT). 802.11r eliminates the handshake overhead while roaming and thereby reduces the hand off times between APs, which provides security and QoS. It is useful for client devices with delay-sensitive applications, such as, voice and video over Wi-Fi. In fast BSS transition(802.11r) the complete roaming and key generation happens in just 4 frames message exchanges i.e. (Authentication Request, Authentication Response, Re-association Request, Re- association Response),Which significantly reduces the roaming time for WLANs running VoWiFi services. The 4 frames contains the sufficient information build a PTKSA between UE (STA) and targeted AP. AP announces support of over the air BSS transition in MDIE (Mobility Domian Information Element) in beacons, probe response and (Re)association response frames. UE which wish to associate to the FT enabled AP in its authentication and (Re)association request must have the matching MDIE information. Initial handshake allows the client and APs to do Pairwise Master Key (PMK) calculation in advance. Once the client performs the re-association request or response exchange with the new AP, the PMK keys are applied to the client and AP. The FT key hierarchy allows clients to make fast Base Station Subsystem (BSS) transitions between APs without the need for re-authentication at every AP. Methods of Client Roaming For a client to move from the current AP to target AP using FT protocols, the message exchanges are performed using one of the following methods:  Over-the-Air FT Roaming  Over-the-DS (Distribution System) FT Roaming
  • 2. Over-the-Air Fast Transition Roaming The client communicates directly with the target AP using IEEE 802.11 authentication with the FT authentication algorithm. In FT key architecture, Key derivation follows following pattern: MSK —> PMKR0 —–>PMKR1s —-> PTK. Its has respective Key holders (KH) for holding and deriving PMK keys (R0 and R1) and distribute it to other key holders which are lower in key hierarchy. Note: S0, S1 indicates key holders on UE and R0, R1 indicates key holders on AP.
  • 3. We will see further details in below with wireless captures: 1. APs announces support of over the air BSS transition in probe response frame below. Note that the Fast BSS transition over DS bit is set to 0 which means Over the Air. 2. UE(STA) connection to initial AP(00:b9:6f) , It includes initial AP association,802.1x authentication (EAP- AKA)in this case & after successful authentication from authentication server. Finally, 4 way handshake happens for generation of encryption keys. 3. When UE decides to roam it already knows the capabilities of target AP(ec:09:cf) in probe response. UE send authentication request with with SNonce and R0-KH id to target AP. PMK-R0 key holder identifier (R0KH-ID). In RSN information it has AKM as FT over IEEE 802.1x. SNonce contains value chosen by S1KH.
  • 4. 4. Target AP uses R1KH-ID indicates the identity of the R1KH, which is used by the S0KH and the R0KH for deriving the PMK-R1s.PMK-R1 key holder identifier (R1KH-ID).It sends R1KH id,ROKH id along with ANONCE in authentication response to UE. ANONCE contains value chosen by R1KH
  • 5. 5. UE generates PTK and PTK SA from PMK-R1 ,PMKR1Name,ANonce & SNonce.You can see in re-association message its MIC protected. 6. Targeted AP sends re-association response to UE.The GTK subelement contains the group temporal key, which is encrypted. GTK keys are sent to UE for encrypting multicast and broadcast traffic.
  • 6. Roaming Over-the-Air Intra (Same) Controller When a client is roaming between AP1 and AP2 that are connected to the same controller, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2. 3. Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2. 4. Client completes its roam from AP1 to AP2. Roaming Over the Air Inter Controller When a client is roaming between AP1 and AP2 which are connected to different controllers such as WLC1 and WLC2, respectively, within mobility group, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2. 3. WLC-1 sends PMK and mobility message to WLC-2 about the roaming client that uses mobility infrastructure. 4. Client completes its roam from AP1 to AP2.
  • 7. Over-the-Distribution System Fast Transition Roaming In roaming over the DS, the client communicates with the target AP through the current AP. The communication is in FT action frames between the client and the current AP through the controller.
  • 8. Roaming Over the DS Intra Controller When a client is roaming between AP1 and AP2 that are connected to the same controller, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2. 2. Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1. 3. The controller sends the pre-authentication information to AP2 as the APs are connected to the same controller. 4. Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2. 5. Client completes its roam from AP1 to AP2. Roaming Over the DS Inter Controller When a client is roaming between AP1 and AP2 that are connected to the different controllers such as WLC1 and WLC2 respectively within a mobility group, the following steps takes place by default: 1. Client associates with AP1 and requests to roam with AP2.
  • 9. 2. Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1. 3. WLC-1 sends Pairwise Master Key (PMK) and mobility message to WLC-2 about the roaming client. 4. Client completes its roam from AP1 to AP2. How to configure Fast Roaming in Cisco/ Cambium/ Aruba?