24 June 2015

802.11ac

ADDTS => add traffic stream
TS => traffic stream
TSPEC => traffic specification
TCLAS => traffic classification
APSD => Automatic power save delivery

EDCA Admission Control
Admission control is negotiated by the use of a TSPEC.
A station specifies its traffic flow requirements (data rate, delay bounds, packet size, and others) and requests the AP to create a TSPEC by sending the ADDTS (add TSPEC) management action frame.
If the TSPEC is accepted, the high priority access category inside the STA is permitted to use the high priority access parameters.

Controlled Channel Access
Unscheduled Automatic Power Save Delivery (U-APSD). This is an asynchronous approach to power conservation defined in 802.11, and serves as the basis of WMM Power Save, allowing the client to request queued traffic at any time rather than waiting for the next beacon frame.


Reference:
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3600-series/white_paper_c11-713103.html
http://www.eetimes.com/document.asp?doc_id=1271987
http://community.arubanetworks.com/aruba/attachments/aruba/tkb%40tkb/37/1/U-APSD%20explained%20and%20debugged_i62_R2.pdf

Posted by ~mE at 22:24 0 comments

23 June 2015

Using PEAP for wireless authentication

PEAP creates an encrypted TLS tunnel between the client and the authentication server. The keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Use a trusted certificate for authentication: The RADIUS server must be configured with a digital certificate that is signed by a trusted certificate authority (CA), using a private or a public CA.
Validate the server certificate on all clients: All PEAP clients must validate the server certificate for authentication. A Trusted Root CA, that issued the server certificate, must be installed in client.








Reference:
http://www.networkworld.com/columnists/2007/042307-wireless-security.html
http://revolutionwifi.blogspot.com/2010/09/peapv0-packet-flow-reference.html
http://www.keyboardlife.net/2010/06/8021x-port-based-authentication-wired.html
Posted by ~mE at 18:16 1 comments
Labels: , ,

22 June 2015

SA Query

use case of SA Query procedure
A client might lose its encryption keys due to a card reset or reboot and needs to (re-)associate itself. Since he lost all his keys, he sends an unprotected Association Request Frame. The AP still has a valid association from the client with keys in his client table, so the AP will first of all reject the Association and tell the client to try again in “X” seconds. After that, the AP tries to find out if this is an attack and the actual client can still answer protected frames.

The mechanism for that check is the Source Address (SA) Query phase, which starts with a protected SA Query Request from the AP to the client. If the client is unable to answer them until the comeback timeout “X” expires, the AP will send out a protected Disassociate and discards the keys for the no longer valid association of the client. As of now, a new (unprotected) Association Request from the client will be accepted.

Reference:
https://wlan1nde.wordpress.com/2014/10/21/protected-management-frames-802-11w
Posted by ~mE at 18:00 0 comments
Labels: ,

19 June 2015

802.11n Aggregation

MPDU -> MAC protocol data unit
MSDU -> MAC service data unit


Reference:
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps11983/white_paper_c11-713103.html
Posted by ~mE at 22:48 0 comments
Subscribe to: Posts (Atom)