use case of SA Query procedure
A client might lose its encryption keys due to a card reset or reboot and needs to (re-)associate itself. Since he lost all his keys, he sends an unprotected Association Request Frame. The AP still has a valid association from the client with keys in his client table, so the AP will first of all reject the Association and tell the client to try again in “X” seconds. After that, the AP tries to find out if this is an attack and the actual client can still answer protected frames.
The mechanism for that check is the Source Address (SA) Query phase, which starts with a protected SA Query Request from the AP to the client. If the client is unable to answer them until the comeback timeout “X” expires, the AP will send out a protected Disassociate and discards the keys for the no longer valid association of the client. As of now, a new (unprotected) Association Request from the client will be accepted.
Reference:
https://wlan1nde.wordpress.com/2014/10/21/protected-management-frames-802-11w
No comments:
Post a Comment