CWSP Chapter 6 – 802.11 Fast Secure Roaming

sharanmahadevan
  • Roaming – Reassociation service btw. a client and multiple BSS
  • A client always makes the roaming decision (reassociation) based on RSSI threshold or SNR by sending a “reassociation request” frame
  • iPhone roaming threshold: -70 dBm, 12 dB differential when not transmitting, 8 dB differential when transmitting
  • VoWiFi handoff requirement – 150 milliseconds
  • 802.1X authentication – 700 milliseconds, which mandates a fast roaming service

Fast roaming standards

  • 802.11i – Pre-authentication, PMK Caching
  • Proprietary – Opportunistic Key Caching
  • 802.11r – Fast BSS Transition

AP-to-AP Handoff

  • Client sends the reassociation frame to the target AP
  • The target AP informs the original AP that the client station is roaming
  • The target AP requests the client’s buffered packets from the original AP
  • The original AP sends the buffered packets
  • The target AP sends reassociation response

PMKSA and PMKID

  • PMK – from 802.1X/EAP or PSK
  • PMKSA – Successful authentication of 802.1X/EAP, PSK, SAE, or a cached PMK will result in a PMKSA
  • PTKSA – Successful handshake and creation of PTK will result in a PTKSA
  • RSNIE – Some 802.11 management frames have RSN Information Element
    • Beacon (sent by AP)
    • Probe response (sent by AP)
    • Association request (sent by client)
    • Reassociation request (sent by client)
    • Reassociation response (sent by AP) when 802.11r is enabled
  • PMKID – unique id for every PMKSA found inside RSNIE of association request and reassociation request
    • PMK-R0: SA derived from FT initial mobility association
    • PMK-R1: SA derived from FT initial mobility association or a fast BSS transition

  • PMKSA Components:
    • PMK
    • PMKID
    • Authenticator MAC
    • Lifetime – infinite, unless specified
    • AKMP
    • Authorization Parameters – Anything specified by the AS or supplicant (like SSID)
  • Without any fast roaming methods used, 802.1X/EAP will require a reauthentication with a 4-way handshake and creation of a new PMKSA every time the client roams. This causes VoWiFi handoff issues as 802.1X authentication takes 700 ms whereas voice handoff requires 150 ms or less (50 ms ideal).

  • To avoid this, 802.11-2012 has specified 3 fast roaming techniques:
    • PMK Caching
    • Pre-authentication
    • Fast BSS transition

PMK Caching (Fast secure roam-back)

  • When a client roams to a new AP, the original AP retains the original PMK and when the client roams back to it another time, it can skip the 802.1X/EAP process of generating a new PMK. It will still need to do 4-way handshake to create a new PTK.
  • The RSN information of the client’s reassociation frame will have multiple PMKIDs.
  • In this case, the roaming handoff is usually 40-60 ms
  • This method doesn’t address roam forward to a new AP
  • Not scalable

Preauthentication

  • A client can establish a new PMKSA with an AP prior to roaming to that AP by initiating a new 802.1X/EAP authentication to create a new PMK while still associated to the original AP
  • When the client roams, the target AP will have a PMK for that association and directly proceed to 4-way handshake process
  • The RSN information of the AP’s probe response will have “supports pre-authentication” field enabled
  • The RSN information of the client’s reassociation frame will have multiple PMKIDs.
  • No reduction in RADIUS server load
  • Not scalable

Opportunistic Key Caching (OKC)

  • Not part of 802.11i standard – vendor proprietary enhancement of PMK Caching
  • Solves the forward roaming issue of PMK Caching
  • Single cached PMK is shared among multiple APs (in the same zone) managed by a centralized controller/AP
  • Better than PMK Caching as it supports forward roaming to a new AP by reusing the same PMK
  • Client calculates a new PMKID using the original PMK from the first AP, target AP’s MAC address, and it’s MAC address -> reassociation request
  • Target AP calculates the PMKID using shared PMK from the first AP, it’s MAC address, and the client’s MAC address -> reassociation response
  • PMKID = Keyed-Hash Message Authentication Code/HMAC-SHA1-128 (PMK, PMK Name, AA, SPA)
  • 802.1X/EAP authentication is skipped on all APs except the first one – reduces the load on the RADIUS server
  • Supported by Microsoft, MacBook (not on iPhone), and some Android devices

Fast BSS Transition (FT)

  • 802.11r-2008 amendment part of 802.11-2012 standard
  • Similar method to OKC, but as it is a standard, full key hierarchy is defined
  • FT operates within a mobility domain (set of APs sharing a SSID)
  • Most efficient fast roaming method, but not widely supported by clients
  • Legacy client drivers might have difficulty in process the 802.11r info like MDIE, FTIE (consider a separate SSID for FT)
  • Supported by voice enterprise certifications

Three-level key hierarchy

  • PMK-R0 – First time a client connects to an AP, 802.1X/EAP process creates a Master Session Key (MSK), which seeds the first-level PMK called PMK-R0
  • PMK-R1 – Second-level key
  • PTK – Third -level key, which is the actual encryption key

Key Holder Role

  • Controller – PMK-R0 holder (R0KH) – in case of controller-less architecture, the first AP stores it
  • Access Points – PMK-R1 holder (R1KH) – each AP has an unique PMK-R1. This is used to derive an unique PTK for each AP.
  • Client Station – PMK-S0 key holder (S0KH) – equivalent of PMK-R0
  • Client Station – PMK-S1 key holder (S1KH) – equivalent of PMK-R1

Client stations caches PMK-R0 from the controller and PMK-R1s from all APs in a mobility domain.

Mobility Domain Information Elements (MDIE)

  • Shows the existence of a mobility domain as well as FT
  • MDID – unique ID of a group of APs that form a mobility domain (0x34ac in the example below)
  • FT Capability and Policy – show if over-the-air or over-the-DS FT is being performed

Fast BSS Transition Information Element (FTIE)

  • Information needed to perform FT authentication sequence
  • Does a 4-way handshake similar to RSNA – generates PTK, GTK keys to open the controlled port -> only for the first association
  • Difference is the additional fields such as MDIE, FDIE, PMKR1 communicated in the handshake process
  • FT initial mobility domain association – first AP association for the client in this mobility domain after the 4-way handshake (picture below)

Over-the-Air Fast BSS Transition

  • All frames including authentication and reassociation sent over the air during roaming
  • Combines standard 802.11 authentication and reassociation frames within the 4-way handshake to reduce the latency (compare with picture above)
  • 4 fewer frames are needed when a client roams compared to the non-FT roaming
  • FTAA – FT authentication algorithm
  • PMK-R1 of the new AP is used as the seeding material to create PTK
  • If supported, PSK will use over-the-air method

Over-the-DS Fast BSS Transition

  • Uses FT action frames to complete the authentication and PTK creation through wired 802.3 infrastructure via original AP
  • Reassociation request and response after authentication is sent over air
  • PMK-R1 of the new AP is used as the seeding material to create PTK
  • Optional – supported by a few manufacturers

802.11k

  • Radio Resource Management (RRM) – enables radios to better understand the RF environment
  • Associated AP sends a neighbor report, which is used by clients to make roaming decisions
  • Speed up client’s search for nearby APs that are available as roaming targets by creating an optimized list of channels
  • Works in conjunction with 802.11r to speed up the scanning process
  • Delivered inside 802.11 Action frames
  • Information delivered: BSSID of neighbor AP, mobility domain, QOS, Automatic power save delivery, radio measurement, BlockAck method, security, channel number, PHY type
  • Will work only if supported by clients and APs (Iphones support it)

802.11v

  • Wireless Network Management (WNM) – exchanges info about surrounding network conditions
  • Information delivered: BSS max idle time, BSS transition mechanism (shares info about AP load), channel usage, event reporting, location services, proxy ARP, SSID list
  • Provides a method for the access point to initiate a roaming event instead of waiting for the client device to make that decision.

Voice Enterprise

  • Wi-Fi alliance certification that defines enhanced support for voice applications in enterprise
  • Many aspects of 802.11k, 802.11v, and 802.11r are tested
  • Expectations – voice quality and data traffic coexistence
  • Features – WMM (QOS), WMM-admission control (bandwidth management), seamless roaming (802.11r), network measurement (802.11k), network management (802.11v), battery life (WMM-PS)
  • If enabled on WLANs, it will cause issues with legacy voice devices (separate SSID)
  • Client devices manufactured before 2012 – will not support 802.11 kvr
  • Requirements:
    • Latency – one way delay < 50 ms
    • Jitter – < 50 ms
    • Packet loss – <1%

Layer 3 roaming

  • Roaming across L3 boundaries (different VLANs/Subnets) will end up in a client IP address change
  • This will end up in VoIP phone disconnect
  • Resolution – Mobile IP standard of using a IP tunnel

Troubleshooting

  • PSK – passphrase mismatch, PMK not properly created, 4-way handshake fails
  • Roaming – driver issue, method supported on client, sticky client (primary vs. secondary coverage), L3 roaming
  • AP config – hidden nodes, mismatch power

Leave a comment