Differences between IEEE 802.11i, IEEE 802.11r, IEEE 802.11k and IEEE 802.11w

IEEE 802.11i

IEEE 802.11i is an enhancement to the 802.11 standard. It is also known as WPA2. It specify security mechanisms for wireless networks such as Wi-Fi. IEEE802.11i replaces the previous security specification that is called Wired Equivalent Privacy (WEP). This is because WEP was known to have severe security weaknesses. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher WEP and WPA use the RC4 stream cipher. The 802.11i uses the four-way handshake process for authentication.

During the authentication process, the Access Point (AP) needs to authenticate itself to the clients (STA) and keys to encrypt the traffic need to be obtained. An Extensible Authentication Protocol (EAP) exchange may have provided the shared secret key Pairwise Master Key (PMK) earlier. This key is designed to last the entire session and should be exposed as little as possible. The four-way handshake is used to establish another key that is called the Pairwise Transient Key (PTK). It is to put through a cryptographic hash function. The four-way handshake is shown in the diagram below:

The handshake also yields the Group Temporal Key (GTK), used to decrypt multicast and broadcast traffic. The actual messages exchanged during the handshake are that the AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK. The STA sends its own nonce-value (SNonce) to the AP together with the MIC. The AP will be used in the nect multicast or broadcast frame, so that the receiving STA can perform basic replay detection. The STA sends a confirmation to the AP.

IEEE 802.11r

This standard is designed to speed up the handoffs between APs or cells in a wireless Local Area Network (LAN). The speed up of handoffs is important as clients such as mobile phones must be able to rapidly disassociate from one AP and connect to another. These handoff must be fast as it can lead to transmission "hiccups", loss of connectivity and degradation of voice quality. 802.11r refines the transition process of a mobile client as it moves between access points. The protocol allows a wireless client to establish a security and QoS state at a new access point before making a transition, which leads to minimal connectivity loss and application disruption.

Before 802.11r, each device must perform a full 802.11x authentication with a back-end RADIUS-based authentication server to establish encryption keys when it roams between two APs.
With 802.11r, the initial association to the networks still involves an exchange with the authentication server, but roaming time is reduced because encryption keys are distributed throughout the infrastructure before a roam occurs using 802.11r's three-tier hierarchy.

IEEE 802.11k
802.11k is a standard for radio resource management. It aims to provide key client feedback to WLAN access points and switches. It defines a series of measurement requests and reports that detail both Layer 1 and Layer 2 client statistics. APs or WLAN switches may either ask clients to report data, or might request data from APs. Measurements of 802.11k defines:

1. Roaming decisions
2. Radio Frequency (RF) channel knowledge
3. Hidden nodes
4. Client statistics
5. Transmit Power Control (TPC)

1. To improve roaming decisions, APs or WLAN switches can provide a site report to clients. The standard defines a beacon request, in which an AP asks a client to go to a specific channel and report all the AP beacons it hears. The AP will then collect the data and a WLAN switch will analyze the beacon information, such as what services and encryption types each AP suuports and how strongly the client heard the AP. The switch or AP generates an ordered list of APs, from best to worst service called the site report.


2. With 802.11k, an AP could have a client build a "noise histogram", which will display all non-802.11 energy on that channel. An AP also can request data about channel load or how long the channel was used during a given time.


3. With 802.11k, clients track hidden nodes and APs query clients for those lists. This information tells AP about clients on the edge of their cells. APs can use the information to direct clients to APs from which they would get better service.


4. With 802.11k, APs and WLAN switches can query all clients to get reports on their statistics. With both data sets, a WLAN system will have a more complete view of network performance. Such statistics are to track items such as retries, packets transmitted and packets received.


5. TPC was defined in 802.11h to meet regulatory requirements in the 5GHz band in Europe. With 802.11k, it is extending the use of TPC procedures in other regulatory domains and frequency bands to reduce interference and power consumption, and provide range control.




IEEE 802.11w

The IEEE 802.11w Task Group (TG) is authorized to improve the secuirty of wireless networks by protecting management frames. To protect the confidentiality of management traffic, IEEE 802.w TG assumes that the client and the AP have exchanged dynamic key content. This precludes the protection of any management frames prior to the delivery of key content, thus exposing the network name (SSID) information and other capability information needed for clients to connect to the network.
The 802.11w TG can identify spoof management frames that disregard some malicious traffic used to launch Denial-of-Service (DoS) attacks against the network, such as deauthenticate flood attack. The IEEE 802.11w TG has not indicated it intends to provide protection for control frames on the wireless network. Without protection, the attacker can choose from a variety of DoS attacks that exploit various wireless-medium control techniques.