1 / 7

Validating Disassociate and Deauthenticate messages

Validating Disassociate and Deauthenticate messages. Tim Moore. 802.11 state machine. Issues. Anyone can send a disassociate or deauthenticate and disconnect a STA STA or AP can delete state (remove keys) asynchronously

kaelem
Télécharger la présentation

Validating Disassociate and Deauthenticate messages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Validating Disassociate and Deauthenticate messages Tim Moore Tim Moore, Microsoft

  2. 802.11 state machine Tim Moore, Microsoft

  3. Issues • Anyone can send a disassociate or deauthenticate and disconnect a STA • STA or AP can delete state (remove keys) asynchronously • Unauthenticated disassociate and deauth are needed when keys are not available • A STA which has keys should not accept unauthenticated disassociate or deauth messages Tim Moore, Microsoft

  4. New 802.11 state machine Tim Moore, Microsoft

  5. Authenticating disassociate/deauth • Two options • Integrity check of disassociate and deauthenticate messages • Only when keys are available • Don’t authenticate disassociate and deauth • Use another method such as AKMP • Either case 802.11 state machine needs to check if keys available before accepting disassociate or deauthenticate messages Tim Moore, Microsoft

  6. Integrity check • New format for messages, either • Optional when keys are not available • Add IE to messages containing an integrity check • Use TKIP/WRAP/CCMP and encryption/integrity check the messages Tim Moore, Microsoft

  7. AKMP • Start 4-way handshake on receiving disassociate or deauthenticate messages • Change Supplicant and Authenticator state machines to run 4-way handshake on receiving disassociate or deauthenticate • Authenticator • Move DeauthenticateRequest from DISCONNECTED state to PTKSTART state • Supplicant • Add new state DISCONNECT. Sends EAPOL-Key Request. Timeout on completing 4-way handshake. Timeout goes to DISCONNECTED state Tim Moore, Microsoft

More Related