25:
324:
Replay protection is provided by already existing mechanisms. Specifically, there is a (per-station, per-key, per-priority) counter for each transmitted frame; this is used as a nonce/initialization vector (IV) in cryptographic encapsulation/decapsulation, and the receiving station ensures that the
473:
333:
The 802.11w amendment is implemented in Linux and BSDs as part of the 80211mac driver code base, which is used by several wireless driver interfaces; i.e., ath9k. The feature is easily enabled in most kernels and Linux OS's using these combinations.
345:
in
Windows 8. This has caused a number of compatibility issues particularly with wireless access points that are not compatible with the standard. Rolling back the wireless adapter driver to one from Windows 7 usually fixes the issue.
209:
It is infeasible/not possible to protect the frame sent before four-ways handshake because it is sent prior to key establishment. The management frames, which are sent after key establishment, can be protected.
437:
760:
352:
without this standard send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that
238:
Protection-capable management frames are those sent after key establishment that can be protected using existing protection key hierarchy in 802.11 and its amendments.
112:
Medium Access
Control layer. Its objective was to increase security by providing data confidentiality of management frames, mechanisms that enable data integrity,
967:
433:
1735:
500:
100:
Current 802.11 standard defines "frame" types for use in management and control of wireless links. IEEE 802.11w is the
Protected Management Frames
410:
261:
Management frames that are required before AP and client have exchanged the transmission keys via the 4 way handshake remain unprotected:
46:
1771:
1761:
610:
254:
Action Frames: Block ACK Request/Response (AddBA), QoS Admission
Control, Radio Measurement, Spectrum Management, Fast BSS Transition
1036:
555:
68:
338:
in particular provides an easy toggle as part of the base distribution. The feature has been implemented for the first time into
467:
735:
1017:
992:
357:
353:
493:
1401:
962:
665:
580:
560:
39:
33:
1804:
533:
509:
1371:
570:
136:
It uses the existing security mechanisms rather than creating new security scheme or new management frame format.
50:
805:
113:
1809:
670:
660:
640:
486:
308:
Broad-/Multicast Robust
Management Frames are protected using Broadcast/multicast integrity protocol (BIP)
982:
543:
284:
Uni-cast
Protection-capable Management Frames are protected by the same cipher suite as an ordinary data
139:
It is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP.
1776:
899:
635:
315:
Use
Information Element: Management MIC IE with Sequence Number + Cryptographic Hash (AES128-CMAC based)
1830:
1042:
972:
790:
720:
1685:
1680:
1675:
1670:
1665:
1660:
1655:
402:
924:
800:
89:
461:
1473:
1448:
1432:
1426:
1421:
1416:
1411:
1406:
1396:
1391:
1381:
1376:
1012:
842:
342:
1601:
1342:
1337:
1327:
1322:
1317:
1312:
1307:
1302:
1292:
1287:
1282:
1277:
1267:
1262:
1257:
1252:
1237:
1232:
1227:
1222:
1217:
1366:
1032:
133:
Single and unified solution needed for all IEEE 802.11 Protection-capable
Management Frames.
795:
101:
1650:
780:
775:
695:
645:
1824:
1756:
1700:
1695:
1690:
1640:
1635:
1630:
1620:
1596:
1572:
1560:
1549:
1538:
1526:
1521:
1516:
1511:
1498:
1487:
977:
957:
810:
785:
715:
605:
550:
1740:
1730:
1478:
1463:
1458:
1453:
1443:
1386:
1027:
1022:
1007:
1002:
997:
947:
381:
375:
369:
349:
121:
117:
1612:
1352:
1106:
987:
952:
942:
919:
914:
909:
904:
887:
882:
872:
109:
105:
85:
472:
Cisco 802.11r, 802.11k, and 802.11w
Deployment Guide, Cisco IOS-XE Release 3.3
1725:
1720:
1052:
934:
867:
862:
857:
852:
847:
837:
1786:
1766:
1624:
877:
770:
765:
750:
740:
730:
710:
705:
690:
680:
675:
655:
650:
630:
625:
620:
615:
600:
565:
339:
241:
Only TKIP/AES frames are protected and WEP/open frames are not protected.
1057:
829:
820:
538:
528:
523:
312:
Use
Integrity Group Temporal Key (IGTK) received during WPA key handshake
1781:
1577:
1543:
1492:
1437:
1332:
1297:
1272:
1247:
1242:
1212:
1207:
1202:
1196:
1190:
1185:
1180:
1175:
1169:
1163:
1158:
1153:
1148:
1142:
1136:
1131:
1126:
1121:
1066:
700:
685:
335:
304:
Sender's pairwise temporal key (PTK) protects unicast management frame.
1644:
1116:
1111:
1101:
1096:
1091:
1086:
1081:
1076:
1071:
745:
575:
1502:
1357:
892:
755:
595:
478:
725:
590:
585:
285:
482:
18:
295:
MPDU payload and header are TKIP or CCMP integrity protected.
356:(deauth) that appear to be sent by valid equipment such as
108:
family of standards. Task Group 'w' worked on improving the
257:
Channel Switch Announcement directed to a client (Unicast)
116:, and replay protection. These extensions interact with
142:
Its use is optional and can be negotiable between STAs.
301:
Only cipher suites already implemented are required.
298:
Protected frame field of frame control field is set.
1749:
1713:
1611:
1351:
1051:
933:
828:
819:
516:
244:The following management frames can be protected:
434:"Liaison Report โ 802.11 Work Related to 802.21"
220:Announcement traffic indication message (ATIM)
195:Radio measurement action in infrastructure BSS
161:Announcement traffic indication message (ATIM)
494:
167:Radio measurement action between STAs in IBSS
8:
474:Chapter: 802.11w Protected Management Frames
825:
501:
487:
479:
16:Security amendment to IEEE 802.11 standard
88:standard to increase the security of its
69:Learn how and when to remove this message
280:Channel Switch Announcement as Broadcast
32:This article includes a list of general
403:"Quick Guide to IEEE 802.11 Activities"
394:
292:MPDU payload is TKIP or CCMP encrypted.
277:Announcement Traffic Indication Message
384:Interworking with non-802.11 networks
7:
413:from the original on 3 November 2019
158:Authentication and de-authentication
38:it lacks sufficient corresponding
14:
217:Beacon and probe request/response
155:Beacon and probe request/response
325:received counter is increasing.
189:Disassociation/de-authentication
84:is an approved amendment to the
23:
440:from the original on 2022-06-18
178:Re-association request/response
1:
462:Status of the project 802.11w
354:forge disassociation requests
226:Association request/response
198:Future 11v management frames
175:Association request/response
96:Protected management frames
1849:
1805:IEEE Standards Association
229:Spectrum management action
164:Spectrum management action
1795:
114:data origin authenticity
1810:Category:IEEE standards
464:IEEE Task Group w (TGw)
213:Infeasible to protect:
53:more precise citations.
468:Tutorial on 802.11w
378:Fast BSS Transition
205:Unprotected frames
1818:
1817:
1709:
1708:
372:Enhanced Security
358:Evil Twin attacks
343:operating systems
320:Replay protection
90:management frames
82:IEEE 802.11w-2009
79:
78:
71:
1838:
826:
503:
496:
489:
480:
449:
448:
446:
445:
429:
423:
422:
420:
418:
399:
234:Protected frames
192:QoS action frame
74:
67:
63:
60:
54:
49:this article by
40:inline citations
27:
26:
19:
1848:
1847:
1841:
1840:
1839:
1837:
1836:
1835:
1821:
1820:
1819:
1814:
1791:
1745:
1705:
1607:
1355:
1347:
1055:
1047:
929:
815:
512:
507:
458:
453:
452:
443:
441:
432:Hunter, David.
431:
430:
426:
416:
414:
401:
400:
396:
391:
366:
331:
322:
236:
207:
149:
130:
98:
75:
64:
58:
55:
45:Please help to
44:
28:
24:
17:
12:
11:
5:
1846:
1845:
1842:
1834:
1833:
1823:
1822:
1816:
1815:
1813:
1812:
1807:
1802:
1796:
1793:
1792:
1790:
1789:
1784:
1779:
1774:
1769:
1764:
1759:
1753:
1751:
1747:
1746:
1744:
1743:
1738:
1733:
1728:
1723:
1717:
1715:
1711:
1710:
1707:
1706:
1704:
1703:
1698:
1693:
1688:
1683:
1678:
1673:
1668:
1663:
1658:
1653:
1648:
1638:
1633:
1628:
1617:
1615:
1609:
1608:
1606:
1605:
1593:
1590:
1587:
1584:
1581:
1569:
1566:
1563:
1558:
1555:
1552:
1547:
1535:
1532:
1529:
1524:
1519:
1514:
1509:
1506:
1496:
1484:
1481:
1476:
1471:
1466:
1461:
1456:
1451:
1446:
1441:
1429:
1424:
1419:
1414:
1409:
1404:
1399:
1394:
1389:
1384:
1379:
1374:
1369:
1363:
1361:
1349:
1348:
1346:
1345:
1340:
1335:
1330:
1325:
1320:
1315:
1310:
1305:
1300:
1295:
1290:
1285:
1280:
1275:
1270:
1265:
1260:
1255:
1250:
1245:
1240:
1235:
1230:
1225:
1220:
1215:
1210:
1205:
1200:
1193:
1188:
1183:
1178:
1173:
1166:
1161:
1156:
1151:
1146:
1139:
1134:
1129:
1124:
1119:
1114:
1109:
1104:
1099:
1094:
1089:
1084:
1079:
1074:
1069:
1063:
1061:
1049:
1048:
1046:
1045:
1040:
1030:
1025:
1020:
1015:
1010:
1005:
1000:
995:
990:
985:
980:
975:
970:
965:
960:
955:
950:
945:
939:
937:
931:
930:
928:
927:
922:
917:
912:
907:
902:
897:
896:
895:
885:
880:
875:
870:
865:
860:
855:
850:
845:
840:
834:
832:
823:
817:
816:
814:
813:
808:
803:
798:
793:
788:
783:
778:
773:
768:
763:
758:
753:
748:
743:
738:
733:
728:
723:
718:
713:
708:
703:
698:
693:
688:
683:
678:
673:
668:
663:
658:
653:
648:
643:
638:
633:
628:
623:
618:
613:
608:
603:
598:
593:
588:
583:
578:
573:
568:
563:
558:
553:
548:
547:
546:
536:
531:
526:
520:
518:
514:
513:
510:IEEE standards
508:
506:
505:
498:
491:
483:
477:
476:
470:
465:
457:
456:External links
454:
451:
450:
424:
393:
392:
390:
387:
386:
385:
379:
373:
365:
362:
330:
327:
321:
318:
317:
316:
313:
306:
305:
302:
299:
296:
293:
282:
281:
278:
275:
272:
271:Authentication
269:
266:
259:
258:
255:
252:
251:Deauthenticate
249:
235:
232:
231:
230:
227:
224:
223:Authentication
221:
218:
206:
203:
202:
201:
200:
199:
196:
193:
190:
184:
183:
182:
181:Disassociation
179:
176:
170:
169:
168:
165:
162:
159:
156:
148:
145:
144:
143:
140:
137:
134:
129:
126:
97:
94:
77:
76:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
1844:
1843:
1832:
1829:
1828:
1826:
1811:
1808:
1806:
1803:
1801:
1798:
1797:
1794:
1788:
1785:
1783:
1780:
1778:
1775:
1773:
1770:
1768:
1765:
1763:
1760:
1758:
1755:
1754:
1752:
1748:
1742:
1739:
1737:
1734:
1732:
1729:
1727:
1724:
1722:
1719:
1718:
1716:
1712:
1702:
1699:
1697:
1694:
1692:
1689:
1687:
1684:
1682:
1679:
1677:
1674:
1672:
1669:
1667:
1664:
1662:
1659:
1657:
1654:
1652:
1649:
1646:
1642:
1639:
1637:
1634:
1632:
1629:
1626:
1622:
1619:
1618:
1616:
1614:
1610:
1603:
1599:
1598:
1594:
1591:
1588:
1585:
1582:
1579:
1575:
1574:
1570:
1567:
1564:
1562:
1559:
1556:
1553:
1551:
1548:
1545:
1541:
1540:
1536:
1533:
1530:
1528:
1525:
1523:
1520:
1518:
1515:
1513:
1510:
1507:
1504:
1500:
1497:
1494:
1490:
1489:
1485:
1482:
1480:
1477:
1475:
1472:
1470:
1467:
1465:
1462:
1460:
1457:
1455:
1452:
1450:
1447:
1445:
1442:
1439:
1435:
1434:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1413:
1410:
1408:
1405:
1403:
1400:
1398:
1395:
1393:
1390:
1388:
1385:
1383:
1380:
1378:
1375:
1373:
1370:
1368:
1365:
1364:
1362:
1359:
1354:
1350:
1344:
1341:
1339:
1336:
1334:
1331:
1329:
1326:
1324:
1321:
1319:
1316:
1314:
1311:
1309:
1306:
1304:
1301:
1299:
1296:
1294:
1291:
1289:
1286:
1284:
1281:
1279:
1276:
1274:
1271:
1269:
1266:
1264:
1261:
1259:
1256:
1254:
1251:
1249:
1246:
1244:
1241:
1239:
1236:
1234:
1231:
1229:
1226:
1224:
1221:
1219:
1216:
1214:
1211:
1209:
1206:
1204:
1201:
1199:
1198:
1194:
1192:
1189:
1187:
1184:
1182:
1179:
1177:
1174:
1172:
1171:
1167:
1165:
1162:
1160:
1157:
1155:
1152:
1150:
1147:
1145:
1144:
1140:
1138:
1135:
1133:
1130:
1128:
1125:
1123:
1120:
1118:
1115:
1113:
1110:
1108:
1105:
1103:
1100:
1098:
1095:
1093:
1090:
1088:
1085:
1083:
1080:
1078:
1075:
1073:
1070:
1068:
1065:
1064:
1062:
1059:
1054:
1050:
1044:
1041:
1038:
1034:
1031:
1029:
1026:
1024:
1021:
1019:
1016:
1014:
1011:
1009:
1006:
1004:
1001:
999:
996:
994:
991:
989:
986:
984:
981:
979:
976:
974:
971:
969:
966:
964:
961:
959:
956:
954:
951:
949:
946:
944:
941:
940:
938:
936:
932:
926:
923:
921:
918:
916:
913:
911:
908:
906:
903:
901:
898:
894:
893:WiMAX ยท d ยท e
891:
890:
889:
886:
884:
881:
879:
876:
874:
871:
869:
866:
864:
861:
859:
856:
854:
851:
849:
846:
844:
841:
839:
836:
835:
833:
831:
827:
824:
822:
818:
812:
809:
807:
804:
802:
799:
797:
794:
792:
789:
787:
784:
782:
779:
777:
774:
772:
769:
767:
764:
762:
759:
757:
754:
752:
749:
747:
744:
742:
739:
737:
734:
732:
729:
727:
724:
722:
719:
717:
714:
712:
709:
707:
704:
702:
699:
697:
694:
692:
689:
687:
684:
682:
679:
677:
674:
672:
669:
667:
664:
662:
659:
657:
654:
652:
649:
647:
644:
642:
639:
637:
634:
632:
629:
627:
624:
622:
619:
617:
614:
612:
609:
607:
604:
602:
599:
597:
594:
592:
589:
587:
584:
582:
579:
577:
574:
572:
569:
567:
564:
562:
559:
557:
554:
552:
549:
545:
542:
541:
540:
537:
535:
532:
530:
527:
525:
522:
521:
519:
515:
511:
504:
499:
497:
492:
490:
485:
484:
481:
475:
471:
469:
466:
463:
460:
459:
455:
439:
435:
428:
425:
412:
408:
404:
398:
395:
388:
383:
380:
377:
374:
371:
368:
367:
363:
361:
359:
355:
351:
350:Wireless LANs
347:
344:
341:
337:
328:
326:
319:
314:
311:
310:
309:
303:
300:
297:
294:
291:
290:
289:
287:
279:
276:
273:
270:
267:
264:
263:
262:
256:
253:
250:
247:
246:
245:
242:
239:
233:
228:
225:
222:
219:
216:
215:
214:
211:
204:
197:
194:
191:
188:
187:
185:
180:
177:
174:
173:
171:
166:
163:
160:
157:
154:
153:
151:
150:
146:
141:
138:
135:
132:
131:
127:
125:
123:
119:
115:
111:
107:
103:
95:
93:
91:
87:
83:
73:
70:
62:
52:
48:
42:
41:
35:
30:
21:
20:
1799:
1595:
1571:
1537:
1486:
1468:
1431:
1195:
1168:
1141:
442:. Retrieved
427:
415:. Retrieved
406:
397:
382:IEEE 802.11u
376:IEEE 802.11r
370:IEEE 802.11i
348:
332:
323:
307:
283:
260:
248:Disassociate
243:
240:
237:
212:
208:
122:IEEE 802.11u
118:IEEE 802.11r
99:
81:
80:
65:
56:
37:
1831:IEEE 802.11
1372:legacy mode
274:Association
110:IEEE 802.11
106:IEEE 802.11
86:IEEE 802.11
59:August 2013
51:introducing
1750:Superseded
821:802 series
444:2020-08-24
417:18 October
389:References
34:references
1625:Bluetooth
340:Microsoft
1825:Category
1800:See also
1757:754-1985
1714:Proposed
1058:Ethernet
544:Revision
438:Archived
411:Archived
409:. IEEE.
364:See also
186:Class 3
172:Class 2
152:Class 1
128:Overview
104:for the
102:standard
1741:P1906.1
1602:Wi-Fi 8
1578:Wi-Fi 7
1544:Wi-Fi 6
1493:Wi-Fi 5
1438:Wi-Fi 4
517:Current
407:IEEE802
336:OpenWrt
265:Beacons
147:Classes
47:improve
1645:Zigbee
1613:802.15
1353:802.11
591:1149.1
268:Probes
36:, but
1736:P1823
1731:P1699
1726:P1619
1721:P1363
1503:WiGig
1367:-1997
1358:Wi-Fi
1067:-1983
1053:802.3
935:802.1
811:42010
806:29148
801:16326
796:16085
791:14764
786:12207
781:11073
329:Usage
1787:1471
1782:1364
1777:1362
1772:1233
1767:1219
1037:LACP
776:2050
771:2030
766:1905
761:1904
756:1902
751:1901
746:1900
741:1855
736:1850
731:1849
726:1815
721:1801
716:1800
711:1733
706:1722
701:1685
696:1675
691:1667
686:1666
681:1619
676:1613
671:1603
666:1596
661:1588
656:1584
651:1547
646:1541
641:1516
636:1497
631:1451
626:1394
621:1355
616:1284
611:1278
606:1275
601:1164
596:1154
586:1076
581:1016
576:1014
571:1003
419:2019
286:MPDU
120:and
1762:830
1686:.4z
1681:.4g
1676:.4f
1671:.4e
1666:.4d
1661:.4c
1656:.4b
1651:.4a
978:Qbb
973:Qaz
968:Qay
963:Qat
958:Qav
925:.24
920:.22
915:.21
910:.20
905:.18
900:.17
888:.16
883:.14
878:.12
873:.10
830:802
566:896
561:829
556:828
551:854
539:754
534:730
529:693
524:488
1827::
1701:.7
1696:.6
1691:.5
1641:.4
1636:.3
1631:.2
1621:.1
1597:bn
1592:bk
1589:bi
1586:bh
1583:bf
1573:be
1568:bd
1565:bc
1561:bb
1557:ba
1554:az
1550:ay
1539:ax
1534:aq
1531:ak
1527:aj
1522:ai
1517:ah
1512:af
1508:ae
1499:ad
1488:ac
1483:aa
1343:df
1338:de
1333:dd
1328:db
1323:da
1318:cz
1313:cy
1308:cx
1303:cw
1298:cv
1293:cu
1288:ct
1283:cs
1278:cr
1273:cq
1268:cp
1263:cn
1258:cm
1253:ck
1248:ch
1243:cg
1238:ce
1233:cd
1228:cc
1223:cb
1218:ca
1213:bz
1208:by
1203:bu
1197:bt
1191:ba
1186:az
1181:av
1176:au
1170:at
1164:aq
1159:an
1154:ak
1149:ah
1143:af
1137:ae
1132:ad
1127:ac
1122:ab
1043:BA
1033:AX
1028:AS
1023:aq
1018:ak
1013:ah
1008:ag
1003:AE
998:ad
993:AB
868:.9
863:.8
858:.7
853:.6
848:.5
843:.4
838:.2
436:.
405:.
360:.
288:.
124:.
92:.
1647:)
1643:(
1627:)
1623:(
1604:)
1600:(
1580:)
1576:(
1546:)
1542:(
1505:)
1501:(
1495:)
1491:(
1479:z
1474:y
1469:w
1464:v
1459:u
1454:s
1449:r
1444:p
1440:)
1436:(
1433:n
1427:k
1422:j
1417:i
1412:h
1407:g
1402:f
1397:e
1392:d
1387:c
1382:b
1377:a
1360:)
1356:(
1117:z
1112:y
1107:x
1102:u
1097:j
1092:i
1087:e
1082:d
1077:b
1072:a
1060:)
1056:(
1039:)
1035:(
988:X
983:w
953:Q
948:p
943:D
502:e
495:t
488:v
447:.
421:.
72:)
66:(
61:)
57:(
43:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.