1. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 1 Action Frame Protection Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http:// ieee802.org/guides/bylaws/sb-bylaws.pdfstuart.kerry@philips.compatcom@ieee.org Date: 2009-01-26 Authors:

2. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 2 Protection of Action Frames 802.11w D6.0 currently restricts protection of Action Frames to all Action Categories with the exception of a Public Action Frame

3. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 3 Management Frame Formats Non-Management Frame Protection Capable Frame Management Frame Protection Capable Unicast Frame Management Frame Protection Capable Broadcast/Multicast Frame

4. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 4 Action Frame Type defined in Action IE If Management Frame Protection is successfully negotiated, encrypted unicast Action Frames can not be distinguished!

5. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 5 Action Frame Category Values CategoryTG Spectrum management802.11-2007 QoS802.11-2007 DLS802.11-2007 Block Ack802.11-2007 Public802.11k Radio Measurement802.11k Fast BSS Transition802.11r

6. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 6 802.11 D6.0 Allows for protection of Robust Action Frames: e.g. all categories except for Public Action Frames However: –Some of these frames are not meant to be encrypted (11y)? –Distinction of Action Frames by category can not occur until after decryption Pseudo-code in 8.7.2.1a and 8.7.2.3a.

7. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 7 Some issues in 8.7.2.3a pseudo-code

8. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 8 8.7.2.3a “decryption” looks OK

9. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 9 8.7.2.3a Broadcast treatment needs work Public Action Frames need to be excluded Public Action Frames need to be processed.

10. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 10 Issues with Unicast “Action” in 8.2.7.3a

11. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 11 Issues with Unicast “Action”

12. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 12 Proposal A: include unicast-only Public Action Frames Updates to P802.11w D6.0: 3.125a Robust Action Frame: A unicast Action frame or a broadcast/multicast Action frame that is not a Public Action frame. 5.4.3.8 last sentence would read as “The Robust Management frames are Robust Action, excluding Public Action frames, Disassociation and Deauthentication frames.” Transmit and Receive pseudo-code must be updated: –see slides 13 and 14 for receive updates –8.7.2.1a pg. 47 line 5: else // MMPDU has a multicast broadcast RA if (IGTK exists && MMPDU is not a Public Action frame) then //if we find a suitable IGTK Transmit the MMPDU with protection // See 8.7.2.2a else if (MMPDU is Disassociate || Deauthenticate || Public Action frame) then Transmit the MMPDU without protection else Discard the MMPDU and generate an MLME.confirm primitive to notify the SME…. –8.7.2.1a pg. 47 line 47 else // MMPDU has a multicast broadcast RA if (IGTK exists && MMPDU is not a Public Action frame) then //if we find a suitable IGTK Transmit the MMPDU with protection // See 8.7.2.2a else if (MMPDU is Disassociate || Deauthenticate || Public Action frame) then Transmit the MMPDU without protection else Discard the MMPDU and generate an MLME.confirm primitive to notify the SME….

13. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 13 Proposal A: Receive Pseudo-code update for Action Frames

14. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 14 Proposal A: Receive pseudo-code update for Broadcast

15. doc.: IEEE 802.11-06/xxxxr0 Submission Nancy Cam-Winget (Cisco) February 2006 Slide 15 Proposal B: protect both unicast and broadcast Public Action frames Updates to P802.11w D6.0: –Remove definition: 3.125a Robust Action Frame –5.4.3.8 last sentence would read as “The Robust Management frames are Robust Action, excluding Public Action frames, Disassociation and Deauthentication frames.” Updates needed independent of Proposal B: –Receive pseudo-code for unicast needs to be fixed per Slide 13 (independent of this proposal). –8.7.2.1a pg. 47 line 9, add: else if (MMPDU is Disassociate || Deauthenticate) then Transmit the MMPDU without protection else Discard the MMPDU and generate an MLME.confirm primitive to notify the SME…. –8.7.2.1a pg. 47 line 51, add: else if (MMPDU is Disassociate || Deauthenticate) then Transmit the MMPDU without protection else Discard the MMPDU and generate an MLME.confirm primitive to notify the SME….