802.11i Channels ====================== .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What is IEEE 802.11i-2004?** IEEE 802.11i-2004, commonly called 802.11i, is an amendment to the IEEE 802.11 standard that specifies enhanced security for WLANs such as stronger encryption, authentication and key management. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What does RSN (Robust Security Network) mean in 802.11i?** RSN refers to the security framework defined in 802.11i, using protocols like 802.1X/EAP for authentication, plus TKIP or CCMP for encryption. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What encryption protocols are defined under 802.11i?** 802.11i defines TKIP (Temporal Key Integrity Protocol) and CCMP (AES‑based Counter with CBC‑MAC) as encryption/integrity protocols. CCMP is mandatory for full compliance. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **How is authentication handled in 802.11i?** Authentication is handled via 802.1X/EAP for enterprise networks, or via pre-shared key (PSK) in simpler/home settings. Then a 4‑way handshake is used to derive transient keys. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What is the 4‑way handshake in 802.11i?** A process between a station (STA) and access point (AP) to derive fresh session keys, confirm knowledge of shared secrets, and ensure data confidentiality/integrity. It exchanges nonces and uses authentication to establish Pairwise Transient Key (PTK) and Group Temporal Key (GTK). .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What is CCMP and why is it important?** CCMP (Counter Mode with CBC‑MAC Protocol) is the AES‑based encryption/integrity protocol introduced with 802.11i. It provides strong confidentiality, message integrity, and protection versus replay attacks. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What is TKIP and why was it used?** TKIP (Temporal Key Integrity Protocol) was introduced as an interim solution to fix many of the vulnerabilities in WEP. It works with legacy hardware using RC4 stream cipher, but is less secure than CCMP and is considered deprecated. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **What is 802.1X and how is it used with 802.11i?** 802.1X is a port-based network access control protocol used by 802.11i for strong authentication, often with a RADIUS server. It ensures that only authenticated users or devices can connect. .. panels:: :container: container pb-4 :column: col-lg‑12 p‑2 :card: shadow **Is WEP still considered secure under 802.11i?** No. WEP is deprecated due to many known vulnerabilities. 802.11i was specifically designed to replace WEP. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is the group key handshake?** After authentication, the AP distributes a Group Temporal Key (GTK) to all associated stations for multicast/broadcast frame encryption. This happens using secure key distribution. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **How does 802.11i protect against replay attacks?** Using sequence numbers and message integrity checks (MIC), especially under CCMP, to ensure old frames cannot be resent in a malicious way. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is PSK mode in 802.11i?** PSK (Pre‑Shared Key) mode is for simpler setups (home/small offices) where there's no authentication server. All devices share a passphrase. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What hardware/software requirements are there for 802.11i?** Devices need to support AES‑CCMP, with sufficient processing for the cryptographic operations. Older hardware that only supported WEP might need firmware or hardware upgrades. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What are potential vulnerabilities in 802.11i?** Although much more secure than WEP, 802.11i is still subject to issues like weak passwords (in PSK mode), denial‑of‑service via management frame spoofing, and risk during roaming if keys are not properly protected. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is a Weak Password Attack in the context of 802.11i?** When PSK (Pre‑Shared) mode is used and users choose simple passphrases, attackers can brute force or dictionary‑attack the passphrase, undermining security. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is WPA2 in relation to 802.11i?** WPA2 is the Wi‑Fi Alliance certification that implements the full RSN features of 802.11i, especially mandatory support for AES‑CCMP. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **Does 802.11i support fast roaming?** Roaming itself is supported, but fast roaming improvements (e.g. 802.11r) can complement 802.11i to reduce delays during handoffs. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is PMK caching?** Pairwise Master Key (PMK) caching allows a station and AP to reuse a previously established PMK to speed up reconnection/roaming, reducing authentication delays. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What is the group temporal key (GTK)?** GTK is used to encrypt broadcast or multicast traffic under an RSN. It is shared among all associated stations. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **How are encryption keys renewed in 802.11i?** Keys are periodically refreshed (rekeyed) automatically to maintain security, both for pairwise/unicast and group/multicast traffic. .. panels:: :container: container pb‑4 :column: col‑lg‑12 p‑2 :card: shadow **What is the difference between unicast and multicast protection in 802.11i?** Unicast traffic uses PTK (derived using 4‑way handshake) for each STA‑AP link. Multicast/broadcast traffic uses GTK shared among STAs, with group key handshake. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **What happens if a device fails authentication in 802.11i?** The device is denied access to data frames; it will not receive encryption keys (PTK/GTK) and cannot send/receive secured data. .. panels:: :container: container pb-4 :column: col‑lg‑12 p‑2 :card: shadow **Is management frame protection included in 802.11i?** Base 802.11i does not fully protect all management frames; additional amendments like 802.11w provide protection for management frames to avoid attacks on deauth/disassoc frames. .. panels:: :container: container pb‑4 :column: col‑lg‑12 p‑2 :card: shadow **Is 802.11i still relevant given newer standards?** Yes — much of wireless security today (WPA2 etc.) depends on 802.11i. Even with newer standards (WPA3 etc.), 802.11i concepts remain foundational. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`List of channels ` * :ref:`List of channel widths ` * :ref:`List of Bands ` * :ref:`Reference links ` .. _channels_i_step4: .. tab-set:: .. tab-item:: List of channels ===================== ======================= ====================== ============== Channel Number (MHz) Center Frequency (MHz) Frequency Range DFS Required ===================== ======================= ====================== ============== 36 5180 5170 – 5190 No 40 5200 5190 – 5210 No 44 5220 5210 – 5230 No 48 5240 5230 – 5250 No 52 5260 5250 – 5270 Yes 56 5280 5270 – 5290 Yes 60 5300 5290 – 5310 Yes 64 5320 5310 – 5330 Yes 100 5500 5490 – 5510 Yes 104 5520 5510 – 5530 Yes 108 5540 5530 – 5550 Yes 112 5560 5550 – 5570 Yes 116 5580 5570 – 5590 Yes 120 5600 5590 – 5610 Yes 124 5620 5610 – 5630 Yes 128 5640 5630 – 5650 Yes 132 5660 5650 – 5670 Yes 136 5680 5670 – 5690 Yes 140 5700 5690 – 5710 Yes 144 5720 5710 – 5730 Yes 149 5745 5735 – 5755 No 153 5765 5755 – 5775 No 157 5785 5775 – 5795 No 161 5805 5795 – 5815 No 165 5825 5815 – 5835 No ===================== ======================= ====================== ============== .. _channels_i_step5: .. tab-set:: .. tab-item:: List of channel widths * channel widths .. _channels_i_step6: .. tab-set:: .. tab-item:: List of Bands ======================= ====================== ====================== ============================================================ Band Name Frequency Range (GHz) Frequency Range (MHz) Channels ======================= ====================== ====================== ============================================================ UNII-1 5.150 – 5.250 5150 – 5250 36, 40, 44, 48 UNII-2 (DFS) 5.250 – 5.350 5250 – 5350 52, 56, 60, 64 UNII-2 Extended (DFS) 5.470 – 5.725 5470 – 5725 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144 UNII-3 5.725 – 5.825 5725 – 5825 149, 153, 157, 161, 165 ======================= ====================== ====================== ============================================================ .. _channels_i_step17: .. tab-set:: .. tab-item:: Reference links * Reference links