推荐给好友

打印

加入收藏

更新于2008-06-25 21:45:04

5.4 Overview of the services

• There are many services specified by IEEE Std 802.11. Six of the services are used to support mediumaccess control (MAC) service data unit (MSDU) delivery between STAs. Three of the servicesare used to control IEEE 802.11 LAN access and confidentiality. Two of the services are usedto provide spectrum management. One of the services providessupportforLAapplicationswithQoS requirements. Another of the services provides support for higher layer timer synchronization.
• This subclause presents the services, an overview of how each service is used, and a description of how eachservice relates to other services and the IEEE 802.11 architecture. The services are presented in an orderdesigned to help build an understanding of the operation of an IEEE 802.11 ESS network. As a result, theservices that comprise the SS and DSS are intermixed in order (rather than being grouped by category).
• Each of the services is supported by one or more MAC frame types. Some of the services are supported byMAC management messages and some by MAC data messages. All of the messages gain access to the WMvia the IEEE 802.11 MAC sublayer medium access method specified in Clause 9.
• The IEEE 802.11 MAC sublayer uses three types of messages—data, management, and control (seeClause 7). The data messages are handled via the MAC data service path.
• MAC management messages are used to support the IEEE 802.11 services and are handled via the MACmanagement service path.
• MAC control messages are used to support the delivery of IEEE 802.11 data and management messages.
• The examples here assume an ESS network environment. The differences between the ESS and the IBSSnetwork environments are discussed separately in 5.6.

5.4.1 Distribution of messages within a DS

5.4.1.1 Distribution

• This is the primary service used by IEEE 802.11 STAs. It is conceptually invoked by every data message to or from an IEEE 802.11 STA operating in an ESS (when the frame is sent via the DS). Distribution is via the DSS.
• Refer to the ESS network in Figure 5-7 and consider a data message being sent from STA 1 to STA 4. The message is sent from STA 1 and received by STA 2 (the “input” AP). The AP gives the message to the distribution service of the DS. It is the job of the distribution service to deliver the message within the DS in such a way that it arrives at the appropriate DS destination for the intended recipient. In this example, the message is distributed to STA 3 (the “output” AP) and STA 3 accesses the WM to send the message to STA 4 (the intended destination).
• How the message is distributed within the DS is not specified by IEEE Std 802.11. All IEEE Std 802.11 is required to do is to provide the DS with enough information for the DS to be able to determine the “output” point that corresponds to the desired recipient. The necessary information is provided to the DS by the three association related services (association, reassociation, and disassociation).
• The previous example was a case in which the AP that invoked the distribution service was different from the AP that received the distributed message. If the message had been intended for a STA that was a member of the same BSS as the sending STA, then the “input” and “output” APs for the message would have been the same. In either example, the distribution service was logically invoked. Whether the message actually had to traverse the physical DSM or not is a DS implementation matter and is not specified by this standard.
• While IEEE Std 802.11 does not specify DS implementations, it does recognize and support the use of the WM as the DSM. This is specifically supported by the IEEE 802.11 frame formats. (Refer to Clause 7 for details.)

5.4.1.2 Integration

• If the distribution service determines that the intended recipient of a message is a member of an integrated LAN, the “output” point of the DS would be a portal instead of an AP.
• Messages that are distributed to a portal cause the DS to invoke the Integration function (conceptually after the distribution service). The Integration function is responsible for accomplishing whatever is needed to deliver a message from the DSM to the integrated LAN media (including any required media or address space translations). Integration is one of the services in the DSS.
• Messages received from an integrated LAN (via a portal) by the DS for an IEEE 802.11 STA shall invoke the Integration function before the message is distributed by the distribution service.
• The details of an Integration function are dependent on a specific DS implementation and are outside the scope of this standard.

5.4.1.3 QoS traffic scheduling

• QoStrafficschedulingprovidesintraBSSQoSframetransfersundertheHCF,usingeithercontentionbased or controlled channel access. At each TXOP, a traffic scheduling entity at the STA selects a frame for transmission, from the set of frames at the heads of a plurality of traffic queues, based on requested UP and/ or parameter values in the traffic specification (TSPEC) for the requested MSDU. Additional information is available in 9.9.

5.4.2 Services that support the distribution service

• The primary purpose of a MAC sublayer is to transfer MSDUs between MAC sublayer entities. The information required for the distribution service to operate is provided by the association services. Before a data message can be handled by the distribution service, a STA shall be “associated.”
• To understand the concept of association, it is necessary first to understand the concept of mobility.

 5.4.2.1 Mobility types

• The three transition types of significance to this standard that describe the mobility of STAs within a network are as follows:
• a) No-transition: In this type, two subclasses that are usually indistinguishable are identified:
  1) Static—no motion.
  2) Local movement—movement within the PHY range of the communicating STAs [i.e., movement within a basic service area (BSA)].
  b) BSS-transition: This type is defined as a STA movement from one BSS in one ESS to another BSS within the same ESS.
  c) ESS-transition: This type is defined as STA movement from a BSS in one ESS to a BSS in a
  different ESS. This case is supported only in the sense that the STA may move. Maintenance of
  upper-layer connections cannot be guaranteed by IEEE Std 802.11; in fact, disruption of service is likely to occur.
• The different association services support the different categories of mobility.

5.4.2.2 Association

• To deliver a message within a DS, the distribution service needs to know which AP to access for the given IEEE 802.11 STA. This information is provided to the DS by the concept of association. Association is necessary, but not sufficient, to support BSS-transition mobility. Association is sufficient to support notransition mobility. Association is one of the services in the DSS.
• Before a STA is allowed to send a data message via an AP, it shall first become associated with the AP. The act of becoming associated invokes the association service, which provides the STA to AP mapping to the DS. The DS uses this information to accomplish its message distribution service. How the information provided by the association service is stored and managed within the DS is not specified by this standard.
• Within a robust security network (RSN), association is handled differently. In an RSNA, the IEEE 802.1X Port determines when to allow data traffic across an IEEE 802.11 link. A single IEEE 802.1X Port maps to one association, and each association maps to an IEEE 802.1X Port. An IEEE 802.1X Port consists of an IEEE 802.1X Controlled Port and an IEEE 802.1X Uncontrolled Port. The IEEE 802.1X Controlled Port is blocked from passing general data traffic between two STAs until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port. Once the AKM completes successfully, data protection is enabled to prevent unauthorized access, and the IEEE 802.1X Controlled Port unblocks to allow protected data traffic. IEEE 802.1X Supplicants and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port. It is expected that most other protocol exchanges will make use of the IEEE 802.1X Controlled Ports. However, a given protocol may need to bypass the authorization function and make use of the IEEE 802.1X Uncontrolled Port.
• NOTE—See IEEE Std 802.1X-2004 for a discussion of Controlled Port and Uncontrolled Port.
• At any given instant, a STA may be associated with no more than one AP. This ensures that the DS may determine a unique answer to the question, “Which AP is serving STA X?” Once an association is completed, a STA may make full use of a DS (via the AP) to communicate. Association is alwaysinitiated by the mobile STA, not the AP.
• An AP may be associated with many STAs at one time.
• A STA learns what APs are present and what operational capabilities are available from each of those APs and then invokes the association service to establish an association. For details of how a STA learns about what APs are present, see 11.1.3.

5.4.2.3 Reassociation

• Association is sufficient for no-transition message delivery between IEEE 802.11 STAs. Additional functionality is needed to support BSS-transition mobility. The additional required functionality isprovided by the reassociation service. Reassociation is one of the services in the DSS.
• The reassociation service is invoked to “move” a current association from one AP to another. This keeps the DS informed of the current mapping between AP and STA as the STA moves from BSS to BSS within an ESS. Reassociation also enables changing association attributes of an established association while the STAremainsassociatedwiththe sameAP.Reassociation is always initiated by the mobile STA.
• No facilities are provided to move an RSNA during reassociation. Therefore, the old RSNA will be deleted, and a new RSNA will need to be constructed.

5.4.2.4 Disassociation

• The disassociation service is invoked when an existing association is to be terminated. Disassociation is one of the services in the DSS.
• In an ESS, this tells the DS to void existing association information. Attempts to send messages via the DS to a disassociated STA will be unsuccessful.
• The disassociation service may be invoked by either party to an association (non-AP STA or AP). Disassociation is a notification, not a request. Disassociation cannot be refused by either party to the association.
• APs may need to disassociate STAs to enable the AP to be removed from a network for service or for other reasons.
• STAs shall attempt to disassociate when they leave a network. However, the MAC protocol does not depend on STAs invoking the disassociation service. (MAC management is designed toaccommodate loss of communication with an associated STA.)

5.4.3 Access control and data confidentiality services

• Two services are required for IEEE Std 802.11 to provide functionality equivalent to that which is inherent to wired LANs. The design of wired LANs assumes the physical attributes of wire. In particular, wired LAN design assumes the physically closed and controlled nature of wired media. The physically open medium nature of an IEEE 802.11 LAN violates those assumptions.
• Two services are provided to bring the IEEE 802.11 functionality in line with wired LAN assumptions: authentication and data confidentiality. Authentication is used instead of the wired media physical connection. Data confidentiality is used to provide the confidential aspects of closed wired media.
• In a WLAN that does not support RSNA, two services, authentication and data confidentiality, are defined. IEEE 802.11 authentication is used instead of the wired media physical connection. WEP encryption was defined to provide the data confidentiality aspects of closed wired media.
• An RSNA uses the IEEE 802.1X authentication service along with TKIP and CCMP to provide access control. The IEEE 802.11 station management entity (SME) provides key management via an exchange of IEEE 802.1X EAPOL-Key frames. Data confidentiality and data integrity are provided by RSN key management together with the TKIP and CCMP.

5.4.3.1 Authentication

• IEEE 802.11 authentication operates at the link level between IEEE 802.11 STAs. IEEE Std 802.11 does notprovide either end-to-end (message origin to message destination) or user-to-user authentication.
• IEEE Std 802.11 attempts to control LAN access via the authentication service. IEEE 802.11 authenticationis an SS. This service may be used by all STAs to establish their identity to STAs with which theycommunicate, in both ESS and IBSS networks. If a mutually acceptable level of authentication has not beenestablished between two STAs, an association shall not be established.
• IEEE Std 802.11 defines two authentication methods: Open System authentication and Shared Keyauthentication. Open System authentication admits any STA to the DS. Shared Key authentication relies onWEP to demonstrate knowledge of a WEP encryption key. The IEEE 802.11 authentication mechanism alsoallows definition of new authentication methods.
• An RSNA also supports authentication based on IEEE Std 802.1X-2004, or preshared keys (PSKs). IEEE 802.1X authentication utilizes the EAP to authenticate STAs and the AS with one another. This standard does not specify an EAP method that is mandatory to implement. See 8.4.4 for a description of the IEEE 802.1X authentication and PSK usage within an IEEE 802.11 IBSS.
• In an RSNA, IEEE 802.1X Supplicants and Authenticators exchange protocol information via theIEEE 802.1X Uncontrolled Port. The IEEE 802.1X Controlled Port is blocked from passing general data traffic between two STAs until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port.
• The Open System authentication algorithm is used in RSNs based on infrastructure BSS and IBSS, although Open System authentication is optional in an RSN based on an IBSS. RSNA disallows the use of Shared Key authentication.
• Management information base (MIB) functions are provided in Annex D to support the standardized authentication schemes.
• A STA may be authenticated with many other STAs at any given instant.

5.4.3.1.1 Preauthentication

• Because the authentication process could be time-consuming (depending on the authentication protocol in use), the authentication service can be invoked independently of the association service.
• Preauthentication is typically done by a STA while it is already associated with an AP (with which it previously authenticated). IEEE Std 802.11 does not require that STAs preauthenticate with APs. However, authentication is required before an association can be established.
• If the authentication is left until reassociation time, this may impact the speed with which a STA can reassociate between APs, limiting BSS-transition mobility performance. The use of preauthentication takes the authentication service overhead out of the time-critical reassociation process.

5.4.3.2 Deauthentication

• The deauthentication service is invoked when an existing Open System or Shared Key authentication is to be terminated. Deauthentication is an SS.
• In an ESS, because authentication is a prerequisite for association, the act of deauthentication shall cause the STA to be disassociated. The deauthentication service may be invoked by either authenticated party (non- AP STA or AP). Deauthentication is not a request; it is a notification. Deauthentication shall not be refused by either party. When an AP sends a deauthentication notice to an associated STA, the association shall also be terminated.
• In an RSN ESS, Open System authentication is required. In an RSN ESS, deauthentication results in termination of any association for the deauthenticated STA. It also results in the IEEE 802.1X Controlled Port for that STA being disabled and deletes the pairwise transient key security association (PTKSA). The deauthentication notification is provided to IEEE Std 802.1X-2004 via the MAC layer.
• In an RSNA, deauthentication also destroys any related PTKSA, group temporal key security association (GTKSA), station-to-station link (STSL) master key security association (SMKSA), and STSL transient key security association (STKSA) that exist in the STA and closes the associated IEEE 802.1X Controlled Port. If pairwise master key (PMK) caching is not enabled, deauthentication also destroys the pairwise master key security association (PMKSA) from which the deleted PTKSA was derived.
• In an RSN IBSS, Open System authentication is optional, but a STA is required to recognize
  Deauthentication frames. Deauthentication results in the IEEE 802.1X Controlled Port for that STA being disabled and deletes the PTKSA.

5.4.3.3 Data confidentiality

• In a wired LAN, only those STAs physically connected to the wire can send or receive LAN traffic. With a wireless shared medium, there is no physical connection, and all STAs and certain other RF devices in or near the LAN may be able to send, receive, and/or interfere with the LAN traffic. Any IEEE 802.11- compliant STA can receive all like-PHY IEEE 802.11 traffic that is within range and can transmit to any other IEEE 802.11 STA within range. Thus, the connection of a single wireless link (without data confidentiality) to an existing wired LAN may seriously degrade the security level of the wired LAN.
• To bring the security of the WLAN up to the level implicit in wired LAN design, IEEE Std 802.11 provides the ability to protect the contents of messages. This functionality is provided by the data confidentiality service. Data confidentiality is an SS.
• IEEE Std 802.11 provides three cryptographic algorithms to protect data traffic: WEP, TKIP, and CCMP. WEP and TKIP are based on the ARC414 algorithm, and CCMP is based on the advanced encryption standard (AES). A means is provided for STAs to select the algorithm(s) to be used for a given association.
• The default data confidentiality state for all IEEE 802.11 STAs is “in the clear.” If the data confidentiality service is not invoked, all messages shall be sent unprotected. If this policy is unacceptable to the sender, it shall not send data frames; and if the policy is unacceptable to the receiver, it shall discard any received data frames. Unprotected data frames received at a STA configured for mandatory data confidentiality, as well as protected data frames using a key not available at the receiving STA, are discarded without an indication to LLC (or without indication to distribution services in the case of “To DS” frames received at an AP). These frames are acknowledged on the WM [if received without frame check sequence (FCS) error] to avoid wasting WM bandwidth on retries of frames that are being discarded.

5.4.3.4 Key management

• The enhanced data confidentiality, data authentication, and replay protection mechanisms require fresh cryptographic keys. The procedures defined in this standard provide fresh keys by means of protocols called the 4-Way Handshake and Group Key Handshake.

5.4.3.5 Data origin authenticity

• The data origin authenticity mechanism defines a means by which a STA that receives a data frame can determine which STA transmitted the MAC protocol data unit (MPDU). This feature is required in an RSNA to prevent one STA from masquerading as a different STA. This mechanism is provided for STAs that use CCMP or TKIP.
• Data origin authenticity is only applicable to unicast data frames. The protocols do not guarantee data origin authenticity for broadcast/multicast data frames, as this cannot be accomplished using symmetric keys and public key methods are too computationally expensive.
• 14Details of the ARC4 algorithm are available from RSA Security, Inc. Contact RSA RSA Security, 174 Middlesex Turnpike, Bedford, MA 01730 (http://www.rsasecurity.com/), for algorithm details and the uniform ARC4 license terms that RSA offers to anyone wishing to use ARC4 for the purpose of implementing the IEEE 802.11 WEP option. If necessary, contact the IEEE Standards Department Intellectual Property Rights Administrator for details on how to communicate with RSA.

5.4.3.6 Replay detection

The replay detection mechanism defines a means by which a STA that receives a data frame from another STA can detect whether the data frame is an unauthorized retransmission. This mechanism is provided for STAs that use CCMP or TKIP.

5.4.4 Spectrum management services

Two services are required to satisfy requirements in some regulatory domains for operation in the 5 GHz band. These services are called transmit power control (TPC) and dynamic frequency selection (DFS).

5.4.4.1 TPC

•  Radio regulations may require radio local area networks (RLANs) operating in the 5 GHz band to use transmitter power control, involving specification of a regulatory maximum transmit power and a mitigation requirement for each allowed channel, to reduce interference with satellite services. The TPC service is used to satisfy this regulatory requirement.
• The TPC service provides for the following:
  — Association of STAs with an AP in a BSS based on the STAs’ power capability.
  — Specification of regulatory and local maximum transmit power levels for the current channel.
  — Selection of a transmit power for each transmission in a channel within constraints imposed by regulatory requirements.
  — Adaptation of transmit power based on a range of information, including path loss and link margin estimates.

5.4.4.2 DFS

• Radio regulations may require RLANs operating in the 5 GHz band to implement a mechanism to avoid cochannel operation with radar systems and to ensure uniform utilization of available channels. The DFS service is used to satisfy these regulatory requirements.
• The DFS service provides for the following:
  — Association of STAs with an AP in a BSS based on the STAs’ supported channels.
  — Quieting the current channel so it can be tested for the presence of radar with less interference from other STAs.
  — Testing channels for radar before using a channel and while operating in a channel.
  — Discontinuing operations after detecting radar in the current channel to avoid interference with radar.
  — Detecting radar in the current and other channels based on regulatory requirements.
  — Requesting and reporting of measurements in the current and other channels.
  — Selecting and advertising a new channel to assist the migration of a BSS or IBSS after radar is detected.

 5.4.5 Traffic differentiation and QoS support

• IEEE Std 802.11 uses a shared medium and provides differentiated control of access to the medium to handle data transfers with QoS requirements. The QoS facility (per MSDU traffic class and TSPEC negotiation) allows an IEEE 802.11 LAN to become part of a larger network providing end-to-end QoS delivery or to function as an independent network providing transport on a per-link basis with specified QoS commitments. The specifications regarding the integration and operability of the QoS facility in
• IEEE 802.11 specification with any other end-to-end QoS delivery mechanism like Resource Reservation Protocol (RSVP) are beyond the scope of this standard.

5.4.6 Support for higher layer timer synchronization

• Some applications, e.g., the transport and rendering of audio or video streams, require synchronized timers shared among different STAs. Greater accuracy (in terms of jitter bounds) or finer timer granularity than that provided by a BSS timing synchronization function (TSF) may be an additional requirement. In support of such applications, this standard defines a MAC service that enables layers above the MAC to accurately synchronize application-dependent timers shared among STAs. The service is usable by more than one application at a time.
• Although the timer synchronization methods and accuracy requirements are application-dependent and are beyond the scope of this standard, they rely on an indication from each STA’s MAC that is provided essentially simultaneously, via multicast, to the STAs. The MAC accomplishes this by indicating the occurrence of the end of the last symbol of particular data frames; the data frames of interest are identified by their MAC header Address 1 field when it contains a group address previously registered with the MAC. The last symbol is observed15 on the air by STAs within a BSS while the delay between the observation and the delivery of the indication is known within a MAC by design (and communicated to the application by implementation-dependent means). The common reference point in time provided by the end of last symbol indication is the essential building block upon which a variety of application-dependent timer synchronization methods may be based.

<<PREV NEXT>>