Wi-Fi Alliance Voice-Enterprise Certification: Standardized Fast Secure Roaming. Whitepaper

Transcription

1 Wi-Fi Alliance Voice-Enterprise Certification: Standardized Fast Secure Roaming Whitepaper

2 Wi-Fi Roaming: The Intersection of Performance and Security Revolution Wi-Fi One of the most important aspects of building a successful enterprise wireless LAN is enabling transparent user mobility across the network. The proliferation of portable and mobile devices has untethered office workers from traditional desktop computing. Modern employees require application access from diverse locations throughout the workplace, as well as seamless connectivity while on the move. To enable this new mobile workforce, wireless networks require high performance and low-latency roaming to support real-time multimedia applications such as voice and video, vertical industry solutions such as high-speed mobile devices in manufacturing and distribution, automated warehousing, robotics, and medical instrumentation, to name only a few. Organizations also require strong security to protect sensitive information and comply with various industry regulations such as HIPPA, PCI, Sarbanes-Oxley, and FERPA. Modern wireless networks provide robust security by requiring authentication of users and devices prior to allowing role-based network access and subsequently securing communications with strong encryption methods. However, the balance between mobility and security has caused an unpleasant trade-off for organizations due to the time-consuming processes that strong security methods require. On one hand, high performance mobility can be provided when relatively weak security is implemented with an Open or WPA2-Personal WLAN, but this leaves sensitive corporate data at higher risk of exposure. On the other hand, much stronger security can be implemented with WPA2-Enterprise, lowering the exposure risk of sensitive corporate data, but resulting in poor mobility performance due to the time-consuming 802.1X authentication process. Thus, the introduction of more secure Wi- Fi networks solved one problem (security) but created another (roaming performance). Strong security based on WPA2-Enterprise incorporates 802.1X authentication and dynamic encryption keying. It is typical for an 802.1X authentication through RADIUS to take hundreds of milliseconds when RADIUS server is located on the local LAN ( ms), or significantly longer (> 1 sec) if the server is located across a high-latency WAN circuit. This can introduce packet loss and degraded performance for real-time applications, and result in dropped application sessions that require user intervention to reestablish the connection. For instance, typical voice over IP sessions transmit frames at regular 20 ms intervals and conversation quality becomes noticeably degraded to the end-user when the delay exceeds 100 ms. This can lead to an unsatisfactory user experience, application performance issues, inadequate support for real-time business processes, and hesitation by business managers to rely on wireless networks for mission-critical operations. The industry needed a high performance, yet secure, solution to this mobility problem. The answer lies with fast secure roaming, whereby initial network access requires full authentication through the 802.1X process, with subsequent access only requiring verification of the initial authentication event. Vendors initially responded with pre-standard fast secure roaming solutions such as Opportunistic Key Caching (OKC) and Cisco Centralized Key Management (CCKM) to fill the gap. However, lack of coordination among infrastructure vendors led to multiple competing methods and has resulted in fragmented client device support throughout the industry. The introduction of the Voice-Enterprise certification program by the Wi-Fi Alliance in May 2012 brings a standards-based fast roaming method based on the IEEE r amendment to market, which serves to align infrastructure and client manufacturers on a common implementation method and provides the benefits of low-latency roaming performance while maintaining strong security with WPA2-Enterprise. Wi-Fi Alliance Voice-Enterprise Certification Page 2

3 An Introduction to the Mechanics Wi-Fi Roaming Revolution Wi-Fi Roaming, in the context of an wireless network, is the process of a client moving an established Wi-Fi network association from one access point to another access point within the same Extended Service Set (ESS) without losing its network connection. It is important to understand that the client device, not the WLAN infrastructure, controls the roaming decision. However, the WLAN infrastructure can influence the client s decision in various ways through load balancing and band steering techniques, as well as through enhanced information exchanges introduced with the IEEE k and v amendments, which will be discussed in this white paper. Roaming occurs when the client has a previously established association to an infrastructure AP and migrates its connection within the same ESS to another AP within an area of overlapping coverage (Figure 1). Enterprise WLANs support both layer 2 and layer 3 roaming to ensure the client device can continue to use an existing IP address and maintain application sessions transparently. Association to the new AP terminates the previous AP association either implicitly or explicitly, as only one association is allowed at a time, per the standard. Since a client can only be associated to a single AP at any given time, it must break its working data path with one AP prior to establishing a data path through the new AP. The goal of a wireless roam is to identify an alternate AP that can provide better service to Figure 1 - Wi-Fi Roaming the client than the current AP. Wireless client roaming algorithms are typically optimized to minimize the time required to transition between APs to avoid network access disruptions to client applications. This can be accomplished through fast roaming or session caching techniques that eliminate steps in the authentication process. Fast roaming can only occur after an initial connection has been performed to ensure the client has successfully completed all required authentication and authorization required by the network policy. Note: Additional information on Wi-Fi roaming, the various methods that may be used, and performance analysis is available at: Voice-Enterprise Certification Voice-Enterprise certified devices provide fast roaming capabilities that allow compatible clients to transition an existing WLAN association to a new AP in less than 50 ms. In order to achieve certification, the following features must be supported by infrastructure and client devices: Prioritization AP and client devices are required to support WMM for Quality of Service (QoS), which enables devices to recognize and prioritize traffic into multiple Access Categories for preferential treatment. Access categories include voice, video, best effort, and background. Wi-Fi Alliance Voice-Enterprise Certification Page 3

4 Revolution Wi-Fi Bandwidth management WMM-Admission Control optimizes traffic management by only allowing traffic streams that an AP can support at a given time based on current load and channel characteristics. Seamless transitions across the Wi-Fi network IEEE r fast BSS transition allows fast roaming even while using advanced security methods, such as WPA2-Enterprise. Network measurement and management IEEE standards for radio resource measurement (802.11k) and wireless network management (802.11v) help optimize applications by managing radio network resources effectively. Security WPA2-Enterprise security must be supported by both AP and client devices. Battery life APs must support the WMM-Power Save mechanism. Support by client devices is optional. Certification involves performance measurements using four (802.11b) or ten (802.11a/g/n) concurrent simulated voice calls, a high-speed video stream, and background data traffic, designed to represent an enterprise wireless network environment. Testing is done while fast roaming transitions between APs are executed. Performance results must meet the following criteria: Packet loss must be less than 1% No more than three consecutive packets lost One-way delay less than 50 ms Maximum jitter less than 50 ms Enterprise WLAN vendors have introduced support for Voice-Enterprise certified fast secure roaming in newer code releases. For example, Cisco introduced support in Unified Wireless Network software version 7.2 and Aerohive introduced support in HiveOS version 6.0. This enables capable client devices, such as Apple ios 6.0 (and later), to roam within the 50 ms performance goal established by the Wi-Fi Alliance. For example, an Apple ipad can complete an FT roam on a WPA2-Enterprise WLAN, including pre-authentication and reassociation, within 8.5 ms (Figure 2). At this point the client has completed the roam and is able to send and receive data across the network through the new AP association. Figure 2 - Apple ipad Fast Transition across an Enterprise WLAN Note: A complete listing of Wi-Fi Alliance Voice-Enterprise certified products can be found at The Wi-Fi Alliance Voice-Enterprise certification includes parts of three separate IEEE amendments: 1. Fast BSS Transition (IEEE r) 2. Radio Resource Measurement (IEEE k) 3. Wireless Network Management (IEEE v) Wi-Fi Alliance Voice-Enterprise Certification Page 4

5 Fast BSS Transition (IEEE r) Revolution Wi-Fi The IEEE standardized fast roaming across an ESS with the r amendment, which was ratified in A Mobility Domain is comprised of a set of BSSs (APs) within the same Extended Service Set (ESS) that have been validated. Validated APs must be able to coordinate with each other in order to exchange client station details, including pairwise master key (PMK) encryption material, and perform pre-authentication of the client prior to the roam. Pre-authentication may occur over the air, where the client pre-authenticates directly with the target AP, or over the Distribution System (DS) where the client pre-authenticates with the target AP by sending frames through the current AP, which relays the communication exchange over the DS. Support for FT over the air is mandatory, while support for FT over the DS is optional. Note: The Distribution System (DS) is the backhaul network used to interconnect APs to the Local Area Network (LAN), typically an Ethernet or wireless Mesh network. The method of coordination between APs is not specified, but in practice is limited to APs that are under common administrative control and are configured within the same group. Some examples include: APs in Local mode across one or multiple controllers in the same Mobility Group in a Cisco UWN APs in FlexConnect mode within the same H-REAP Group in a Cisco UWN APs configured in a common Hive in an Aerohive WLAN Fast transition over the air works in the following manner (see Figures 3 through 5): 1. The client establishes an initial connection to the WLAN by associating to the first AP. 2. The initial authenticator facilitates a full 802.1X client authentication through a backend RADIUS server when WPA2-Enterprise is used, or both client and AP are pre-configured with a PSK when WPA2-Personal is used. The result of both methods is the establishment of a Master Session Key (MSK) from which a Pairwise Master Key (PMK) is obtained. The PMK obtained by the initial authenticator is called the PMK-R0 key and is used as seed material to derive unique PMK-R1 keys for all APs in the mobility domain. The PMK-R0 and PMK-R1 keys are unique for each client authenticated to the wireless network. Figure 3 - Fast Transition (FT) Initial Association in a Controller-Based WLAN Wi-Fi Alliance Voice-Enterprise Certification Page 5

6 3. The initial authenticator uses the PMK-R0 key material to derive a unique PMK-R1 for each AP within the mobility domain (including itself if the initial authenticator is an AP). The initial authenticator then distributes the PMK-R1 keys to the other APs (called R1 Key Holders, R1KH) using a secure channel (which is not defined by the IEEE 11r amendment). For instance, a Cisco controller distributes these keys through the CAPWAP control plane to connected APs and Aerohive APs distribute this information through Cooperative Control to all one-hop neighbor APs within the same Hive. In either scenario APs may be on the same Layer 2 subnet or across a Layer 3 boundary. Figure 4 - Fast Transition (FT) Initial Association in a Controllerless WLAN Note: IEEE r fast BSS transition supports both WPA2-Enterprise (802.1X) and WPA2- Personal (PSK) security methods. The Fast Transition key hierarchy is provided as a reference in the Appendix. 4. The access point and client perform the 4-Way Handshake to derive the Pairwise Transient Key (PTK) that will be used for data encryption. The established PMK-R1, along with exchanged MAC addresses, nonces (random numbers used only once) and message integrity checks (MIC), allow both stations to derive the same PTK in a cryptographically secure manner. At this point the client is allowed network access and may begin sending and receiving data. 5. Upon roaming to subsequent APs within the same mobility domain, the client presents a valid R1KH-ID and PMKID to the new AP inside authentication and reassociation request frames, indicating the identity of the initial authenticator. If accepted by the new AP, this allows the client to bypass 802.1X authentication and the 4-Way Handshake. Fast Transition roaming is quicker than pre-standard fast-roaming methods as well as Pre-Shared Key (PSK) roaming because the 4-Way Handshake is eliminated by embedding the PTK key derivation material (ANonce, SNonce, MIC) and GTK (group encryption key) within the Fast Transition Information Element (FTIE) inside the authentication and reassociation frames. Four frames are all that is required to re-establish a data path to the network for existing and new application sessions. 6. Application data flows resume, taking either a centralized forwarding or distributed forwarding path depending on the WLAN architecture and configuration. Wi-Fi Alliance Voice-Enterprise Certification Page 6

7 Figure 5 - Fast Transition Roam and Application Data Flow Resumption Information elements that are critical for Fast Transition roaming include the following: Mobility Domain Information Element (MDIE) - NEW Fast Transition Information Element (FTIE) NEW Robust Security Network (RSN) Information Element Modified The Mobility Domain Information Element (MDIE) identifies a set of basic service sets (BSSs), within the same extended service set (ESS), that support fast BSS transition between group members that are identified by the set s mobility domain identifier (MDID). Essentially, the MDIE identifies a group of access points operating within the same WLAN that support fast roaming by coordinating the distribution of key material between the APs. The MDIE is included in Beacons, Probe Responses, Authentication, Association Request/Response, and Reassociation Request/Response frames. An example MDIE is shown in Figure 6. Figure r Mobility Domain Information Element (MDIE) The MDIE includes a Mobility Domain ID (MDID), which uniquely identifies the mobility domain. This allows client stations to determine if fast secure roaming is available between the current AP it is associated to and another candidate AP without relying solely on the SSID name. If the MDID is the same, then both APs belong to the same WLAN and can coordinate fast roaming for the client. However, if the MDID is different the APs belong to separate WLANs and cannot coordinate fast roaming; this may occur with hotspots, for example. The MDIE also includes Fast Transition capability information. The FT Resource Request Protocol allows stations to request resource allocation from the AP prior to reassociation. Resources that may be requested include quality of service (QoS), block acknowledgment, or vendor specific resources. Fast BSS Transition over the DS (Distribution System) identifies support for client preauthentication to the target AP through the current AP across the DS. FT over the air (as previously described) is required, but FT over the DS is optional. Wi-Fi Alliance Voice-Enterprise Certification Page 7

8 The Fast Transition Information Element (FTIE) includes information needed to perform the FT authentication sequence during a fast BSS transition. This includes the PTK key derivation material (ANonce, SNonce, MIC) and GTK (group encryption key) that was previously required in non-ft roams through the separate 4-Way Handshake frame exchange. The FTIE is included in Authentication and Reassociation Request/Response frames. An example FTIE is shown in Figure 7. Figure r Fast Transition Information Element (FTIE) The Robust Security Network (RSN) Information Element (RSN IE) defines the authentication and key management (AKM) and encryption suites in operation in the BSS. Authentication types include 802.1X and PSK; encryption types include AES-CCMP and TKIP. The RSN IE is a structured list of supported authentication and encryption suites supported in the BSS. Support for multiple AKM or encryption suites is allowed. For example, during a transitional period an organization may configure the WLAN to support both TKIP and AES-CCMP encryption suites concurrently. The RSN IE has been extended for Fast Transition to include two new authentication and key management (AKM) suites: 1. Fast Transition authentication and key management using IEEE 802.1X 2. Fast Transition authentication and key management using Pre-Shared Key (PSK) Multiple AKM suites may be supported simultaneously, which allows clients with and without Fast Transition capability to connect to the same BSS. This provides backwards compatibility and allows coexistence of multiple client types of varying capabilities on the same network. For example, a BSS may simultaneously support 802.1X authentication for clients that do not support Fast Transition, as well as Fast Transition using 802.1X for clients that are FT-capable. Clients also indicate the desire to use a cached PMK by embedding the PMKID within the RSN IE. An example of the RSN IE is shown in Figure 8. Figure 8 - Robust Security Network Information Element (RSN IE) Wi-Fi Alliance Voice-Enterprise Certification Page 8

9 Client devices that do not support IEEE r can still associate to an AP that has Fast Transition enabled for the BSS. However, be aware that some existing client drivers are unable to parse the RSN IE when it includes the additional Fast Transition AKM suites and will fail to associate to the WLAN. Until manufacturers of incompatible devices update client drivers to support the additional AKM suites they will be unable to join any SSID that has Fast Transition enabled. It is recommended to test client devices for compatibility with Fast Transition prior to enabling it on any SSID to ensure they are able to successfully associate to the network, even if they don t support FT roaming. If incompatible clients are found, you should consider separating FT capable clients from incompatible clients on different SSIDs or waiting for client manufacturer driver updates before enabling FT on a shared SSID. Note: The reliance of r on the RSN IE restricts Voice-Enterprise support to WPA2 secured networks. Pre-standard WPA secured networks do not include the RSN IE and do not support Fast Transition authentication and key management methods. Radio Resource Measurement (IEEE k) The IEEE k amendment on radio resource measurement defines methods for information exchange about the RF environment between APs and client stations. The goal is to enable the client stations to understand the radio environment in which they exist so that they have more information to make correct decisions about roaming and performance. Stations can take radio measurements locally, request measurement by other stations, or have measurement requested of them and return the results. The IEEE k amendment was ratified in The following types of measurements are defined in the IEEE standard: Beacon - The beacon request/report pair enables a STA to request from another STA a list of APs it can receive on a specified channel or channels. This measurement may be done by active scan, passive scan, or beacon table (stored data) modes. Frame The frame request/report pair returns a picture of all the channel traffic and a count of all the frames received at the measuring STA. For each unique Transmitter Address, the STA reports the Transmitter Address, number of frames received from this transmitter, average power level (RCPI) for these frames, and BSSID of the transmitter. Channel Load The channel load request/report pair returns the channel utilization measurement as observed by the measuring STA. Noise Histogram The noise histogram request/report pair returns a power histogram measurement of non-ieee noise power by sampling the channel when virtual carrier sense indicates idle and the STA is neither transmitting nor receiving a frame. STA Statistics The STA statistics request/report pair returns groups of values for STA counters and for BSS Average Access Delay. The STA counter group values include: transmitted fragment counts, multicast transmitted frame counts, failed counts, retry counts, multiple retry counts, frame duplicate counts, Request to Send (RTS) success counts, RTS failure counts, Acknowledgement (ACK) failure counts, received fragment counts, multicast received frame counts, FCS error counts, and transmitted frame counts. BSS Average Access Delay group values include: AP average access delay, average access delay for each access category, associated STA count, and channel utilization. Wi-Fi Alliance Voice-Enterprise Certification Page 9

10 Location Configuration Information (LCI) The Location request/report pair returns a requested location in terms of latitude, longitude, and altitude. It includes types of altitude such as floors and permits various reporting resolutions. The requested location may be the location of the requestor (e.g., Where am I?) or the location of the reporting STA (e.g., Where are you?). Neighbor Report The neighbor report request is sent to an AP, which returns a neighbor report containing information about known neighbor APs that are candidates for a service set transition. This request/report pair enables a STA to gain information about the neighbors of the associated AP to be used as potential roaming candidates. Link Measurement The link measurement request/report exchange provides measurements of the RF characteristics of a STA to STA link. This measurement indicates the instantaneous quality of a link. Transmit Stream / Category Measurement The Transmit Stream / Category measurement is a request/report pair that enables a QoS STA to inquire of a peer QoS STA the condition of an ongoing traffic stream link between them. The Transmit Stream/Category Measurement Report provides the transmit-side performance metrics for the measured traffic stream. Trigger conditions included in the measurement request may initiate triggered measurement reports upon detection of the trigger condition. Measurement Pause (request only) The measurement pause request is defined, but no report comes back from this request. The measurement pause permits the inclusion of a quantified delay between the execution of individual measurements that are provided in a series within a measurement request frame. Measurement Pilot (report only) The Measurement Pilot frame is a compact Action frame transmitted periodically by an AP at a small interval relative to a Beacon Interval. The Measurement Pilot frame provides a subset of the information provided in a Beacon frame, is smaller than a Beacon, and is transmitted more often than a Beacon. The purpose of the Measurement Pilot frame is to assist a STA with scanning. Note: Beacon, Neighbor Report, and Link Measurement (client devices only) capabilities must be supported for Voice-Enterprise certification of AP and client devices. The Neighbor Report measurement aids the fast roaming process by providing a mechanism for the client to request an AP to measure and report the neighboring APs available within the same mobility domain. This can speed up the client scanning process by informing the client device of nearby APs to which it may roam. The neighbor report information includes several pieces of operational information about each neighbor, such as: BSSID Reachability for pre-authentication Security policy Capabilities: o Quality of Service o APSD (power-save) o Radio Measurement o BlockAck o Spectrum management Regulatory Class Channel Number PHY type (802.11a/b/g/n) Figure k Neighbor Report Request Wi-Fi Alliance Voice-Enterprise Certification Page 10

11 The neighbor report typically occurs through a two-part frame request/report exchange carried within Management Action Frames, but it may also occur in probe request/response exchanges as well. An example neighbor report request and response is highlighted below, with the client requesting the neighbor report and the access point responding. In the neighbor report request (Figure 9) a category code of 5 (Radio Measurement) and an action code of 4 (Neighbor Report Request) is used. The client has requested a list of neighbors for the Corp_WLAN SSID. In the neighbor report response (Figure 10) a category code of 5 (Radio Measurement) and an action code of 5 (Neighbor Report Response) is used. Inside the tagged parameters lies the neighbor report details, which contains an element for each neighboring AP within the same Mobility Domain and details about the AP such as it's BSSID and channel number. In this case, there is one neighboring AP with BSSID "08:ea:44:78:14:28" and it is operating on channel 161. Figure k Neighbor Report Response Wireless Network Management (IEEE v) The IEEE v amendment defines wireless network management (WNM) methods for stations to exchange information for the purpose of improving overall performance of the wireless network. Whereas k is concerned with the radio environment, v expands it to include broader operational data surrounding existing network conditions allowing stations to be more cognizant of the topology and state of the network. The IEEE v amendment was ratified in There are a multitude of WNM services defined, which include: BSS Max Idle Period Management BSS Transition Management Channel Usage Collocated Interference Reporting Diagnostic Reporting Directed Multicast Service (DMS) Flexible Multicast Service (FMS) Multicast Diagnostic Reporting Event Reporting Location Services Multiple BSSID Capability Proxy ARP QoS Traffic Capability SSID List Triggered STA Statistics TIM Broadcast Timing Measurement Traffic Filtering Service U-APSD Coexistence WNM-Notification WNM-Sleep Mode Wi-Fi Alliance Voice-Enterprise Certification Page 11

12 The BSS Transition Management capability is of interest regarding fast roaming, whereby an AP can request a client to roam to another specified AP or list of preferred candidate APs for better performance or capacity reasons. Note: WNM services are not required for Voice-Enterprise certification. However, testing is performed during the certification process for the BSS Transition Management service capabilities of both APs and clients. Summary Many enterprise WLAN products now include support for fast secure roaming through the industry standard Wi-Fi Alliance Voice-Enterprise certification. The certification program also includes tests for several of the most important radio resource measurements and wireless network management services, including neighbor reports and BSS transition management services. Voice-Enterprise enables organizations to support real-time multimedia applications such as voice and video, vertical industry solutions such as high-speed mobile devices in manufacturing and distribution, automated warehousing, robotics, and medical instrumentation, without compromising security for performance. Although client devices that do not support IEEE r can associate to a BSS with Fast Transition enabled, some client device drivers have been found to be incompatible and are unable to parse the modified RSN Information Element. Therefore, it is highly recommended to test all clients for compatibility prior to enabling Voice-Enterprise or IEEE r on an SSID. If incompatible clients are found, separate FT capable clients from incompatible clients on different SSIDs or obtain updated client device drivers that properly parse the RSN IE for the incompatible clients from device manufacturers. Wi-Fi Alliance Voice-Enterprise Certification Page 12

13 Appendix Fast Transition Key Hierarchy Revolution Wi-Fi Wi-Fi Alliance Voice-Enterprise Certification Page 13