Decoding Deauthentication January 25, 2010
Posted by Devin Akin in : Uncategorized , 2commentsBecause the boys and girls at IEEE have done such an astounding job on the 802.11 standard, I’m certainly going to mention that this is their fine work. Below is an excerpt from 802.11-2007 (copyright IEEE).
————————
5.4.3.2 Deauthentication
The deauthentication service is invoked when an existing Open System or Shared Key authentication is to be terminated. Deauthentication is an SS.
In an ESS, because authentication is a prerequisite for association, the act of deauthentication shall cause the STA to be disassociated. The deauthentication service may be invoked by either authenticated party (non-AP STA or AP). Deauthentication is not a request; it is a notification. Deauthentication shall not be refused by either party. When an AP sends a deauthentication notice to an associated STA, the association shall also be terminated.
In an RSN ESS, Open System authentication is required. In an RSN ESS, deauthentication results in termination of any association for the deauthenticated STA. It also results in the IEEE 802.1X Controlled Port for that STA being disabled and deletes the pairwise transient key security association (PTKSA). The deauthentication notification is provided to IEEE Std 802.1X-2004 via the MAC layer.
In an RSNA, deauthentication also destroys any related PTKSA, group temporal key security association (GTKSA), station-to-station link (STSL) master key security association (SMKSA), and STSL transient key security association (STKSA) that exist in the STA and closes the associated IEEE 802.1X Controlled Port.
If pairwise master key (PMK) caching is not enabled, deauthentication also destroys the pairwise master key security association (PMKSA) from which the deleted PTKSA was derived.
In an RSN IBSS, Open System authentication is optional, but a STA is required to recognize Deauthentication frames. Deauthentication results in the IEEE 802.1X Controlled Port for that STA being disabled and deletes the PTKSA.
————————
Just as a point of fact, next to the Bible, the 802.11 standard (with amendments) is my favorite book. Who would’ve thought that the 802.11 standard had groupies like me. 
Anyway, back to the topic at hand…. The reason I copied this small section into this blog is that there’s no point in trying to recreate something that’s already practically perfect…if not completely perfect. In GA, we call that “reinventing the wheel.” These guys said it better than I could have, so we’ll use their text to talk about this week’s topic: deauthentication (deauth).
What a deauth does (recap, in plain Geeky English)
1) breaks the 802.11 authentication and association
2) closes the “controlled port” for 802.1X/EAP authenticated clients
3) deletes the PTKSA and GTKSA (meaning the PTK which were formed during the 4-Way Handshake is now invalid)
4) deletes the PMKSA unless PMK caching isn’t enabled
It’s #4 that I’m most interested in talking about. Regardless of architecture (controller-based or controller-less), most vendors have the ability for the PMKSA to be cached. This means that when an 802.1X/EAP client roams, the PMK is still used for the next authentication. Today’s de facto standard fast/secure roaming algorithm, called Opportunistic Key Caching (OKC), has the AP to which the client is associated forwarding the PMK to either a controller or other APs directly, where it’s used to create a new PMKID which the client can use for roaming to new APs. It works well, and the Wi-Fi Alliance’s Voice-Enterprise certification will pull components from 802.11r, k, & v to enhance and standardize this process.
So to recap, deauth frames break PTKSAs (on the current AP and client) but allow PMKs to live on for reuse at other APs. Obviously this isn’t a top-of-mind subject, but when you’re constantly designing stuff, you run into weirld little nuances like this that can catch you off-guard. Obviously I’m not as advanced in 802.11 protocol and system design as our top hardware and software engineers, but in striving to reach their level of uber-geekiness, I stumble across little protocol nuggets like this that I can share.
As my good friend Criss likes to say: hope this helps.
/Devinator
It’s All About The People January 18, 2010
Posted by Devin Akin in : Uncategorized , 3commentsBefore I start, here’s the disclaimer: The opinions expressed in this blog post are mine and mine alone and do not necessarily represent anyone other than me. I work for ‘the man’ now, and I write this blog knowing full-well that my mouth may get me in trouble because of some “between the lines” thing I implied (or didn’t), something I said (or didn’t), or someone I offended (unknowingly). You can’t please everyone…so, if my LinkedIn status suddenly changes to “Will work for food” and this blog post suddenly disappears, you’ll know why. Here goes…
I’ve worked in a many companies in my time, and I’ve heard all kinds of answers to the question, “What’s the most important thing the company has?” I’ve heard:
1. Customer base
2. Intellectual property
3. Market share
4. Management team
5. Investors
6. Cash in the bank
…and others, depending on the most pressing issue of the day.
/Soap Box – Start
Being both passionate and opinionated, I say that the most important thing a company has is its people (employees, volunteers, people volunteering to work for $1/year, and all the others). Why do I think that? Perhaps a series of questions will help answer that question.
* Who found and landed the customers?
* Who puts in long hours to make sure that customers stay happy?
* Who creates the intellectual property owned by the company?
* Who works their butts off to make the company all of that cash?
If one employee leaves, it’s another employee who picks up the ball and runs with it, no? This “people are the most important thing” fact applies to the CEO and the shipping clerk alike. It’s people who make the world turn, and without people there is no company. Sometimes, I think that everyone (regardless of their role within a company) forgets this.
/Soap Box – End
/Cool Stuff – Start
Lest you think that I’m “pointing my guns” at Aerohive, it’s quite the opposite. Aerohive puts people first, knowing that everything else will fall into place if you do. Dave regularly meets with everyone, regularly (and out of the blue) calls people, and department heads here genuinely care about their people. I’ve even seen some department heads (VPs) show outright compassion and concern for folks who aren’t even in their department.
As a quick side note, I just have to tell you that people at Aerohive even call their managers to make sure THEY’RE OK. When is the last time you saw someone check to make sure their manager was OK? I’ve seen people get raises without asking for them. I’ve seen people be incredibly encouraging to each other. I’ve seen people in one department praise someone in another department to “just the right person” that causes the praiseworthy person to get promoted. There’s some love going on around here. Neat, eh?
/Cool Stuff – End
/Advice (and Rants) – Start
This section is a mash-up of topics (by paragraph) that I feel led to talk about. These have nothing to do with Aerohive, but are rather my personal thoughts. There’s no rhyme or reason to the order. It’s just me spewing some solid advice (according to my own experience and sense of importance) that isn’t technical, isn’t company-related, and just have to do with me being me.
Because of the dynamic and multi-faceted nature of any ‘real’ company, there will be peaks and valleys. Luckily I don’t have to argue that point because the recent economic melt-down just strongly proved my point. During most of that time, most of us were very lucky to even have a job at all – any job. If you were making anything akin to 6 figures during that time, you should be insanely grateful to someone. Over the last 2 years, many people have been “stuck” in their jobs because of layoffs, flat growth, or any number of other reasons. Yes, I know you get tired of doing the “same old thing for the same old money”, but you could be much, much worse off. I konw at least a 1,000 people who would trade with you in 4.3 seconds (exactly). Be thankful.
You know how you sometimes get “stuck” in a position you don’t necessarily care for? I’ve been there more times than I care to admit. Fun? No. However, if you find yourself thrashing about like a caged tiger looking for an exit, consider the long-term rather than the short term. Have you ever heard those stories about the IBM mail room clerk becoming CEO after 30 years? How do you figure that happened? He starts in the mail room, then becomes the mail room manager because he knows how to do all of the jobs in the mail room better than anyone else. It’s call experience. Then, he may ask to be moved to tech support, asking for an opportunity to prove himself. Again, he learns to do all of the jobs there, until someone wises up and promotes him to manager. This cycle progresses through sales, marketing, operations, support, and more…until…he is the most experienced and knowledgeable person in the company. Who better to lead the company to success than this guy? Ever read the Bible story of Joseph? I highly recommend it. If you don’t like your current job, do it to the best of your ability, learn all you can, and move on to the next thing when the opportunity is there. I’m sure that sounds like “just common sense”, but you’d be surprised how hard it is to follow that advice. Follow this advice, and someday soon, it’ll be you in that VP’s chair. Don’t believe me? Ask a VP how he got his/her job. Be diligent.
Something related to the previous rant is a since of ownership. That is, treating the company like you own all of it – like it’s, “your baby.” You know what I’m talking about. Treat it as if you founded it, as if you knew every financial detail, as if you understood full-well why every employee was hired, as if every penny spent on anything was coming out of your checking account, and all of the rest. We’re talking about, “this company lives or dies by your hand.” Now that you know what I mean by “a sense of ownership”, I would like to say that every employee needs and should have this. Working at a company is a handshake deal between you and your employer whereby you agree to display a sense of ownership in everything you do, and your employer agrees to pay you for it. Compensation (often referred to as just “comp”) may be a mash-up of stock options, salary, benefits, and a variety of other things – each designed to give you a sense of ownership. Employers should always strive to address comp issues before an employee feels that there’s a problem, looking to fairly compensate employees. Employees, in turn, should (as part of that sense of ownership) consider that they are part of a team and that there is only so much money to go around. They should only ask for what’s fair and not try to strain the company to the breaking point. If it were (and since it is) YOUR company, how would you handle comp with employees given the opportunity? Are you fairly paid or over-paid? Only you can answer that, but you should answer that question – honestly. Do you bring the company more money than your paid? Are you sure? Take ownership.
Companies should realize that one experienced employee is worth more than one inexperienced employee. Sometimes that ratio may be 3:1, depending on the person and the job. Obviously there’s a limit to what a company can pay a person, regardless of position, but generally speaking (because there are always exceptions), a company is shooting itself in the foot to let a senior level (experienced and adept at their job) person walk out the door. A company is its people, and if you’re people are inexperienced and untrained, you’re going to suffer for it. Value people.
/Advice (and Rants) – End
That’s enough for one blog. I’ve never blogged on that topic before, but for some odd reason, I just felt strongly led to spew all of that this week. People are the most important thing, and nobody will ever convince me otherwise.
Try not. Do. Or do not. There is no try. — Yoda January 11, 2010
Posted by Devin Akin in : Uncategorized , add a commentHow could anyone possibly say it better than Yoda?
What poked me to write this blog is the stark contrast between our Support Jedi Master Kobie and the hopelessly careless (or should I spell it out as ‘could care less’…) tech support at AT&T’s ADSL department.
Kobie stalks it, kills it, bags it, and brings it home in an organized binder.
By way of contrast… AT&T runs a line check, says everything is fine, has you run a speedtest against the SpeakEasy website, and then blames it on your internal house wiring when it doesn’t pass muster.
Nevermind that the connection has been perfect for 3 months, and nevermind that you’ve had an AT&T employee install Cat5e cable from your router’s RJ-11 port directly to the NID. No call to engineering to check on routing problems (like a router failure that over-subscribes its counterparts). No call to have someone check over-subscription of the DSLAM. Just blame the wiring and move on. Is it too much to ask for a support guy to want to figure out the problem rather than just following a support script? Their processes pretty much ASSURE poor customer service a significant portion of the time.
I believe that a large part of the recipe for success in support is hiring people who care, who want to learn, who want to be great at their job, and who won’t stop until they fix your problem. It’s about WANT TO. Kobie is a great engineer because he WANTS to be a great engineer.
Kobie reading from a script would be a good April Fools day joke.
So, like Yoda, adopting an attitude of, “Try not. Do. Or do not. There is no try.” will catapult you from ‘job doer’ to ‘industry professional.’ Why does this matter?
Have you ever heard…
“We don’t have any budget for that.”
Did this make you want to figure out how to do it anyway (without a budget) or did you just stop right there, whining that you could get your job done if you had resources?
Have you ever heard…
“That’s not your concern, so stop thinking about that and get back to work.”
Did this make you study to become something you’re not or did you go home and complain to your spouse and friends that life isn’t fair?
Failure is not an option, and whining is not an option. Doing is the ONLY option.
SO WHAT if you don’t hit the bullseye, and SO WHAT if you’re not perfect (or even the best).
If you have an ounce of WANT TO, then DO. Or do not.
Transmit Beamforming (TxBF) January 4, 2010
Posted by Devin Akin in : Uncategorized , 2commentsFor those engineers working in product management at Wi-Fi manufacturers, TxBF is a well-understood technology. For normal people (i.e. the rest of us), it can be a confusing thing. There are multiple technologies that get lumped together under the TxBF moniker. There are several types of TxBF, and I’d like to briefly (because this is a blog, not a whitepaper) describe each type for the purpose of clarification.
The purpose of TxBF is to raise the SNR at receiver for the purpose increased data rates and decreased retransmissions. This can be done in a variety of ways.
There are two general types of TxBF: open loop and closed loop. Open loop means that the transmitter has limited feedback to work with and is therefore essentially forced to estimate where the receiver is located. Closed loop means that accuracy of transmissions is improved by opening a feedback channel between the transmitter and receiver so that the receiver can provide direct and specific feedback on how well it is receiving signals.
Standard-based (802.11n) Beamforming (Explicit Feedback) - The 802.11n amendment actually specifies 3 sub-types of Explicit beamforming: compressed, uncompressed, and CSI (channel state information). CSI likely won’t be implemented. In compressed and uncompressed explicit feedback, the receiver computes a steering matrix and sends it to the transmitter, which uses it to configure the phases of the transmit chains on per-frame basis. This requires that both the transmitter and receiver understand and operate using the same TxBF protocol.
Standard-based (802.11n) Beamforming (Implicit Feedback) – The transmitter assumes that the channel is reciprocal (the same in both directions) and creates the steering matrix by tracking incoming training symbols. Implicit TxBF’s primary advantages over explicit TxBF methods are that it places only a small load on the receiver and imposes minimal transmission overhead. The primary disadvantage of implicit TxBF is that the transmitter needs to calibrate the differences between the transmit and receive chains, and the calibration process is completed using feedback from the receiver.
An advantage of 802.11n TxBF is that it’s standards-based, meaning that TxBF capable equipment will work with any other interoperability-certified (read: Wi-Fi Alliance) TxBF capable equipment. Another advantage is that it allows the transmitters to continue using an omni-directional RF pattern, which prevents hidden node problems. The disadvantage is that there won’t be an 802.11n TxBF-capable, Wi-Fi Alliance certified piece of equipment on the market for quite some time to come. Several chipset vendors will soon release chipsets that support 802.11n TxBF, but even after these chipsets are released into the market, it will still be a significant amount of time before that translates into interoperability-certified devices available for sale.
Discrete Beamforming – Composed of an antenna array that is capable of a static number of pre-defined beam patterns and a CPU that intelligently selects from the table of possible beam patterns for each transmitted frame (e.g. Ruckus Wireless).
Discrete beamforming is markedly different than 802.11n beamforming, which is considered a type of “Linear” beamforming because it can form an almost infinite number of phase differentials between its transmit chains in order to aim the transmission at a client that is located in almost any point in space around the transmitter.
An advantage of Discrete Beamforming is that it focuses the AP’s transmit beam in a specific direction, which has the desirable effects of:
1) high gain in the intended direction
2) interference mitigation in the unintended directions
3) minimal client participation (nothing beyond the 802.11 standard) is required
4) fast-moving clients will generally stay within the beam pattern.
Ruckus’s array in particular, on indoor AP models, yields the approximate equivalent of a 6dBi antenna in 2.4 GHz, which is quite nice. The disadvantage of this approach is that clients that are already predisposed to being sticky become very sticky and this approach to beamforming can produce significant hidden node issues, depending on how it is deployed and the client density of a cell or deployment as a whole.
An array of directional antennas - a cohesive set of directional antennas forming an array with a circular or spherical pattern when viewed as a whole (e.g. Xirrus).
With an array of directional antennas, each radio device is serving a smaller physical area, and there may be several radios, so capacity of a single physical array is significantly higher than a single- or dual-radio AP. Disadvantages are that the array is big, expensive (in comparison to a single AP of course), and may be difficult to deploy in desirable locations (which may lead to sub-optimal coverage). Additionally, having radios at such close range may cause inter-radio interference, and when array goes down, a large coverage area experiences an outage.
At this point, there’s no perfect solution, and even when the standards-based solution arrives, it’ll be immature, requiring some amount of vetting and adjustment before living up to its hype. I’ve heard my good friend Joe Epstein say the approximate of, “Why would you need beamforming when you could just turn up the power to get the same effect?” In today’s systems, that may cause some link balance issues with clients unless you have some fairly high-gain antennas (for the purpose of receive sensitivity) on your AP, but I get what he’s saying.
