Overview of the Services

Nine services are specified by IEEE 802.11. Six of them are used to support MSDU delivery between STAs, and three are used to control IEEE 802.11 LAN access and confidentiality. This subsection defines the services, with an overview of how each service is used and a description of how each relates to other services and the 802.11 architecture. The services are presented in an order designed to help build an understanding of the operation of an IEEE 802.11 ESS network. As a result, the SSs and DSSs are intermixed in order (rather than being grouped by category). Each of the services is supported by one or more MAC frame types. Some of the services are supported by MAC management messages and some by MAC data messages. All of the messages gain access to the WM via the IEEE 802.11 MAC sublayer medium access method.

The IEEE 802.11 MAC sublayer uses three types of messages — data, management, and control. The data messages are handled via the MAC data service path.

MAC management messages are used to support the IEEE 802.11 services and are handled via the MAC management service data path. MAC control messages are used to support the delivery of IEEE 802.11 data and management messages. The examples here assume an ESS network environment.

Distribution of Messages within a DS

Distribution  This is the primary service used by IEEE 802.11 STAs. It is conceptually invoked by every data message to or from an IEEE 802.11 STA operating in an ESS (when the frame is sent via the DS). Distribution is via a DSS. Refer to the ESS network in Figure 5-6 and consider a data message being sent from STA 1 to STA 4. The message is sent from STA 1 and received by STA 2 (the input AP). The AP gives the message to the distribution service of the DS. It is the job of the distribution service to deliver the message within the DS in such a way that it arrives at the appropriate DS destination for the intended recipient. In this example, the message is distributed to STA 3 (the output AP) and STA 3 accesses the WM to send the message to STA 4 (the intended destination). The specification does not determine how the message is distributed within the DS. All IEEE 802.11 is required to do is to provide the DS with enough information for the DS to be able to determine the output point that corresponds to the desired recipient. The necessary information is provided to the DS by the three association-related services (association, reassociation, and disassociation).

The previous example was a case in which the AP that invoked the distribution service was different from the AP that received the distributed message. If the message had been intended for a station that was a member of the same BSS as the sending station, then the input and output APs for the message would have been the same.

In both examples, the distribution service was logically invoked. Whether the message actually had to traverse the physical DSM or not is a DS implementation matter and is not specified by the 802.11 standard.

Although IEEE 802.11 does not specify DS implementations, it does recognize and support the use of the WM as the DSM. This is specifically supported by the IEEE 802.11 frame formats.

Integration  If the distribution service determines that the intended recipient of a message is a member of an integrated LAN, the output point of the DS would be a portal instead of an AP. Messages that are distributed to a portal cause the DS to invoke the Integration function (conceptually after the distribution service). The Integration function is responsible for accomplishing whatever is needed to deliver a message from the DSM to the integrated LAN media (including any required media or address space translations). Integration is a DSS. Messages received from an integrated LAN (via a portal) by the DS for an IEEE 802.11 STA will invoke the Integration function before the message is distributed by the distribution service. The details of an Integration function are dependent on a specific DS implementation and are outside the scope of the 802.11 standard.

Services That Support the Distribution Service

The primary purpose of a MAC sublayer is to transfer MSDUs between MAC sublayer entities. The information required for the distribution service to operate is provided by the association services. Before a data message can be handled by the distribution service, an STA will be associated. To understand the concept of association, it is necessary first to understand the concept of mobility.

Mobility Types  The three transition types of significance to the 802.11 standard that describe the mobility of stations within a network are as follows:

• No-transition  In this type, two subclasses that are usually indistinguishable are identified:

  • Static  No motion.

  • Local movement  Movement within the PHY range of the communicating STAs (that is, movement within a basic service area [BSA]).

• BSS-transition  This type is defined as a station movement from one BSS in one ESS to another BSS within the same ESS.

• ESS-transition  This type is defined as station movement from a BSS in one ESS to a BSS in a different ESS. This case is supported only in the sense that the STA may move. 802.11 cannot guarantee maintenance of upper-layer connections; in fact, disruption of service is likely.

The different association services support the different categories of mobility.

Association  To deliver a message within a DS, the distribution service needs to know which AP to access for the given IEEE 802.11 STA. This information is provided to the DS by the concept of association. Association is necessary, but not sufficient, to support BSS-transition mobility. Association is sufficient to support no-transition mobility. Association is a DSS. Before an STA is allowed to send a data message via an AP, it will first become associated with the AP. The act of becoming associated invokes the association service, which provides the STA-to-AP mapping to the DS. The DS uses this information to accomplish its message distribution service.

How the information provided by the association service is stored and managed within the DS is not specified by the standard. At any given instant, an STA may be associated with no more than one AP. This ensures that the DS may determine a unique answer to the question, “Which AP is serving STA X?” Once an association is completed, an STA may make full use of a DS (via the AP) to communicate. Association is always initiated by the mobile STA, not the AP. An AP may be associated with many STAs at one time. An STA learns what APs are present and then requests to establish an association by invoking the association service.

Reassociation  Association is sufficient for no-transition message delivery between IEEE 802.11 stations. Additional functionality is needed to support BSS-transition mobility. The additional required functionality is provided by the reassociation service. Reassociation is a DSS. The reassociation service is invoked to move a current association from one AP to another. This keeps the DS informed of the current mapping between AP and STA as the station moves from BSS to BSS within an ESS. Reassociation also enables changing association attributes of an established association, while the STA remains associated with the same AP. It is always initiated by the mobile STA.

Disassociation  The disassociation service is invoked whenever an existing association is to be terminated. Disassociation is a DSS. In an ESS, this tells the DS to void existing association information. Attempts to send messages via the DS to a disassociated STA will be unsuccessful. The disassociation service may be invoked by either party to an association (non-AP STA or AP). Disassociation is a notification, not a request. Disassociation cannot be refused by either party to the association. APs may need to disassociate STAs to enable the AP to be removed from a network for service or for other reasons. STAs will attempt to disassociate whenever they leave a network. However, the MAC protocol does not depend on STAs invoking the disassociation service. (MAC management is designed to accommodate loss of an associated STA.)

Access and Confidentiality Control Services

Two services are required for IEEE 802.11 to provide functionality equivalent to that inherent in wired LANs. The design of wired LANs assumes the physical attributes of wire. In particular, wired LAN design assumes the physically closed and controlled nature of wired media. The physically open medium nature of an IEEE 802.11 LAN violates those assumptions. Two services are provided to bring the IEEE 802.11 functionality in line with wired LAN assumptions: authentication and privacy. Authentication is used instead of the wired media physical connection. Privacy is used to provide the confidential aspects of closed wired media.

Authentication  In wired LANs, physical security can be used to prevent unauthorized access by non-LAN resident parties. This is impractical in WLANs since they have a medium without precise bounds. IEEE 802.11 provides the ability to control LAN access via the authentication service. This service is used by all stations to establish their identity to stations with which they will communicate. This is true for both ESS and IBSS networks. If a mutually acceptable level of authentication has not been established between two stations, an association will not be established. Authentication is an SS. IEEE 802.11 supports several authentication processes. The IEEE 802.11 authentication mechanism also allows the expansion of the supported authentication schemes. IEEE 802.11 does not mandate the use of any particular authentication scheme. IEEE 802.11 provides link-level authentication between IEEE 802.11 STAs. IEEE 802.11 does not provide either end-to-end (message-origin-to-message-destination) or user-to-user authentication. IEEE 802.11 authentication is used simply to bring the wireless link up to the assumed physical standards of a wired link. (This use of authentication is independent of any authentication process that may be used in higher levels of a network protocol stack.) If authentication other than that described here is desired, it is recommended that IEEE Std 802.10-1992 be implemented.^[3] If desired, an IEEE 802.11 network may be operated using open system authentication. This may violate implicit assumptions made by higher network layers. In an open system, any station may become authenticated. IEEE 802.11 also supports shared key authentication. Use of this authentication mechanism requires the implementation of the Wired Equivalent Privacy (WEP) option. In a shared key authentication system, identity is demonstrated by knowledge of a shared secret, the WEP encryption key. MIB functions are provided to support the standardized authentication schemes. IEEE 802.11 requires mutually acceptable, successful authentication. An STA may be authenticated with many other STAs at any given instant.

Preauthentication  Because the authentication process could be time consuming (depending on the authentication protocol in use), the authentication service can be invoked independently of the association service. Preauthentication is typically done by an STA while it is already associated with an AP (with which it previously authenticated). IEEE 802.11 does not require that STAs preauthenticate with APs. However, authentication is required before an association can be established. If the authentication is left until reassociation time, this may impact the speed with which an STA can reassociate between APs, limiting BSS-transition mobility performance. The use of preauthentication takes the authentication service overhead out of the time-critical reassociation process.

Deauthentication  The deauthentication service is invoked whenever an existing authentication is to be terminated. Deauthentication is an SS. In an ESS, since authentication is a prerequisite for association, the act of deauthentication will cause the station to be disassociated. The service may be invoked by either authenticated party (non-AP STA or AP). Deauthentication is not a request; it is a notification that cannot be refused by either party. When an AP sends a deauthentication notice to an associated STA, the association will also be terminated.

Privacy  In a wired LAN, only those stations physically connected to the wire may hear LAN traffic. With a wireless shared medium, this is not the case. Any IEEE-802.11-compliant STA may hear all like-PHY IEEE 802.11 traffic that is within range. Thus, the connection of a single wireless link (without privacy) to an existing wired LAN may seriously degrade the security level of the wired LAN. To bring the functionality of the WLAN up to the level implicit in wired LAN design, IEEE 802.11 provides the ability to encrypt the contents of messages. This functionality is provided by the privacy service. Privacy is an SS for which 802.11 specifies an optional privacy algorithm, WEP, designed to satisfy the goal of wired-LAN-equivalent privacy. The algorithm is not, in other words, designed for complete security.

IEEE 802.11 uses the WEP mechanism to perform the actual encryption of messages. We have made reference to WEP in previous chapters. MIB functions are provided to support WEP. Note that privacy may only be invoked for data frames and some authentication management frames. All stations initially start in the clear in order to set up the authentication and privacy services. The default privacy state for all IEEE 802.11 STAs is in the clear. If the privacy service is not invoked, all messages will be sent unencrypted. If this default is not acceptable to one party or the other, data frames will not be successfully communicated between the LLC entities. Unencrypted data frames received at a station configured for mandatory privacy, as well as encrypted data frames using a key not available at the receiving station, are discarded without an indication to LLC (or without indication to distribution services in the case of “To DS” frames received at an AP). These frames are acknowledged on the WM (if received without frame check sequence [FCS] error) to avoid wasting WM bandwidth on retries.

^[3]IEEE 802.1X is now also applicable.