802.11w Tutorial


The new 802.11 security protocol called 802.11w was recently ratified.  Check this  802.11w-Tutorial to know how it works and what it means for your WLAN.


K N Gopinath (Gopi) has more than a decade of experience that spans across multiple domains – systems, networks and security. His core competencies include technology innovation, product engineering and team building. As the Director of Engineering at AirTight, he drives the delivery of the wireless security products in a fast paced and highly dynamic environment. Gopi has several patents and technical publications to his credit.


  1. Hiro Protagonist says

    So how would your solution wirelessly block a rogue AP that was using 802.11w?

    It appears that by introducing a new patch to a hole in the 802.11 protocol the IEEE has created a new hole.

  2. KNG says

    WIPS systems need to rely on a combination of wired and wireless side defenses to protect against rogue APs. Deauthentication is just one example of wireless side defense – other techniques based on packets not protected by .11w can help preventing such rogues.

  3. Shailesh Gupta says

    802.11w Standrad also talks about SA Query Action Frames.
    Does your product supports that feature also.
    Can you elaborate it a bit how it works..

  4. Gopinath says

    SA query procedures have been introduced to prevent certain DoS attacks that were possible on certain earlier drafts of 802.11w. Specifically, an attacker could transmit a fake assoc request (which is not a protected MF) and cause an AP to disonnect a client. An AP needs to do this to accomodate stations that may want to genuinely reconnect (e.g., due to reboot).

    Such attacks can be prevented by using SA query procedures. According to the standard, on receiving such a fake packet, an AP will not disonnect a client immediately. Instead, it engages in a dialogue to see if the actual client can confirm that it has actually lost the association credentials. The AP actually waits for a timeout before which it resets its previous state, after which, the standard 802.11 auth/assoc procedures are allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *