HomePlug AV MAC
72
HomePlug AV MAC (c) 2013 R. Newman University of Florida
description
(c) 2013 R. Newman University of Florida. HomePlug AV MAC. What is HomePlug AV?. Open industry standard 4+ manufacturers (including Intellon/Atheros) Compatible with HP1.0 Developed 2003-2007 by Homeplug Powerline Alliance (HPA) Consortium of chip designers, OEMs, PLC users - PowerPoint PPT Presentation
Transcript of HomePlug AV MAC
HomePlug AV MAC
(c) 2013 R. Newman
University of Florida
What is HomePlug AV?• Open industry standard
– 4+ manufacturers (including Intellon/Atheros)– Compatible with HP1.0
• Developed 2003-2007 by Homeplug Powerline Alliance (HPA)– Consortium of chip designers, OEMs, PLC users– Products shipped in Q1 2006
• Most widely available ethernet class PLC – 150 Mbps coded PHY data rate– 0ver 40 million units shipped
• Comprises– PHY – modulation, coupling, FEC, etc.– MAC – medium access, ARQ, etc.– Bridging – to other PLC networks or to 803.3/11/etc.
Reference Model
Protocol Layer Architecture
HPAV Challenges• Backward compatibility with HP1.0• Delivered base of over 10 million chips• Return customers likely
• Take advantage of high speed PHY• Fixed time overheads for delimiters/VCS• MSDUs typically less than 1500 octets
• Provide QoS for video/audio/gaming/etc.• Latency and jitter control• Bandwidth “guarantees”
• Deal with PHY challenges• Channels change – can degrade, cause loss• Impulse noise may destroy 1-2 symbols per impulse• Hidden nodes, neighbor networks
HPAV Challenges (2)• Minimize overhead• Aim at 80% MAC efficiency for streams• Low efficiency expected with low data rate streams
• User-friendly security• Must be understandable• Must be convenient• Must be secure
• Stations may leave unexpectedly• Consumer electronic devices• Not dedicated to AVLN like AP is to WLAN
HPAV Solution Approaches• Backward compatibility with HP1.0• Maintain common VCS
• Take advantage of high speed PHY• Maximize PHY Body length for efficiency
• Provide QoS for video/audio/gaming/etc.• Timestamp MSDUs with QoS needs• Move on if MSDU can’t be delivered on time• Admission control for new QoS streams• Scheduled access
HPAV Solution Approaches (2)• Deal with PHY challenges• Allow tone maps to vary with line cycle• Maintain view of channel rates • Maintain view of stream backlogs• Allow partial reception of MPDU• RTS/CTS for hidden nodes• Repeating for hidden nodes• Redundancy for scheduling information• Neighbor network coordination
• User-friendly security• Mental models• Network password entry• Device password entry• Push-button authorization
HPAV Solution Approaches (3)• Minimize overhead• Aggregation of MSDUs, management messages• Minimize use of delimiters• Small addresses – 8-bit Terminal Equipment IDs (TEIs)• Allow for contention-free access• Integrated encryption/IV derivation
• Stations may leave unexpectedly• Employ soft state• Use negotiation for determining coordinator• Allow for handover/recovery of responsibilities
HPAV Solutions• Backward compatibility with HP1.0• Hybrid delimiters – allow for common VCS
• Central Coordinator• Allows admission control/scheduled access• Must be able to move CCo/recover from loss of CCo• Maintains authoritative network time base
• Central Beacon• Provides common information• Provides synchronization for access• Advertises network time base (NTB) for QoS• Includes persistence for redundancy• Synchronized to line cycle
• Proxy Coordinator• Repeats Central Beacon for hidden nodes
HPAV Solutions (2)• Contention-Free Periods• Managed by call admission through CCo• Regions reserved for specific streams• Reservations persist in same part of line cycle• QoS stream creation negotiated by all parties• Global link identifiers for efficient reference• Expand/squeeze as needs/channels change
•Two-level Segmentation/Reassembly • Aggregate MSDUs & MMs into MAC Frame stream• Segment MF Stream for encryption/transmission• Make segments unit of reliable delivery inside MAC• CRC per segment• Selective Acknowledgements for multiple segments
HPAV Solutions (3)• MPDU bursting to save on ACKs• Acknowledge all segments in multiple MPDUs in SACK• MPDU number to know when to send SACK• MPDU count to know burst duration
• AV Logical Networks based on cryptography• Key hierarchy• NMK needed to join logical network• NEK used for data encryption• Integrated segmentation/encryption• IV derived from MPDU and segment information• Push-button inherently insecure at time of join• Two security levels• Password parameter definition
HPAV Networks• Physical Network (PhyNet)
• Relative to a station (STA)• All other STAs able to communicate
with the reference STA• Logical Network (AVLN)
• Has a Central Coordinator (CCo) STA• Set of STAs with same
• Network ID (NID) and • Network Membership Key (NMK)
(usually)
AV Logical Networks
• Neighbor networks• Hidden nodes
A
CCo1
B
C
D
CCo2
AVLN_2AVLN_1
E
F
HPAV General Operation• Each AVLN has a CCo
• CCo is determined dynamically• CCo give general information in beacon• CCo admits new STAs
• STAs join AVLN by requesting NEK• STA must have Network Membership
Key (NMK) to get Network Encryption Key (NEK)
• Unauthenticated STAs can do very little• STA gets NEK from CCo
• Time divided into Beacon Periods (BPs)• Access information based on BP
HPAV STA Roles• Level-0 CCo (no QoS support) – every STA
• Assoc/Authenticate new STA
• TEI provisioning
• CSMA operation
• Neighbor Network (NNW) passive coordination
• Level-1 CCo = Level-0 plus:
• TDMA operation/scheduling/admission control
• GLID provisioning
• Uncoordinated mode with NNWs• Level-2 CCo = Level-1 plus:
• Coordinated mode with NNWs
HPAV Beacon Periods
HPAV Beacon Timing
• Line Cycle Crossing Time (LCT)• PHY detection and digital phase lock loop (DPLL)
• Beacon Offset• Use to keep network time base (NTB)• Advertise future beacon transmit times
LCTn LCTn+1 LCTn+2BTTm BTTm+1
Beacon Period
LCTn+3
Beacon Offset
Beacon Offset
HPAV Beacon
• Beacon Payload holds 136 octets• Uses mini-ROBO modulation
• Beacon sent periodically (once per BP)• Sent by Central Controller (CCo)• Provides reference Network Time Base (NTB)• Indicates offsets for future Beacons
• Three Beacon types• Central Beacon – issued by CCo
• Provides scheduling information• Proxy Beacon – copy of central beacon repeated
by Proxy Coordinator (PCo) when hidden nodes• Discovery Beacon – sent for network discovery
Beacon Scheduling Info
• Non-Persistent Scheduling Information• Can change from one Beacon Period to the next• Extra allocations to backlogged QoS streams• Extra CSMA region• Discover beacons
• Persistent Scheduling Information• Remains constant for advertised number of BPs• Allows access even when Beacon is lost• Persistence information included in Beacon• Persistent CSMA allocations – for CSMA access• Persistent TDMA allocations – contention-free• May include preview schedule when changing
Beacon Schedule Persistence
• CSCD – current schedule countdown• Minimum # BPs for which this schedule is valid
• PSCD – preview schedule countdown• # BPs in which this schedule will take effect
CSMA-Only Beacon Period
Uncoordinated Mode BP
Beacon Region
CSMA Region
Persistent and Non-Persistent Allocations for TDMA and CSMA/CA traffic
Beacon Period
Beacon Region contains one Beacon Slot
AC Line Cycle
Beacon Period Start Time, synchornized to AC line cycle
Fixed offset from AC Line Cycle Zero
Cross
Persistent Shared CSMA Alloc.
time
Reserved Region
BeaconPPDU
B2BIFS
Coordinated Mode BP
Beacon Region
CSMA Region
STAs in AVLN are not allowed to transmitPersistent and Non-Persistent Allocations for
TDMA and CSMA/CA traffic
Beacon Period
Beacon Region contains multiple Beacon Slot, CCo transmits Beacon in one the
Beacon Slots
AC Line Cycle
Beacon Period Start Time, synchornized to AC line cycle
Fixed offset from AC Line Cycle Zero
Cross
Persistent Shared CSMA Alloc.
time
Reserved Region
BeaconPPDU
B2BIFS
Stayout Region
Beacon Slot-1
Beacon Slot-2
Beacon Slot-3
Channel Access• Beacons
• In Beacon Slot (Coordinated and Uncoordinated)• CSMA (CSMA-Only mode, and Discovery Beacons)
• CSMA (Contention-based Access)• Like HomePlug 1.0.1• Two priority reservation slots (PRS0, PRS1)• Contention window depending on priority, history• May use RTS/CTS for hidden nodes
• TDMA (Contention-free Access)• Must have global link identifier (GLID)• CCo does admission control, scheduling• Schedule advertised in central beacon• Backlog advertised for non-persistent extra allocation
Links and Connections• Connections – higher layer abstraction
• May be unidirectional unicast, bidirectional, or multicast
• Do not reflect the asymmetry of PLC channels• Links - Used by Convergence Layer (CL)
• Unidirectional (single source)• May be unicast or multicast/broadcast• Reflect underlying channel characteristics• Allow for scheduling based on channel• Local links for CSMA (source + link ID unique)• Global links for TDMA (assigned by CCo)• Connection Manager determines mapping to link• Connectionless traffic assigned a “priority link”• Priority Link IDs (PLIDs) only identify priority
Links and Scheduling• Priority Link IDs (PLIDs): 0x00-0x03
• Only indicate priority of traffic• Compete in CP
• Local Link IDs (LLIDs): 0x04-0x7F• Assigned by local STA’s CM• Compete in CP
• Global Link IDs (GLIDs): 0x80-0xFF• Used in Beacon Entries for scheduling• Special values:
• 0xFF = local CSMA allocation• 0xFE = shared CSMA allocation• 0xFD = Discover Beacon by designated STA• 0xFC = Contention Free Period Initiation region
• 0x80-0xF7 = CCo-assigned global link IDs• Rest are reserved
Connection IDs and CSPECs• Connection ID (CID)
• Assigned by initiating STA’s CM• 16-bit concatenation of TEI and initial LLID • Globally unique in AVLN
• Connection Specification (CSPEC)• Associated with each connection• Contains QoS parameters for connection
• Connection setup• HLE gives Connection Manager (CM) CSPEC• If feasible, CM contacts destination CM• If destination CM/HLE agree, connection formed• If GLID needed (based on CSPEC), then CCo asked• If CCo agrees, assigns GLID and schedules cnx• Release messages needed on failure
HPAV Channel Estimation• Performed using SOUND MPDUs • Predetermined pattern using all carriers• May also used ROBO modulated data MPDUs
• Determines Tone Map:• Modulation method for each carrier• FEC rate• Cyclic Prefix (CP) duration• Interval of line cycle in which TM applies
• TM and TMI reported to STA and to CCo• Sender uses for forming MPDUs and PPDUs• CCo uses for allocation algorithms
• Initial and Dynamic CE processes• TMs expire on demand or time-out in 30 sec.
HPAV MAC Protocol Data Units
• 4 MPDU Formats• AV-Only Short MPDU• Only HPAV preamble and Frame Control (FC)
• AV-Only Long MPDU• Like above, but with (data) payload
• Hybrid Short MPDU• Hybrid preamble, HP1.0 FC and HPAV FC
• Hybrid Long MPDU• Like above, but with (data) payload
• HP1.0 FC is just to give HP1.0 nodes VCS• Need for backward compatibility
AV-Only MPDU Structure
Hybrid MPDU Structure
HPAV MPDU Structure• Delimiter • Hybrid or AV-mode
• HP1.0 FC is as in HomePlug 1.0.1 (25 bits)• FC_AV holds 128 bits• Mapped by PHY to preamble and coded FC(s)• 7 Delimiter Types
• Two sizes• Long MPDUs have payload• Short MPDUs have no payload (delimiter only)
• Payload (if present) consists of PHY Blocks (PBs)• 520 octet or 136 octet length• Encoded by PHY as FEC blocks
HPAV Frame Control (FC)• 3 bits Delimiter Type (DT)• Beacon • SOF, RSOF• SACK• Sound• RTS/CTS
• 1 bit Access Field (ACCESS)• True iff MPDU transmitted on an Access NW
• 4 bits Short Network Identifier (SNID)• 96 bits variant field (depends on DT)• 24 bits Frame Control Check Sequence (FCCS)
HPAV Start of Frame (SOF)
96-bit Variant Field includes• Demodulation and Virtual Carrier Sense Info• Modulation (TMI) – indexes tone map (TM)• Length (for VCS) – number of OFDM symbols• PHY Block size (520 or 136 octet)
• Addressing• Source Terminal Equipment ID (STEI)• Destination TEI (DTEI)• Link Identifier (LID)
• Encryption Key Select (EKS) – for decryption• Lots of other stuff (cover later)
HPAV Selective ACK (SACK)
96-bit Variant Field includes• Destination TEI (DTEI)• Coordination information• Encoded bitmap of correctly received PBs• Bits correspond to BP position in received
transmission• Custom compression capability
• A little other stuff (cover later)
HPAV Reverse SOF (RSOF)
Carries SACK info plus a return payload96-bit RSOF Variant Field includes• SACK Information (like SACK)• Demodulation and Virtual Carrier Sense Info• Modulation (TMI) – indexes tone map (TM)• Length (for VCS) – number of OFDM symbols• PHY Block size (520 or 136 octet)
• Addressing• DTEI only (why? Why not STEI/LID?)
•A little other stuff (cover later)
HPAV Request/Clear to Send (RTS/CTS)
Needed when hidden nodes present96-bit Variant Field includes• Addressing•Source Terminal Equipment ID (STEI)• Destination TEI (DTEI)• Link Identifier (LID)
• Coordination information• Duration• How long is medium busy
• A little other stuff (cover later)BUT – only deals with one level of hidden nodes!
HPAV Sound/SoundAckSimilar to SOF, but used for channel estimationFixed modulation (ROBO)96-bit Variant Field includes• Channel Estimation and Virtual Carrier Sense Info• Maximum TMs requested• Length (for VCS) – time of payload• PHY Block size (520 or 136 octet)• Last SOUND flag• Sound ACK flag – indicates this is an ACK• Reason for SOUND
• Addressing• STEI, DTEI, LID
• Some other stuff (cover later)
HPAV Long MPDU Structure• Delimiter • Determines length explicitly or implicitly
• SOF or RSOF• One or more PB-520s (length & TMI)• One PB-136 (if PB size indicates small PB)
• Beacon• One PB-136
• Sound• One 520 octet or one 136 octet length
Sizes can’t be mixed Only one PB-136 per MPDUOnly one PB in last symbol
allow for processing time
HPAV Data Plane
• Data carried • MSDUs or Management Messages
• Encapsulated in MAC Frames• For recovery and error checking
• MAC Frames aggregated into MF Stream• MF Stream segmented for delivery
HPAV MAC Frames
MAC Frame Header MSDU Payload or Management Message ICV
2 Octets 4 Octets4 Octets
ATS/Confounder(Optional)
Variable number of Octets
• Delimit messages • Aggregation for efficient transmission at high speeds• Needed for disaggregation
• Provide timing information• Needed for jitter control, delivery guarantees
• Check correct reassembly, decryption• Integrity Check Value (ICV)
MAC Frame Fields• MF Header • MF Type (2 bits)
• Bit pad to end of segment• MSDU without ATS• MSDU with ATS• Management Message with confounder
• MF Length (14 bits)• ATS/Confounder (0 or 32 bits)• Arrival timestamp for AV streams• Random confounder for Management Messages
• Body• MSDU from higher layer or Management Message
• Integrity Check Value (32 bit CRC)• Total overhead = 6-10 octets
HPAV Segmentation
HPAV PHY Block Structure• PBs are mapped by PHY to FEC Blocks • FEC succeeds or fails
• PBs are basic unit of delivery by MAC internally• PB is ACKed or retransmitted using SR-ARQ• SACK specifies ACK/NAK
• PH Header (PBH) – 4 octets• Info for reassembly, disaggregation, recovery
• PB Body (PBB)• 512 octets or 128 octets long – not interpreted here
• PB Check Sequence (PBCS) • CRC-32 – not encrypted – for checking PB reception• PB discarded and NAKed if incorrect
HPAV PHY Block Structure
HPAV PHY Block Header• Segment Sequence Number (SSN) • 16 bits – segment # in MAC Frame stream
• Init to 0, increment on each new segment sent• Discard duplicates
• MAC Frame Boundary Offset (MFBO)• 9 bits to indicate first octet of first MF in PB Body• Resynch if a segment is never received
• Flags (1 bit each)• Valid PB Flag – in case whole PB is padding• Management Message Queue Flag
• reassemble in MM queue instead of message queue• MAC Frame Boundary Flag – is MFBO valid• Oldest Pending Segment Flag
• No older segment will be sent again
HPAV Reassembly• MPDU Header• Provides STEI, DTEI, LID• These identify reassembly stream
• Segment Sequence Number (SSN) • Used to place segment in PBB into buffer position• Recreate MAC Frame Stream
• MAC Frame Boundary Offset + MFB Flag• If segment(s) never received, these allow next intact
MAC frame to be found• MAC Frame Header• Type and Length fields used to find next MAC Frame• Also used to locate MAC Frame Body• ATS (if present) determines when to deliver MSDU
HPAV Data Encryption• Cipher Suite used• AES in CBC mode• CRC-32 used as ICV for MIC• IV derived from MPDU SOF, PB Header, PB location• SOF variant field (12 octets)• 3 least significant octets of PBH• 1 octet of PB Count (location in MPDU)
• Encryption done on PB Body• PBB is multiple of cipher block size – no waste• PBB is encrypted anew each time it is sent• Once a MF Stream segment is placed in a PBB, it will
always be sent as that PBB
HPAV MPDU Bursting
• MPDU Bursting• Multiple MPDUs sent before SACK returned• Reduces delimiters and interframe space overhead
• MPDU Count• MPDUCnt counts down to zero• When MPDUCnt=0, time to send SACK
• Total time in CP <= 5 msec (including SACK)• Sender may request SACK retransmission if lost
HPAV SR-ARQ• Selective ACK (SACK) expected after burst• SACK holds SACK Information fields for four MDPUs• Each SACKI can be• All Bad (default value)• All Good • Corresponding MPDU was not detected• Mixed results• One bit per PB in order (bit map)• One bit per pair of PBs (consolidated bit map)• Compressed bit map (custom compression)
• MPDU Count field• Used to detect entire missing MPDUs in burst
• Request SACK Retransmission• Only available for Global Links
HPAV Retransmission• SACK indicates lost PBs• Sender knows which segments have been received• May retransmit (may even duplicate in same MPDU)
• Number of retransmission attempts• Limited by AV parameter on maximum tries• Limited by delivery deadline for QoS streams
• Sender may develop backlog• Pending PBs reported in SOF• CCo can grant extra allocation if possible• CF stream may use CP for retransmission also• Sender may discard segment – receiver finds this out
from oldest pending segment flag
HPAV Bidirectional Bursting
• Allows data to be piggybacked on SACK• Reduces delimiters and interframe space overhead
• Must be requested and granted• SACK has RRTL field to specify length requested• SOF’s BBF flag and MRTFL field specify grant length• EKS is same as the forward transmission’s
• ACK field in SOF for reverse transmission
CF Region Interframe Spacing
• CIFS, RIFS, EIFS similar to HP1.0.1• RIFS_AV may vary – set by receiver
• B2BIFS needed before/after each beacon• AIFS needed before new CF allocation
Beacon Region CSMA Region Reserved Region Beacon Region
Beacon Period
SOFSACK
AIFS
SACK
RIFS_AV
CF Alloc. #1 CF Alloc. #2
SOF SACK
CFIFS
SACK SOF
AIFS
SACK
RIFS_AV
Contention-Free Link #1 Contention-Free Link #2
SACK Beacon 0
B2BIFS
CSMA Interframe Spacing
• CIFS, RIFS, EIFS similar to HP1.0.1• B2BIFS needed before/after each beacon• AIFS needed before SOF of new CF allocation• Unless CF allocation is for contention period
Burst Interframe Spacing
• BIFS needed between burst MPDUs
Beacon Region CSMA Region Reserved Region Beacon Region
Beacon Period
SOF SOFSACK SOF SACKSOF
RIFS_AVCFIFS
BIFS
MPDU Burst
BIFS BIFS
SOF
CF Alloc # 1 CF Alloc # 2
Extended Interframe Spacing
• EIFS used when VCS is lost• Maximum long MPDU along with SACK and IFSs
AV Preamble
Two Symbol Frame Control
(SOF)MPDU Payload
AV Preamble
Two Symbol Frame Control
(SOF)
169.76 µs 169.76 µs2501.12 µs
(minimum MaxFL_AV)
CIFS_AV
EIFS_AV
RIFS_AV
Central Coordinator (CCo)• Issues central beacon• Associates new stations• Issues TEI with lease, announces to AVLN
• Authenticates new stations• Verifies possession of NMK, issues NEK• Rotates NEK
• Performs admission control• Determines resource needs and availability• Issues Global LID• Performs scheduling
• May perform handover• Transfer CCo functions to another STA
• Performs neighbor network coordination
Power-on Behavior• State of STA• Has it ever been a member of an AVLN?
• Search for AVLNs• Listen for Central and Proxy Beacons• Listen for Discovery Beacons• Listen for Unassociated STA advertisements
• If find matching Network ID (NID)• Associate• Attempt to authenticate (get NEK)• End if successful, else continue (mark NID)
• If time runs out• If matching Unassociated STA NID, try to form AVLN• Else if AVLN present, advertise Unassociated STA• Else become Unassociated CCo (issue beacon)
Unassociated STA• Advertise infrequently• Issue Unassociated STA advertisements• Send once per Discovery Period, more or less
• Synchronize to an existing AVLN• Adopt mode (Hybrid or AV-Only) from Beacon• Use NTB of AVLN• Use SNID of AVLN in multi-network broadcasts
• If find matching Network ID (NID)• If beacon, try to join AVLN• If unassociated STA, try to form AVLN
• If AVLN disappears• Become Unassociated CCo
Authenticated STA• Determine whether should become CCo• If STA is a User-appointed CCo, and current CCo is not a
User-appointed CCo, request handover• May also execute CCo Selection process, become CCo if
more capable or better positioned• May become CCo if current CCo fails and STA is backup
• Adopt mode of operation from Beacon• Advertise detection of HP1.0/HP1.0.1 delimiters• Piggybacked in SOF, SACK, etc.
• If AVLN lost• No central/proxy beacon for timeout period• Start Power-on Procedure
• If asked to leave• Become Unassociated STA
CCo Behavior• Perform CCo Duties• As long as there are other STAs in AVLN
• If all other STAs leave AVLN• Remain CCo for at least Discovery period• If no STA joins and another AVLN is present, become
Unassociated STA• Else become Unassociated CCo
• If STA in AVLN should become CCo• Other STA is User-appointed and this one is not• Other STA is more capable or better positioned• Execute handover procedure• Become STA in AVLN
Mode of Operation• AV-Only Mode• Use AV-Only delimiters
• Hybrid Mode• Use Hybrid delimiters
• Deciding Mode• STA adopts mode of AVLN• All STAs listen for HP1.0/HP1.0.1 delimiters• If seen often enough, advertise using flags• CCo adopts mode based on detection• Revert to AV-Only if HP1.0/HP1.0.1 delimiters no longer
detected
AVLNs• Have a CCo• CCo issues central beacon, acts as coordinator• May have Proxy Coordinator(s) also
• Share same Network ID (NID)• NID normally derived from NMK• Should uniquely identify AVLN• Remains constant regardless of CCo
• Share same Security Level• NMK associated with SL• SL must be the same throughout AVLN
• Share same NEK• CCo provides NEK during authentication using NMK• NEK used to encrypt traffic in AVLN
Sub-AVLNs• One AVLN may have multiple sub-AVLNs• Share a single CCo
• Share same Network ID (NID)• NID not derived from NMK• CCo must use MAC address to decide which NMK to use
for a given STA
User-Friendly AVLN and STA IDs• User-friendly name is printable ASCII string• Use for humans to identify conveniently• Not guaranteed to be unique • STA and AVLNs may have these assigned
• Assigning HFIDs• Use primitive over the H1 interface for either• Use Management Message to CCo for AVLN
• Getting HFIDs• Management Message to request from STA or CCo• Request not required to be encrypted• Response to non-encrypted request need not provide
actual HFID
Association with an AVLN• Association provides a unique identifier• CCo assigns a valid TEI with lease on request• STA uses special TEI=0x00 before obtaining TEI• NID or SNID must be used to disambiguate TEIs
• Obtaining a TEI• STA makes request• CCo responds (decline or provide valid TEI/lease)• If accepted, CCo advertises all TEI/MAC addresses• TEI must be renewed before lease expires
• Leaving an AVLN• STA may leave voluntarily – send disassociate message• TEI lease may expire• CCo may ask STA to leave – send leave message
Authentication• Process Steps• Association is obtaining a valid TEI• Authorization is obtaining a valid NMK• Authentication is obtaining a valid NEK
• Obtaining a valid NEK• STA must have NMK first• STA requests NEK from CCo using NMK, provide nonce• If CCo decrypts, NMK is valid; provide NEK and nonce
using NMK, else CCo indicates failure• Updating NEK• NEK rotated at least once per hour• CCo requests nonce (NEK encrypted); STA responds
with nonce (NEK encrypted)• CCo sends set key msg with nonce encrypted with NMK
and old NEK; STA acknowledges using same keys
Forming a New AVLN• Circumstances for new AVLN formation• Two Unassociated STAs with matching NID• Two Unassociated STAs using DAK• Two Unassociated STAs, one in Join, one in Add• Two Unassociated STAs, both in Join
• Matching NID• Determine from Unassociated STA advertisements• Decide who becomes CCo from CCo capabilities and
MAC address in Unassociated STA advertisements• Winner becomes Unassociated CCo, sends beacons• Other STA(s) join it by associating, authenticating• Loser(s) continue to send Unassociated STA
advertisements until beacon with NID detected• Multiple AVLNs with same NID/NMK can merge
Forming a New AVLN (2)• DAK-based Protocol• STA with Device Access Key (DAK) of another STA
broadcasts a set-key message encrypted with DAK holding a TEK
• Any STA receiving a message like this tries to decrypt it• If it succeeds, then it replies (unicast) encrypting with the
Temporary Encryption Key (TEK) the message held• If the initiating STA decrypts a response encrypted with the
TEK, it sends a set-key message with the new NMK and the nonce in the reply encrypted with the DAK
• If the new STA decrypts this message with its DAK and the nonce matches, it sets its NMK and NID
• STAs decide who becomes the CCo from capabilities in the exchanged messages
• CCo issues beacons, other STA associates, authenticates
Forming a New AVLN (3)• Push-button Mechanism• Button press causes STA in AVLN to admin another one• STA never in AVLN (or reset) will join an AVLN
• Two Unassociated STAs, one in Join, one in Add• STA that has been in an AVLN will enter silent Add state• STA in Join state will broadcast its desire to join an AVLN• STA in Add state will respond unicast and become CCo• STA in Join will associate with new AVLN• STAs should perform channel adaptation • STAs then start UKE protocol
• Exchange hash keys• Hash these to form temporary encryption key (TEK)• Use TEK to send NMK from CCo to new STA
• STA then authenticates using NMK
Forming a New AVLN (4)•Two Unassociated STAs, both in Join• STA in Join state will broadcast its desire to join an AVLN• STAs will see each other’s advertisements• STAs decide who should become CCo from capabilities• Winner becomes CCo, generates new random NMK,
switches to Add state, sends confirmation to other STA• STA in Join will associate with new AVLN• STAs should perform channel adaptation • STAs then start UKE protocol
• Exchange hash keys• Hash these to form temporary encryption key (TEK)• Use TEK to send NMK from CCo to new STA
• STA then authenticates using NMK
