IEEE 802.11ah A-MPDU Originator Processing Changes
Explore the modifications made to the originator processing of MPDUs within an A-MPDU in the IEEE 802.11ah-2016 specification. Issues arise regarding when to implement changes and the formula for sequence number wrap, impacting encryption and decryption processes. Delve into the complexities of Fragment Number Field adjustments and their implications for receiver trustworthiness.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
May 2021 doc.: IEEE 802.11-21/0766r0 A-MPDU Issue For 802.11ah Date: 2021-05-05 Authors: Name David Goodall Affiliations Address Morse Micro Phone email dave@morsemicro.com Sydney Submission Slide 1 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Abstract The 802.11ah-2016 specification made changes to originator processing of MPDUs within an A-MPDU. The changes involve modifying the Fragment Number Field in each MPDU MAC header. It was not specified whether to make the changes before or after encryption and FCS creation, leading to a potential variety of implementations. In addition, there are no instructions for recipient processing. Submission Slide 2 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 802.11ah A-MPDU Originator Processing Changes to A-MPDU originator processing were introduced for 802.11ah For example, in 802.11me d0.0 Section 10.25.6.7 Originator s behavior: "During an accepted HT-immediate block ack agreement, the S1G originator of an A-MPDU that is not an SMPDU eliciting an NDP BlockAck frame shall set the Fragment Number subfield in the Sequence Control field of each MPDU in the A-MPDU to WinStartO + WinSizeO 1 SN, where SN is the value of the Sequence Number subfield in the corresponding MPDU within the A-MPDU. Submission Slide 3 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Issues with the originator changes (1) There are no instructions on when the originator modifies the fragment number (FN) field A literal implementation would change the FN field after encryption and after FCS creation since in the A-MPDU case aggregation occurs after these steps The FN field is part of the additional authentication data (AAD) so modifying it after encryption will cause decryption to fail unless the recipient masks the field out Modifying the FN field after FCS creation means it cannot be trusted Submission Slide 4 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Issues with the originator changes (2) The formula WinStartO + WinSizeO 1 SN does not account for the sequence number wrap For example, when WinStart is at sequence number 4090 and WinSize = 8 4090 + 8 - 1 - 4090 = 7 4090 + 8 - 1 - 4091 = 6 4090 + 8 - 1 - 4092 = 5 4090 + 8 - 1 - 4093 = 4 4090 + 8 - 1 - 4094 = 3 4090 + 8 - 1 - 4095 = 2 4090 + 8 - 1 - 0 = 4097 (needs a mod operation?) 4090 + 8 - 1 - 1 = 4096 Submission Slide 5 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Issues with the originator changes (3) There are no instructions for the recipient to process the information and then reverse or ignore the changes to the FN field if necessary There is a reference to the use of the modified FN field in the letter ballot comments on 802.11ah d1.0 (2013) See Comment 1219 in: https://mentor.ieee.org/802.11/dcn/13/11- 13-1336-16-00ah-tgah-lb200-comments-on-d1-0.xlsx The comment resolution includes the sentence: "BA operation does not break because FN simply provides an offset to WinEndO helping the S1G recipient synch its BlockAck win parameters with those of the Originator. Submission Slide 6 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Different 802.11ah implementations On transmit some implementations do not modify the FN field and therefore do not expect a modified FN field on receive On transmit other implementations modify the FN field after encryption and before FCS creation These two implementation examples do not interoperate No implementation appears to be using the modified FN field on the receive side Submission Slide 7 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 Resolution Options Remove the FN field related changes to A-MPDU originator processing introduced by 802.11ah-2016 Alternatively, specify the exact steps to be followed by the originator and recipient noting that The modified FN field should at least be protected by the FCS If WinStartO changes and some MPDUs need to be retransmitted then those MPDUs need to go through the encryption step and the FCS creation step again, depending on the design To avoid opening potential security holes it may be better to modify the FN field after encryption and prior to FCS creation The recipient would need to mask the FN field prior to decryption Submission Slide 8 David Goodall, Morse Micro
May 2021 doc.: IEEE 802.11-21/0766r0 References Submission Slide 9 David Goodall, Morse Micro
