Proposed Modifications to 802.11e-D4.0 Direct Link Protocol January 2003 Proposed Modifications to 802.11e-D4.0 Direct Link Protocol Carlos Rios RiosTek LLC

January 2003 D4.0 DLP Summary DLP per 802.11e-D4.0 is a simple protocol to allow non-AP QSTAs to communicate directly while actively maintaining a BSS association . Adds just three new Action Frames to 802.11-1999 DLP-Request, relayed through AP, lets QSTA1 ask QSTA2 to dance DLP-Response, relayed through AP, provides QSTA1 with an answer DLP-Probe optionally allows QSTAs to gauge the direct link The AP serves as a “Gatekeeper and Facilitator” in setting up the DLP However, this protocol has several flaws DLP functionality should be available to all non-AP stations Essential security elements are not incorporated DLP-Probe functionality can be provided with existing 802.11-1999 frames

Proposed DLP Modifications January 2003 Proposed DLP Modifications DLP Request/Response AP 1a 1b 2b 2a STA-1 STA-2 (Not necessarily Q)STA-1 sends DLP-Request to (Not necessarily Q)STA-2 via AP (1a) DLP-Request contains STA-1 Capabilities, Supported Rates, RSN Information Element AP forwards the DLP-Request to STA-2 (1b) If STA-2 is in Power Save mode, then AP buffers the frame, and announces pending traffic to STA-2 in the TIM, so that STA-2 can retrieve it as desired Else: If BSS policy disallows DLP, AP returns DLP-Response to STA-1 with status code “Not Allowed” Else: If STA-2 not in the BSS, then AP returns DLP-Response to STA-1 with status code “Not Present” STA-2, agreeing to DLP, transmits a DSP-Response to AP with Status Code “Success” (2a) DLP-Response contains STA-2 Capabilities, Supported Rates, RSN IE Else: If WSTA-2 refuses to DLP, returns DLP-Response with status code “Refused” AP forwards the DLP-Response frame to STA-1 (2b)

DLP Protocol Security Modifications January 2003 DLP Protocol Security Modifications AP DLP-Request/Response 2b 1a 1b 2a DLP-Key Authentication 3a 3b 4 STA-1 STA-2 DLP enabled, but STAs don’t possess keys to establish a secure RSN session The AP, knowing both STAs’ RSNIEs, selects highest-security-level common authentication and cipher suites The AP calculates an appropriate STA-1/STA-2 DLP Pairwise Master Key (or punts to a “more qualified” security server somewhere and just distributes a provided DLP PMK) The AP distributes selected authentication and cipher suites and the DLP PMK to STA-1 (3a) and STA-2 (3b) in (encrypted Authentication frame) DLP-Key messages The AP then promptly clears its DLP PMK register and “forgets” the key STA-1 and STA-2 then immediately execute direct mutual authentication and encryption key derivation/management handshake, and establish a secure DLP link “Link Quality” can be gauged during the authentication handshake, dispensing with the need for separate DLP-Probe frames STAs shall stay awake for a “no-activity” timeout period following every reception. If either STA times out further data exchange shall be routed through the AP until and if another DLP session is established Stations maintain a cache with the side channel capabilities on a per destination STA basis

Proposed DLP Modifications Summary January 2003 Proposed DLP Modifications Summary The modified DLP remains a simple protocol, but now allows non-AP STAs to link directly while actively maintaining a BSS association . Adds just three new Action Frames to 802.11-1999 DLP-Request, relayed through AP, lets QSTA1 ask QSTA2 to dance DLP-Response, relayed through AP, provides QSTA1 with an answer DLP-Key, from the AP, provides essential security elements Redundant DLP-Probe has been eliminated The AP still serves as a “Gatekeeper and Facilitator” in setting up the DLP Now even more so, as “Security Chief” The herein modified DLP is a more comprehensive and robust solution Candidate normative text revisions to 802.11e-D4.0 are contained in document 03/050r0