IEEE 802.11u

Last updated January 07, 2024

IEEE 802.11u-2011 is an amendment to the IEEE 802.11-2007 standard to add features that improve interworking with external networks.

Some amendments added to IEEE 802.11

Network discovery and selection

Provides for the discovery of suitable networks (preassociation) through the advertisement of access network type {private network, free public network, for-fee public network}, roaming consortium, and venue information.
Generic Advertisement Service (GAS), which provides for Layer 2 transport of an advertisement protocol's frames between a mobile device and a server in the network prior to authentication. The access point is responsible for the relay of a mobile device's query to a server in the carrier's network and for delivering the server's response back to the mobile.
Provides Access Network Query Protocol (ANQP), which is a query and response protocol used by a mobile device to discover a range of information, including the hotspot operator's domain name (a globally unique, machine-searchable data element); roaming partners accessible via the hotspot along with their credential type and EAP method supported for authentication; IP address type availability (for example, IPv4, IPv6); and other metadata useful in a mobile device's network selection process.

QoS map distribution

This provides a mapping between the IP's differentiated services code point (DSCP) to over-the-air Layer 2 priority on a per-device basis, facilitating end-to-end QoS.

For users who are not pre-authorized

IEEE 802.11 currently makes an assumption that a user's device is pre-authorized to use the network. IEEE 802.11u covers the cases where that device is not pre-authorized. A network will be able to allow access based on the user's relationship with an external network (e.g. hotspot roaming agreements), or indicate that online enrollment is possible, or allow access to a strictly limited set of services such as emergency services (client to authority and authority to client.)

From a user perspective, the aim is to improve the experience of a traveling user who turns on a laptop in a hotel many miles from home, or uses a mobile device to place a phone call. Instead of being presented with a long list of largely meaningless SSIDs the user could be presented with a list of networks, the services they provide, and the conditions under which the user could access them. 802.11u is central to the adoption of UMA and other approaches to network mobile devices.

Encourages mesh deployment

Because a relatively sophisticated set of conditions can be presented, arbitrary contracts could be presented to the user, and might include providing information on motive, demographics or geographic origin of the user. As such data is valuable to tourism promotion and other public functions, 802.11u is thought to motivate more extensive deployment of IEEE 802.11s mesh networks. ^{[ citation needed ]}

Mobile cellular network off-load to Wi-Fi

Mobile users, whose devices can move between 3G and Wi-Fi networks at a low level using 802.21 handoff, also need a unified and reliable way to authorize their access to all of those networks. 802.11u provides a common abstraction that all networks regardless of protocol can use to provide a common authentication experience.

Mandatory requirements

The IEEE 802.11u requirements specification contains requirements in the areas of enrollment, network selection, emergency call support, emergency alert notification, user traffic segmentation, and service advertisement.

Implementation

Hotspot 2.0

The Wi-Fi Alliance uses IEEE 802.11u in its "Wi-Fi Certified Passpoint" program, also known as "Hotspot 2.0".^[1] Apple devices running iOS 7 support Hotspot 2.0.^[2]^[3]

EAP-TLS

There have been proposals to use IEEE 802.11u for access points to signal that they allow EAP-TLS using only server-side authentication.^[4] Unlike most TLS implementations of HTTPS, such as major web browsers, the majority of implementations of EAP-TLS require client-side X.509 certificates without giving the option to disable the requirement, even though the standard does not mandate their use, which some have identified as having the potential to dramatically reduce adoption of EAP-TLS and prevent "open" but encrypted access points.^[5]^[6]

Related Research Articles

<span class="mw-page-title-main">IEEE 802.11</span> Wireless network standard

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of medium access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.

A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. This gives users the ability to move around within the area and remain connected to the network. Through a gateway, a WLAN can also provide a connection to the wider Internet.

In computer networking, a wireless access point, or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network or wireless network. As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is a physical location where Wi-Fi access is available.

IEEE 802.1X is an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

The Wi-Fi Alliance is a non-profit organization that owns the Wi-Fi trademark. Manufacturers may use the trademark to brand products certified for Wi-Fi interoperability. It is based in Austin, Texas.

A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

IEEE 802.11r-2008 or fast BSS transition (FT), is an amendment to the IEEE 802.11 standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure client transitions from one Basic Service Set to another performed in a nearly seamless manner. It was published on July 15, 2008. IEEE 802.11r-2008 was rolled up into 802.11-2012. The terms handoff and roaming are often used, although 802.11 transition is not a true handoff/roaming process in the cellular sense, where the process is coordinated by the base station and is generally uninterrupted.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

The IEEE 802.21 refers to Media Independent Handoff (MIH) and is an IEEE standard published in 2008. The standard supports algorithms enabling seamless handover between wired and wireless networks of the same type as well as handover between different wired and wireless network types also called Media independent handover (MIH) or vertical handover. The vertical handover was first introduced by Mark Stemn and Randy Katz at U C Berkeley. The standard provides information to allow handing over to and from wired 802.3 networks to wireless 802.11, 802.15, 802.16, 3GPP and 3GPP2 networks through different handover mechanisms.

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 and Haiku. In addition to being a WPA3 and WPA2 supplicant, it also implements WPA and older wireless LAN security protocols.

hostapd is a user space daemon software enabling a network interface card to act as an access point and authentication server. There are three implementations: Jouni Malinen's hostapd, OpenBSD's hostapd and Devicescape's hostapd.

WISPr or Wireless Internet Service Provider roaming is a draft protocol submitted to the Wi-Fi Alliance that allows users to roam between wireless internet service providers in a fashion similar to that which allows cellphone users to roam between carriers. A RADIUS server is used to authenticate the subscriber's credentials.

Mobile VoIP or simply mVoIP is an extension of mobility to a voice over IP network. Two types of communication are generally supported: cordless telephones using DECT or PCS protocols for short range or campus communications where all base stations are linked into the same LAN, and wider area communications using 3G or 4G protocols.

Media Independent Handover (MIH) is a standard being developed by IEEE 802.21 to enable the handover of IP sessions from one layer 2 access technology to another, to achieve mobility of end user devices (MIH).

Wireless@SG is a wireless broadband programme developed by the Infocomm Development Authority (IDA) of Singapore as part of its Next Generation National Infocomm Infrastructure initiative, being part of the nation's 10-year masterplan called Intelligent Nation 2015 (iN2015).

IEEE 802.11s is a wireless local area network (WLAN) standard and an IEEE 802.11 amendment for mesh networking, defining how wireless devices can interconnect to create a wireless LAN mesh network, which may be used for relatively fixed topologies and wireless ad hoc networks. The IEEE 802.11s task group drew upon volunteers from university and industry to provide specifications and possible design solutions for wireless mesh networking. As a standard, the document was iterated and revised many times prior to finalization.

Generic Advertisement Service (GAS): An IEEE 802.11u service that provides over-the-air transportation for frames of higher-layer advertisements between Wi-Fi stations (802.11 Stations) or between a server in an external network and a station. GAS may be used prior stations are authenticated, or associated to a wireless Access Point (AP) in a Basic Service Set (BSS). GAS supports higher-layer protocols that employ a query/response mechanism.

References

↑ Parrish, Kevin (23 February 2012). "Wi-Fi Passpoint Standard Will End Hotspot Sign-Ons". Tom's Guide . IDG News Service.
↑ Brodkin, Jon (11 June 2013). "iOS 7 will hop from one Wi-Fi hotspot to another, no password needed". Ars Technica .
↑ Tofel, Kevin C. (11 June 2013). "Apple iOS 7 supports Wi-Fi Hotspot 2.0 for next-gen network roaming". GigaOm .
↑ Byrd, Christopher (1 November 2011). "Open Secure Wireless 2.0" . Retrieved 2017-05-04.
↑ Byrd, Christopher (5 May 2010). "Open Secure Wireless" (PDF). Retrieved 2017-05-04.
↑ RFC 5216: The EAP-TLS Authentication Protocol, Internet Engineering Task Force, March 2008, The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Parrish, Kevin (23 February 2012). "Wi-Fi Passpoint Standard Will End Hotspot Sign-Ons". Tom's Guide . IDG News Service.

[2] Brodkin, Jon (11 June 2013). "iOS 7 will hop from one Wi-Fi hotspot to another, no password needed". Ars Technica .

[3] Tofel, Kevin C. (11 June 2013). "Apple iOS 7 supports Wi-Fi Hotspot 2.0 for next-gen network roaming". GigaOm .

[4] Byrd, Christopher (1 November 2011). "Open Secure Wireless 2.0" . Retrieved 2017-05-04.

[opensecurewireless-5] Byrd, Christopher (5 May 2010). "Open Secure Wireless" (PDF). Retrieved 2017-05-04.

[rfc5216s211-6] RFC 5216: The EAP-TLS Authentication Protocol, Internet Engineering Task Force, March 2008, The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means.

[1]

[2]

[3]

[4]

[5]

[6]