For reference – the interested reader can look at AES Encyption frame format and the AES Encapsulation process in the below articles
The AES decapsulation process is shown below
FIG Courtesy: 802.11 Standard
Some description of the parameters
TK – AES Temporal Key – obtained during EAPOL handshake
PN – Packet Number – initialized to 1 when the Temporal Key (TK) is initialized/refreshed. It increases monotonically for each encrypted packet with the initialized Temporal Key (TK)
AAD – Additional Authentication Data – created from the MPDU header. The AAD construction will be seen in the Encapsulation description below
A2 – MPDU Address field 2
Key ID – Key Identifier obtained during EAPOL handshake
Priority – The QoS TID value of the MPDU packet – set to zero when no QoS Control field is present
The steps involved in the Decapsulation process are described below
- The encrypted MPDU is parsed to construct the AAD and nonce values.
- The AAD is formed from the MPDU header of the encrypted MPDU.
- The Nonce value is constructed from the A2, PN, and Nonce Flags fields.
- The MIC is extracted for use in the CCM integrity checking.
- The CCM recipient processing uses the temporal key, AAD, nonce, MIC, and MPDU cipher text data to recover the MPDU plaintext data as well as to check the integrity of the AAD and MPDU plaintext data.
- The received MPDU header and the MPDU plaintext data from the CCM recipient processing are concatenated to form a plaintext MPDU.
- The decryption processing prevents replay of MPDUs by validating that the PN in the MPDU is greater than the replay counter maintained for the session
Next up, we shall look at CSMA/CA mechanisms that were introduced in WLAN. We will also understand the working of Wireless Multi-Media (WMM)/EDCF mechanism for QoS which is currently used by WLAN Stations.