The interested reader can look at an overview of Management Frame Protection in the following article<Management Frame Protection>
The 802.11w amendment provided a new key termed IGTK – Integrity Group Temporal Key. The IGTK would be used for integrity check of broadcast/multicast management frames and is used to compute the MIC for Broadcast/multicast frames.
The IGTK is provided after message 3 of the 4-way handshake and is shown below.
The IGTK is sent encrypted with the Key Encryption Key (KEK). If the AP changes the GTK at any point in time – the AP sends a new IGTK along-with the GTK using the Group Key Handshake. The IGTK is part of the Integrity Group Temporal Key Security Association (IGTKSA).
The IGTKSA contains the following parameters.
- Direction Vector (whether the IGTK is used for Transmit or receive)
- Key ID
- IGTK
- Authenticator MAC Address
The IGTK is used to generate the MIC in the Management MPDU.