802.11i support in IBSS mode

Nicolas Pichon nicolas.pichon
Tue Nov 27 09:28:30 PST 2007 

Hi all,

Although RSN associations (aka WPA2) are described for IBSS networks in 
IEEE 802.11i norm, there is currently no implementation of this feature. 
As a matter of fact, the only security mechanism available in IBSS mode 
is WEP, which is too weak.

I'm currently working on a future implementation of 802.11i for IBSS 
mode, and after having read and understood most of 802.11i norm parts 
concerning IBSS, I'd like to submit my thoughts and choices, in order to 
get any feedback from the list. I also have several questions to ask.


In a first time, my goal is to have an initial implementation with only 
a subset of the features described in the norm.

What I plan to have is :
  - WPA2-PSK mode
  - CCMP (AES encryption)
  - Beacons and Probe Response generation
What features I don't plan to include in initial implementation :
  - 802.1X authentication
  - TKIP
  - Open System Authentication (optional in IBSS mode)
  - Group Key Renewal

I think this should be enough in order to have 2 STAs talking inside a 
secure link.


To make developments and tests, I have many x86 and ixp425 based systems 
with Atheros chips running madwifi driver.


Currently we have 2 components to manage an RSN association :
  - hostapd on AP side which assumes the role of Authenticator
  - wpa_supplicant on Client site which assumes the role of supplicant

In an IBSS network, each STA has an Authenticator AND a Supplicant. So 
we have to have a component which can assume both roles. There are two 
solutions that come in my mind. Should we :
  - integrate needed code from one component to the other ? Which 
component should integrate the other ?
  - create a new component which include parts of source code from both 
hostapd and wpa_supplicant (I think it's a better way to do). How could 
we name this new component (a thing like "wpa2_ibss") ?


I've made a checkout of current GIT repository, and started reading 
Doxygen generated Reference Manual, but I'm not familiar with 
hostap/wpa_supplicant code. So any help on understanding it, where to 
start work, or any pointer to additional information source are welcomed.

I already have three guys ready to bring some help or contribute (Jouni 
Malinen, Benoit Papillault and Michael Taylor), but of course anyone 
interested in giving help is also welcomed. We could use this list to 
coordinate work for this project.

One more question : where should development take place ?


Thanks for reading this,

Nicolas Pichon.

More information about the Hostap mailing list