IEEE 802.11r-2008 or
fast BSS transition (
FT), also called
fast roaming, is an amendment to the
IEEE 802.11 standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another managed in a seamless manner. It was published on July 15, 2008. IEEE 802.11r-2008 was rolled up into 802.11-2012.
[1]
IEEE 802.11r specifies fast
Basic Service Set (BSS) transitions between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources (similar to
RSVP but defined in
802.11e) to occur in parallel.
The key negotiation protocol in
802.11i specifies that, for
802.1X-based authentication, the client is required to renegotiate its key with the
RADIUS or other authentication server supporting
Extensible Authentication Protocol (EAP) on every handoff, a time-consuming process. The solution is to allow for the part of the key derived from the server to be cached in the wireless network, so that a reasonable number of future connections can be based on the cached key, avoiding the 802.1X process. A feature known as
opportunistic key caching (OKC) exists today, based on 802.11i, to perform the same task. 802.11r differs from OKC by fully specifying the key hierarchy.
Protocol operation
The non-802.11r BSS transition goes through six stages:
- Scanning – active or passive for other APs in the area.
- Exchanging 802.11 authentication messages (first from the client, then from the AP) with the target access point.
- Exchanging reassociation messages to establish connection at target AP.
At this point in an
802.1X BSS, the AP and Station have a connection, but are not allowed to exchange data frames, as they have not established a key.
- 802.1X pairwise master key (PMK) negotiation.
- Pairwise transient key (PTK) derivation – 802.11i 4-way handshake of session keys, creating a unique encryption key for the association based on the master key established from the previous step.
- QoS admission control to re-establish QoS streams.
A fast BSS transition performs the same operations except for the 802.1X negotiation, but piggybacks the PTK and QoS admission control exchanges with the 802.11 Authentication and Reassociation messages.