Embed Size (px)
Citation preview
September 2002
Moore, Roshan, Cam-WingetSlide 1
doc.: IEEE 802.11-02/551r0
Submission
TGi Frame ExchangesTim MooreMicrosoft
Pejman RoshanNancy Cam-WingetCisco Systems, Inc
September 2002
Moore, Roshan, Cam-WingetSlide 2
doc.: IEEE 802.11-02/551r0
Submission
Phase 1 – Finding and Associating to an APClient AP
Probe Request
Probe Response + SSN IE (AP supports MCast/Ucast: WEP, TKIP and Auth:
Dynamic Keys with 802.1X)
802.11 Open Authentication
802.11 Open Auth (success)
Association Req + SSN IE (Client requests TKIP and dynamic keys
with 802.1X)
Association Response (success)
802.1X controlled port blocked for client AID
September 2002
Moore, Roshan, Cam-WingetSlide 3
doc.: IEEE 802.11-02/551r0
Submission
Phase 2 – Authenticating the User
802.1X/EAP-Request Identity
Client APAAA
802.1X/EAP-Response Identity (EAP type specific)
RADIUS Access Request/Identity
EAP type specific mutual authentication
Derive Pairwise Master Key (PMK)
RADIUS ACCEPT (with PMK via MS-MPPE)
802.1X/EAP-SUCCESS
Derive Pairwise Master Key (PMK)
802.1X controlled port still blocked for client AID
September 2002
Moore, Roshan, Cam-WingetSlide 4
doc.: IEEE 802.11-02/551r0
Submission
Deriving the Pairwise (Unicast) Keys
• SNonce – Supplicant or STA Nonce• ANonce – Authenticator or AP Nonce• STA and AP must have a master key (PMK or
PSK)
September 2002
Moore, Roshan, Cam-WingetSlide 5
doc.: IEEE 802.11-02/551r0
Submission
The Pairwise Key Hierarchy
PRF-512
PMK String “Pairwise Key Expansion”
Min(STA MAC, AP MAC) || Max(STA MAC, AP MAC) || SNonce || ANonce
512 bit Pairwise Transient Key (PTK)
NOTE: Values are
concatenated, so order matters
September 2002
Moore, Roshan, Cam-WingetSlide 6
doc.: IEEE 802.11-02/551r0
Submission
The Pairwise Key Hierarchy
EAPoL-Key MIC Key
128 bits
512 bit Pairwise Transient Key (PTK)
EAPoL-Key Encryption Key
128 bits
Temporal Encryption Key
128 bits
Temporal AP Tx MIC Key
64 bits
Temporal AP Rx MIC Key
64 bits
Bits 0-127 Bits 128-255 Bits 256-383 Bits 384-447 Bits 447-511
NOTE: The Tx MIC key is used by the station with the lower MAC address value
The Rx MIC key is used by the station with the higher MAC address value
September 2002
Moore, Roshan, Cam-WingetSlide 7
doc.: IEEE 802.11-02/551r0
Submission
Phase 3 – The Four Way HandshakeClient AP
EAPoL-Key(Reply Required, Unicast, ANonce)
PMKPMK
Derive ANonceDerive SNonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP SSN IE)
Derive PTK
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install Keys Install Keys
* Fields not noted are null
802.1X controlled port still blocked for client AID
September 2002
Moore, Roshan, Cam-WingetSlide 8
doc.: IEEE 802.11-02/551r0
Submission
Deriving the Group Keys
• Group Master Key Generation– Derived from a random number
– Set to the first PMK (Optional, but not recommended)• Must be updated periodically from another PMK
• Must be updated when the PMK source STA’s association state is purged.
• GNonce – Group nonce generated by AP
September 2002
Moore, Roshan, Cam-WingetSlide 9
doc.: IEEE 802.11-02/551r0
Submission
The Group Key Hierarchy
PRF-256
GMK String “Group Key Expansion”AP MAC || GNonce
256 bit Group Transient Key (GTK)
NOTE: Values are
concatenated, so order matters
September 2002
Moore, Roshan, Cam-WingetSlide 10
doc.: IEEE 802.11-02/551r0
Submission
The Group Key Hierarchy256 bit Group Transient Key
(GTK)
Temporal Encryption Key
128 bits
Temporal AP Tx MIC Key
64 bits
Temporal AP Rx MIC Key
64 bits
Bits 0-127 Bits 128-191 Bits 192-255
NOTE: The Tx MIC key is used by the station with the lower MAC address value
The Rx MIC key is used by the station with the higher MAC address value
September 2002
Moore, Roshan, Cam-WingetSlide 11
doc.: IEEE 802.11-02/551r0
Submission
Phase 4 – The Group Key UpdateClient AP
EAPoL-Key(All Keys Installed, Reply Required, Group Rx, Key Index, Group, GNonce, MIC,
GTK)
GMK
Derive GNonce
EAPoL-Key(Group, MIC)
Derive GTK
* Fields not noted are null
Encrypt GTK field
Decrypt GTK field
802.1X controlled port unblocked for client AID
