Use of EAPOL-Key messages during pre-auth Month 2002 doc.: IEEE 802.11-04/xxxr0 May 2004 Use of EAPOL-Key messages during pre-auth Tim Moore Microsoft Tim Moore, Microsoft

May 2004 Introduction 11-04-0516 describes a list of interesting information about the AP ESSid, BSSid, Channel/Frequency Security options, keys Provider Last/average received RSSI Last Contact Time (local time and TSF) Association “State”/History Load information Other useful things “Bad experiences” (e.g. it’s a rogue, it refused my association) Things that disqualify it (wrong security, wrong network) Much of this could be exchanged during discovery phase if the AP/STA can communicate Tim Moore, Microsoft

802.11i pre-auth “Communication” between STA and AP before association May 2004 802.11i pre-auth “Communication” between STA and AP before association Exchanges security information to generate a PMK Communication is really STA/Authentication Server 802.11i STA/AP communication (EAPOL-Key) isn’t used Doesn’t generate a PTK and exchange additional information Tim Moore, Microsoft

EAPOL-Key 2 types of message May 2004 EAPOL-Key 2 types of message 4-way for generating PTK and sending some information: IEs, KDEs(GTK), etc. Other for sending KDEs (GTK, STAKey, TKIP errors, STAKey requests), IEs, etc. Tim Moore, Microsoft

Obtaining information from other APs May 2004 Obtaining information from other APs 802.11i can pre-authenticate with other APs in the same ESS (on the same subnet) 802.11i doesn’t do 4-way after pre-authentication since for security reasons the 4-way is needed after association 4-way handshake can be run over pre-auth Ethertype Secure channel for exchanging IEs then available between STA and APs Tim Moore, Microsoft

Issues 4-way is AP initiated May 2004 Issues 4-way is AP initiated If STA wants to send information to AP, the 4-way must be run Use EAPOL-Key message 1 Set Request bit Allow multiple PMKID KDEs in KeyData field Tim Moore, Microsoft

STA initiated 4-way STA sends a EAPOL-Key message 1 request May 2004 STA initiated 4-way STA sends a EAPOL-Key message 1 request Add a list of PMKID KDEs to message PMKs that STA believes could be used (normally from pre-authentication) AP can: Response with message 1 using a PMK (may or may not be one of the PMK specified by the STA) EAP-Request/Identity if it does not have a PMK for the STA, the STA will respond with 802.1X pre-authentication STA can send any IEs during message 2 of the 4-way handshake, AP can send any IEs during message 3 of the 4-way handshake Additional information can be sent after 4-way handshake completes Tim Moore, Microsoft

May 2004 Conclusion 4-way Handshake over pre-authentication channel allows direct communication with non-associated APs Information from pre-auth 4-way is direct from AP and is secure Can be updated at any time by sending EAPOL-Key message Tim Moore, Microsoft