Download presentation
Presentation is loading. Please wait.
1
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
September 2002 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc Moore, Roshan, Cam-Winget
2
Phase 1 – Finding and Associating to an AP
September 2002 Phase 1 – Finding and Associating to an AP Client AP Probe Request Probe Response + RSN IE (AP supports MCast/Ucast: WEP, TKIP and Auth: Dynamic Keys with 802.1X) Open Authentication Open Auth (success) Association Req + RSN IE (Client requests TKIP and dynamic keys with 802.1X) Association Response (success) 802.1X controlled port blocked for client AID Moore, Roshan, Cam-Winget
3
Phase 2 – Authenticating the User
September 2002 Phase 2 – Authenticating the User AAA Client AP 802.1X/EAP-Request Identity 802.1X/EAP-Response Identity (EAP type specific) RADIUS Access Request/Identity EAP type specific mutual authentication Derive Pairwise Master Key (PMK) Derive Pairwise Master Key (PMK) RADIUS ACCEPT (with PMK via MS-MPPE) 802.1X/EAP-SUCCESS 802.1X controlled port still blocked for client AID Moore, Roshan, Cam-Winget
4
Deriving the Pairwise (Unicast) Keys
September 2002 Deriving the Pairwise (Unicast) Keys SNonce – Supplicant or STA Nonce ANonce – Authenticator or AP Nonce STA and AP must have a master key (PMK or PSK) Moore, Roshan, Cam-Winget
5
The Pairwise Key Hierarchy
September 2002 The Pairwise Key Hierarchy Min(STA MAC, AP MAC) || Max(STA MAC, AP MAC) || SNonce || ANonce PMK String “Pairwise Key Expansion” NOTE: Values are concatenated, so order matters PRF-512 512 bit Pairwise Transient Key (PTK) Moore, Roshan, Cam-Winget
6
The Pairwise Key Hierarchy
September 2002 The Pairwise Key Hierarchy 512 bit Pairwise Transient Key (PTK) EAPoL-Key MIC Key bits EAPoL-Key Encryption Key bits Temporal Encryption Key bits Temporal AP Tx MIC Key bits Temporal AP Rx MIC Key bits Bits 0-127 Bits Bits Bits Bits NOTE: The Tx MIC key is used by the station with the lower MAC address value The Rx MIC key is used by the station with the higher MAC address value Moore, Roshan, Cam-Winget
7
Phase 3 – The Four Way Handshake
September 2002 Phase 3 – The Four Way Handshake Client AP * Fields not noted are null PMK PMK Derive SNonce Derive ANonce EAPoL-Key(Reply Required, Unicast, ANonce) Derive PTK EAPoL-Key(Unicast, SNonce, MIC, STA RSN IE) Derive PTK EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP RSN IE) Install Keys Install Keys EAPoL-Key(Unicast, ANonce, MIC) 802.1X controlled port still blocked for client AID Moore, Roshan, Cam-Winget
8
Deriving the Group Keys
September 2002 Deriving the Group Keys Group Master Key Generation Derived from a random number Set to the first PMK (Optional, but not recommended) Must be updated periodically from another PMK Must be updated when the PMK source STA’s association state is purged. GNonce – Group nonce generated by AP Moore, Roshan, Cam-Winget
9
The Group Key Hierarchy
September 2002 The Group Key Hierarchy AP MAC || GNonce GMK String “Group Key Expansion” PRF-256 NOTE: Values are concatenated, so order matters 256 bit Group Transient Key (GTK) Moore, Roshan, Cam-Winget
10
The Group Key Hierarchy
September 2002 The Group Key Hierarchy 256 bit Group Transient Key (GTK) Temporal Encryption Key bits Temporal AP Tx MIC Key bits Temporal AP Rx MIC Key bits Bits 0-127 Bits Bits NOTE: The Tx MIC key is used by the station with the lower MAC address value The Rx MIC key is used by the station with the higher MAC address value Moore, Roshan, Cam-Winget
11
Phase 4 – The Group Key Update
September 2002 Phase 4 – The Group Key Update Client AP * Fields not noted are null GMK Derive GNonce Derive GTK Encrypt GTK field EAPoL-Key(All Keys Installed, Reply Required, Group Rx, Key Index, Group, GNonce, MIC, GTK) Decrypt GTK field EAPoL-Key(Group, MIC) 802.1X controlled port unblocked for client AID Moore, Roshan, Cam-Winget
Similar presentations
