Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft.

Published byViviana Foti Modified over 5 years ago

Similar presentations

Presentation on theme: "Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft."— Presentation transcript:

1 Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft

2 Wish Share PMK between multiple APs within a physical box Translate to
Sept 2003 Wish Share PMK between multiple APs within a physical box Translate to Share keying information from a 802.1X authentication for use by 4-way handshakes on multiple APs within a physical box Tim Moore, Microsoft

3 Sept 2003 PMK PMK = MSK(0..31) MSK – master session key first 256bits MSK is what is delivered to AP from RADIUS server a AAA Key Tim Moore, Microsoft

4 Security Do not reuse symmetric key
Sept 2003 Security Do not reuse symmetric key Can derive keys from a single symmetric key and use the derived keys Tim Moore, Microsoft

5 Security fix Derive multiple PMKs from MSK, one per AP
Sept 2003 Security fix Derive multiple PMKs from MSK, one per AP PMK = PRF(MSK(0..31), “PMK Key”|BSSID) Now have unique symmetric key rather than reusing PMK Tim Moore, Microsoft

6 Sept 2003 Implementation issue How does Supplicant know which MSKs can be used to derive a PMK to another AP? Need additional information from AP Add a Authenticator Group MAC address A MSK from a 802.1X authentication from any authenticator with the same group address can be used to derive a PMK for use with this authenticator Tim Moore, Microsoft

7 Sept 2003 Implementation issue How does Authenticator know which MSKs can be used to derive a PMK to another Supplicant? Need additional information from the Supplicant Add a Supplicant Group MAC address A MSK from a 802.1X authentication from any supplicant with the same group address can be used to derive a PMK from this supplicant Tim Moore, Microsoft

8 Group Address Add a MAC address to the RSN IE
Sept 2003 Group Address Add a MAC address to the RSN IE Group address in Beacon and Probe response contains Authenticator Group Address Group address in (re)associate request contains Supplicant Group Address Tim Moore, Microsoft

9 Changes PMK = PRF(MSK(0..31), “PMK Key”|BSSID) RSNIE
Sept 2003 Changes PMK = PRF(MSK(0..31), “PMK Key”|BSSID) RSNIE Add “Group MAC Addr” field Text in PMK caching to describe use of Group Addresses Tim Moore, Microsoft

Download ppt "Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-08-0317r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:

Doc.: IEEE r6 Submission July 2008 Charles Fan,Amy Zhang, HuaweiSlide 1 Authentication and Key Management of MP with multiple radios Date:
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Doc.: IEEE 802.11-12/0039r0 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.

Doc.: IEEE /0039r0 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li Edward Au; Phil Barber Junghoon Suh; Osama Aboul-Magd Huawei.
Wireless II. Frames Frames – Notes 3 Frame type ▫Management  Beacons  Probes  Request  Response  Associations  Request  Response  Disassociate.

Wireless II. Frames Frames – Notes 3 Frame type ▫Management  Beacons  Probes  Request  Response  Associations  Request  Response  Disassociate.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-10/0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: 2010-03-08 Authors:

Doc.: IEEE /0374r0 Submission March 2010 Dan Harkins, Aruba NetworksSlide 1 Clarifying the Behavior of PMK Caching Date: Authors:
Doc.: IEEE 802.11-02/551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.

Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN

Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Wireless Network Security CSIS 5857: Encoding and Encryption.

Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE 802.11-07/2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.

Doc.: IEEE /2539r0 Submission September 2007 Tony Braskich, MotorolaSlide 1 Overview of an abbreviated handshake with sequential and simultaneous.
CAPWAP Threat Analysis

CAPWAP Threat Analysis

Similar presentations

Ads by Google