Friday, July 31, 2015

Keys Generation: 4 Way Handshake & Group Key Handshake

  • Master Session Key Generation (MSK) -at least 64 octets in length
    • By Product of 802.1x authentication method
  • PMK & GMK Generation
    • Under 802.1X
      • PMK is first 256 bits  (bits 0 - 255) of the MSK. 
      • A new, unique PMK is generated every time a client authenticates or reauthenticates
      • PMK is sent from authentication server over a secure channel to the authenticator. 
    • Under WPA/WPA2 Personal
      • However, In WPA/WPA2-Personal PSK becomes PMK. RSNA PSK is 256 bits long (64 char) which is quite long. 802.11-2007 defines passphrase-psk mapping formula to derive psk(256 bit) from pass phrase/password. 
      • Passphrase is sequence of between 8 to 63 ASCII encoded characters.
      • PSK = PBKDF2(PassPhrase, SSID, SSID-Len, 4096, 256)
      • For all clients under a given SSID, the PSK will be same which is not the case with 802.1X where all clients' PSK is different

  • PTK & GTK Generation (using 4-Way Handshake)




  • PTK Decomposition




  • GTK Regeneration & Distribution (using Group Key Handshake)
    • GTK can be regenerated under two conditions:
      • Periodic regeneration configured (if available)
      • On client disassociation so that GTK known to disconnected client becomes useless.




No comments:

Post a Comment