lec-7-key-hierarchy&TKIP

lec-7-key-hierarchy&TKIP - 802. ShambhuUpadhyaya...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Shambhu Upadhyaya 1 802.11 Security – Key Hierarchy 802.11 Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 7)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Shambhu Upadhyaya 2 Pairwise Keys Unicast data sent between two stations has to be private  between them For this purpose a pairwise key is used which is know to the two  parties Each mobile device has a unique pairwise key with the access  point AP Mobile Device Key 1 Mobile Device Key 2 Mobile Device Key 3 Key 1 Key 2 Key 3 Pairwise  Key
Background image of page 2
Shambhu Upadhyaya 3 Group Keys For Broadcast or multicast transmissions, data is received by  multiple stations Thus a key needs to be shared by all members of the trusted  group Each trusted mobile device shares this group key with the  Access Point AP Mobile Device Key G Mobile Device Key G  Mobile Device Key G Key G Group  Key
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Shambhu Upadhyaya 4 Types of Keys Preshared keys - Installed in the access point and mobile device by some  method outside of RSN/WPA - Used by most WEP systems - Possession of the key is the basis for authentication - Bypasses the concept of upper layer authentication  completely Server-based keys - The keys are generated by some upper layer authentication  protocol - Authentication server provides the access points with the  temporal keys required for session protection
Background image of page 4
Shambhu Upadhyaya 5 Pairwise Key Hierarchy At the top of the hierarchy is  Pairwise Master Key  (PMK) Can be delivered from upper layer authentication  protocol or can use a preshared secret There exists a unique PMK for each mobile host
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Shambhu Upadhyaya 6 Creation and Delivering of PMK Generation of the PMK is based on the top level key held by both the  user and the server Could be in a ‘smart card’ or a password known to both the user and the  server (kept in a person’s head) During the EAP authentication process the method proves that both  parties know this secret After successful authentication a key generating authentication process  (e.g., TLS, Kerberos) then generates random-like key material This random key material is used to create the PMK Thus after the authentication process the PMK is known to both the  client and the authentication server This key needs to be transferred to the Access Point for use during the  session - WPA mandates the use of RADIUS to make this transfer - RSN does not specify a particular method for the transfer
Background image of page 6
Shambhu Upadhyaya 7 Computing Temporal Keys 802.1X model, data can start flowing once access point has  the key, but WPA/RSN has more steps Now temporal keys are derived from this PMK for use during  each session
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/16/2011 for the course CSE 566 taught by Professor Dr.shamboo during the Fall '10 term at SUNY Buffalo.

Page1 / 34

lec-7-key-hierarchy&TKIP - 802. ShambhuUpadhyaya...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online