Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use of EAPOL-Key messages during pre-auth

Published byHerman Sugiarto Modified over 5 years ago

Similar presentations

Presentation on theme: "Use of EAPOL-Key messages during pre-auth"— Presentation transcript:

1 Use of EAPOL-Key messages during pre-auth
Month 2002 doc.: IEEE /xxxr0 May 2004 Use of EAPOL-Key messages during pre-auth Tim Moore Microsoft Tim Moore, Microsoft

2 May 2004 Introduction describes a list of interesting information about the AP ESSid, BSSid, Channel/Frequency Security options, keys Provider Last/average received RSSI Last Contact Time (local time and TSF) Association “State”/History Load information Other useful things “Bad experiences” (e.g. it’s a rogue, it refused my association) Things that disqualify it (wrong security, wrong network) Much of this could be exchanged during discovery phase if the AP/STA can communicate Tim Moore, Microsoft

3 802.11i pre-auth “Communication” between STA and AP before association
May 2004 802.11i pre-auth “Communication” between STA and AP before association Exchanges security information to generate a PMK Communication is really STA/Authentication Server 802.11i STA/AP communication (EAPOL-Key) isn’t used Doesn’t generate a PTK and exchange additional information Tim Moore, Microsoft

4 EAPOL-Key 2 types of message
May 2004 EAPOL-Key 2 types of message 4-way for generating PTK and sending some information: IEs, KDEs(GTK), etc. Other for sending KDEs (GTK, STAKey, TKIP errors, STAKey requests), IEs, etc. Tim Moore, Microsoft

5 Obtaining information from other APs
May 2004 Obtaining information from other APs 802.11i can pre-authenticate with other APs in the same ESS (on the same subnet) 802.11i doesn’t do 4-way after pre-authentication since for security reasons the 4-way is needed after association 4-way handshake can be run over pre-auth Ethertype Secure channel for exchanging IEs then available between STA and APs Tim Moore, Microsoft

6 Issues 4-way is AP initiated
May 2004 Issues 4-way is AP initiated If STA wants to send information to AP, the 4-way must be run Use EAPOL-Key message 1 Set Request bit Allow multiple PMKID KDEs in KeyData field Tim Moore, Microsoft

7 STA initiated 4-way STA sends a EAPOL-Key message 1 request
May 2004 STA initiated 4-way STA sends a EAPOL-Key message 1 request Add a list of PMKID KDEs to message PMKs that STA believes could be used (normally from pre-authentication) AP can: Response with message 1 using a PMK (may or may not be one of the PMK specified by the STA) EAP-Request/Identity if it does not have a PMK for the STA, the STA will respond with 802.1X pre-authentication STA can send any IEs during message 2 of the 4-way handshake, AP can send any IEs during message 3 of the 4-way handshake Additional information can be sent after 4-way handshake completes Tim Moore, Microsoft

8 May 2004 Conclusion 4-way Handshake over pre-authentication channel allows direct communication with non-associated APs Information from pre-auth 4-way is direct from AP and is secure Can be updated at any time by sending EAPOL-Key message Tim Moore, Microsoft

Download ppt "Use of EAPOL-Key messages during pre-auth"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Doc.: IEEE 802.11-04/0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-02/551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.

Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE 802.11-04/0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.

Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE 802.11-03/657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE 802.11-11/1426r02 Submission NameAffiliationsAddressPhoneemail ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,

Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Robust Security Network (RSN) Service of IEEE

Robust Security Network (RSN) Service of IEEE
Re-evaluating the WPA2 Security Protocol

Re-evaluating the WPA2 Security Protocol
M. Kassab, A. Belghith, J. Bonnin, S. Sassi

M. Kassab, A. Belghith, J. Bonnin, S. Sassi
Some LB 62 Motions January 13, 2003 January 2004

Some LB 62 Motions January 13, 2003 January 2004
Proposed SFD Text for ai Link Setup Procedure

Proposed SFD Text for ai Link Setup Procedure
802.11r Requirements Discussion

802.11r Requirements Discussion
STAKey Design Flaws Date: Jesse, Shlomo, Suman

STAKey Design Flaws Date: Jesse, Shlomo, Suman
doc.: IEEE /xxxr0 Mike Moreton

doc.: IEEE /xxxr0 Mike Moreton
802.1X and key interactions Tim Moore November 2001

802.1X and key interactions Tim Moore November 2001
Motions to Address Some Letter Ballot 52 Comments

Motions to Address Some Letter Ballot 52 Comments

Similar presentations

Ads by Google