Offtopic: WPA-PSK: Every client connection from AP has own key?

Piotr Zawadzki pzawadzki at polsl.pl
Tue May 30 05:30:03 EDT 2006


Dnia poniedziałek, 29 maja 2006 14:47, Bryan Kadzban napisał:
> Beat Meier wrote:
> > If using wpa-psk every client has an other key to encrypt data
> > transfer or all have the same?
>
> Each client has its own PTK, but (in almost all AP implementations
> anyway) all clients share the same PMK.
>
> There are two (actually probably three) "levels" of keys.  The PMK is
> used in the 4-way handshake (along with some random data sent in
> plaintext) to generate a PTK, which is used as the "master" for the TKIP
> algorithm.
>
> > I.e. data transfers can be decrypted from one client which is for an
> > other client?
>
> If the one client sniffs the 4-way handshake of another client, and the
> AP in use makes you configure one PSK for all clients, then yes, any
> client that knows the PSK/PMK can decrypt unicast frames that are
> intended for another client.  Because the "attacking" client can
> generate the PTK for the "attacked" client, and the PTK is all you need
> to set up TKIP.  (Or CCMP, actually.  It's not immune to this either.)
>
> > The Preshared key is what is called master key from which the PMK is
> > generated?
>
> No, the pre-shared key *is* the PMK.  It gets converted to hex (or used
> as hex from the start, if given to the AP or client that way), then used
> as the PMK in the 4-way handshake.  But it's exactly the same keying
> material.
>
> > Some thread say the all have the same enc. key (only EAP-TLS has
> > different keys) other they have all the own key ...
>
> Not exactly true.  EAP-TLS does have different PMKs for each client and
> each (re)association, but so does EAP-PEAP (and any other RADIUS method
> that supports key negotiation).
>
> WPA-PSK is the only setup where clients share PMKs.
>
> > If every client has an own key where is this key stored i.e. how is
> > this encryption done in hw if every client has own key?
>
> The PTK is "stored" in the NIC somewhere (or in the driver).  NDIS, for
> instance, has an OID value that you can use to program the PTK into the
> wireless driver, and the driver will either store it away somewhere if
> it does the decryption, or it'll program it into the card if the card
> does the decryption.  I believe Linux Wireless Extensions has a similar
> setup.
>
> The PMK/PSK itself is stored in the supplicant's config somewhere, if
> you're using PSK mode.  If you aren't, then the supplicant and RADIUS
> server have a conversation, and after the supplicant is authenticated,
> the server sends it a (randomly generated) PMK to use.  It stores this
> in the driver, see above.  The RADIUS server also sends this key to the
> AP, and the AP stores it away.  The 4-way handshake makes sure that both
> ends got the same key.
>
> > Where can I get more infos about that?
>
> The IEEE 802.11i spec would be a good place (seeing as it's the standard
> ;-)), but it's probably not that easy to understand.  It took me a week
> or so to finally figure out what it was talking about in several places.
Edney, Arbaugh ,,Real 802.11 security ..."
-- 
Piotr Zawadzki
retrieve public key from http://www.keyserver.net



More information about the HostAP mailing list