802.11i RSN - Master Session Key Generation - How is this derived?

Unanswered Question
Jul 13th, 2010

Hi Guys,

So,  When a STA has associated with an AP, and starts the EAP-TLS (or any other EAP method) process, it exhchages its certs mutually bla bla bla,  and all is good, we get an eap-sucess message.

Now, in the radius portion of the eap-sucess message, the AS sends the AP (authentication) the MSK that the AS has generated by some means.

Great,  AS has an MSK and now can derive the PMK

Now the questions

1. What about the supplicant, what does he use for the MSK?

2. Does the AS send the supplicant the same MSK?

3. If the supplicant and AS are generating different MSKs, is there some sort of link between them that when they dervive their PMKs, the work together?

4. How is the actual MSK derived, is it from the eap-identity-request packets in the early stages of the eap exchange, of if using eap-tls, is another parameter taken from the certificate to generate the MSK?


Thanks to all,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion



Trending Topics - Security & Network