Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

802.11i RSN - Master Session Key Generation - How is this derived?

Hi Guys,

So,  When a STA has associated with an AP, and starts the EAP-TLS (or any other EAP method) process, it exhchages its certs mutually bla bla bla,  and all is good, we get an eap-sucess message.

Now, in the radius portion of the eap-sucess message, the AS sends the AP (authentication) the MSK that the AS has generated by some means.

Great,  AS has an MSK and now can derive the PMK

Now the questions

1. What about the supplicant, what does he use for the MSK?

2. Does the AS send the supplicant the same MSK?

3. If the supplicant and AS are generating different MSKs, is there some sort of link between them that when they dervive their PMKs, the work together?

4. How is the actual MSK derived, is it from the eap-identity-request packets in the early stages of the eap exchange, of if using eap-tls, is another parameter taken from the certificate to generate the MSK?

HELP PLEASE - ITS DRIVING ME MAD.

Thanks to all,

Ken

775
Views
0
Helpful
0
Replies
CreatePlease to create content