1 / 6

Use of EAPOL-Key messages

Use of EAPOL-Key messages. Tim Moore Microsoft. Introduction. 802.11i defines how and when key material is available for protection and encryption 802.1X and EAPOL-Key frames 802.11i EAPOL-Key frame is extendable Any IEs can be sent using EAPOL-Key messages and be protected (and encrypted)

judah
Télécharger la présentation

Use of EAPOL-Key messages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Use of EAPOL-Key messages Tim Moore Microsoft Tim Moore, Microsoft

  2. Introduction • 802.11i defines how and when key material is available for protection and encryption • 802.1X and EAPOL-Key frames • 802.11i EAPOL-Key frame is extendable • Any IEs can be sent using EAPOL-Key messages and be protected (and encrypted) • Non IEs can be sent using EAPOL-Key messages as KDEs. New KDEs can be added (5 are defined by 802.11i) • There is already a EAPOL-Key frame format that doesn’t send keys • EAPOL-Key frames can also be used without security Tim Moore, Microsoft

  3. Secure channel exists between STA and AP as soon as PTK is available • Either add an IE or KDE to an existing EAPOL-Key message • Send an EAPOL-Key message with the IE or KDE • STA can send an EAPOL-Key message not in respond to the AP by setting the Request bit Tim Moore, Microsoft

  4. Requesting for information • 802.11d defines an IE to request for IEs • Request Information IE • Used in probe requests • Define a KDE for action frame content • Add entry to Table 26 (11i) • Limited to action frames 255 octets in size Tim Moore, Microsoft

  5. Examples • AP advertising information • Send an EAPOL-Key message, may or may not be encrypted • AP querying for an IE from the STA • Send an EAPOL-Key message containing a Request KDE sending the request required Tim Moore, Microsoft

  6. Conclusion • Do not need a new encryption mechanism for 802.11k • Put IEs in an EAPOL-Key frame • Define a KDE for sending measurement requests Tim Moore, Microsoft

More Related