60 likes | 423 Vues
Use of EAPOL-Key messages. Tim Moore Microsoft. Introduction. 802.11i defines how and when key material is available for protection and encryption 802.1X and EAPOL-Key frames 802.11i EAPOL-Key frame is extendable Any IEs can be sent using EAPOL-Key messages and be protected (and encrypted)
E N D
Use of EAPOL-Key messages Tim Moore Microsoft Tim Moore, Microsoft
Introduction • 802.11i defines how and when key material is available for protection and encryption • 802.1X and EAPOL-Key frames • 802.11i EAPOL-Key frame is extendable • Any IEs can be sent using EAPOL-Key messages and be protected (and encrypted) • Non IEs can be sent using EAPOL-Key messages as KDEs. New KDEs can be added (5 are defined by 802.11i) • There is already a EAPOL-Key frame format that doesn’t send keys • EAPOL-Key frames can also be used without security Tim Moore, Microsoft
Secure channel exists between STA and AP as soon as PTK is available • Either add an IE or KDE to an existing EAPOL-Key message • Send an EAPOL-Key message with the IE or KDE • STA can send an EAPOL-Key message not in respond to the AP by setting the Request bit Tim Moore, Microsoft
Requesting for information • 802.11d defines an IE to request for IEs • Request Information IE • Used in probe requests • Define a KDE for action frame content • Add entry to Table 26 (11i) • Limited to action frames 255 octets in size Tim Moore, Microsoft
Examples • AP advertising information • Send an EAPOL-Key message, may or may not be encrypted • AP querying for an IE from the STA • Send an EAPOL-Key message containing a Request KDE sending the request required Tim Moore, Microsoft
Conclusion • Do not need a new encryption mechanism for 802.11k • Put IEs in an EAPOL-Key frame • Define a KDE for sending measurement requests Tim Moore, Microsoft