Forum

I've been reading Chapter 11, Data Link Security Solutions, in the CWSP study guide, and I still have the following questions on 802.1X and EAP.

Does anyone have a clear explanation or document explaining the difference and the exact functionment of the Unicast key versus Broadcast Key ?

I have well understood that these keys are used at different stages of the EAP process but I am still looking for a more precise description that would help me understand it better.
The CWSP Guide doesn't go very much in depth on this question... RFC 3748 doesn't help a lot either.

Any help coming from CWSP graduated person (or other participants) would be much appreciated.

Thanks to you all

Chrisparis75

Hi Chris of Bordeaux:

I am sorry I do not have my CWSP v1 study guide or IEEE standards available to double check, but here is my advice.

We are all familiar with the monolithic, sometimes called static, WEP key. Typically it is manually entered into all the client stations and access points (AP stations) in an extended service set (ESS) and is seldom changed. It is used to encrypt and decrypt all data frames, both unicast and multicast/broadcast.

The IEEE 802.11 standard, both before and after the 2004 802.11i amendment, allows for each pair of communicating stations to have its own key for exchanging unicast frames. An AP then uses a different key with each client station. When an AP transmits a multicast/broadcast frame destined for potentially multiple stations one additional key is required. This key, the broadcast key, is held in common by all stations in a basic service set (BSS).

I hope this helps. Thanks. /criss

Hi Criss from Leesburg,
Thanks for your contribution. If I understand it right the only purpose of this broadcast / unicast keys is to separate the encryption keys for broadcast or unicast exchanges.
That?¡é?€??s all right.

But in fact I was a little bit curious in understanding how all these keys are exchanged and work together.

I have been looking on the Web reading a lot of RFCs (probably not the right one) and other documentations and the only thing I have found is the exchange below (to be confirmed, it was found in an open forum in 2002).

If one of you have a documentation or an RFC that describe this process precisely that would be just perfect.

Thanks for your help and answers.

Chrisparis75 (From Bordeaux)

From raghu@sbcglobal.net (email no more valid) July 2002
I believe this description is about EAP/TLS.
?¡é?€??
A point on the WEP key generation section:
> 10. RADIUS server and the supplicant agree to a specific WEP key. (Dynamic Key?¡é?€?| how is that chosen ? TKIP ?)
> 11. The supplicant loads the key ready for logging on.
> 12. The RADIUS server sends the key for this session (Session key) to the AP.
> 13. The AP encrypts its Broadcast key with the Session key
> 14. The AP sends the encrypted key to the supplicant
> 15. The supplicant decrypts the Broadcast key with the Session key and the session continues using the Broadcast and Session keys until the session ends.

> AFAIK the authentication server and supplicant agree on a shared session secret, but that is not the actual WEP unicast key to be used between the AP and STA. I believe that the key distribution actually do this:
> 1. the authentication server send the shared session secret to the AP using MPPE-{Send|Recv}-Key attributes
> 2. the AP generates a WEP unicast key for the STA and a broadcast key
> 3. these keys are encrypted with the shared session secret and sent to the STA in separate EAPOL-Key messages

(this description was made by looking at the behavior of the WinXP supplicant and Lucent WavePOINT-II AP).

If you have already tested it I would like to take your point.
If I got your point right then,

1. Authentication server generates Session Secret, but not Session Key, and sends it to both supplicant and AP.
2. AP generates both Session(Unicast) Key and Broadcast Key and encrypts them using Session Secret and sends to the supplicant.
3. Supplicant decrypts Session(Unicast) Key and Broadcast key using the Session Secret that it got from Authentication Server.

From: Raghu [mailto:raghu@sbcglobal.net]
> Sent: Thursday, July 11, 2002 11:29 PM
>
> Currently Dynamic WEP key generation is done using EAP/TLS.
> The sequence for Dynamic WEP key generation is
> 1. AS and Supplicant independtly generates Session Secret based on the Master Secret.
> AS sends this Session Secret to AP in MS-MPPE-attributes.
>
> 2. AP generates Unicast(Session) key and encrypts it using Session Secret and sends it to the supplicant.
> (Broadcast/default key is the same for all stations within a broadcast domain.If this is not the case then AP generates even Broadcast key and encrypts using Session Secret and sends it to the supplicant)

I think I confused you a bit regarding the broadcast key.
The broadcast key needs to be sent to the supplicant both if it is individual to that STA or if it is common to all STAs in the BSS (which I think it always is). A better
description of step two could be:

2. AP generates Unicast(Session) key. The unicast key and the broadcast/default key of the BSS are
encrypted using the Session Secret and sent to the supplicant in separate EAPOL-Key messages.
> (Broadcast/default key is the same for all stations within a broadcast domain.If this is not the case then AP generates even Broadcast key and encrypts using Session Secret and sends it to the supplicant)

> 3. Supplicant decrypts the Unicast and/or Broadcast key using the generated Session Secret (from step 1)