Forum

Updates to EAP types

1 posts by 1 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: December 1, 2005:

By ben_miller December 1, 2005

Reply

When WEP was the only standards-based encrpytion method, EAP authentication produced Session Keys (WEP keys used for encrypting unicast data) at the supplicant (station) and authentication server. The AP would produce a Broadcast/Multicast WEP Key.

When WPA (TKIP) or WPA2 (CCMP) encryption are used, EAP authentication produces a PMK (key material used for unicast data) at the supplicant and authentication server. The AP produces a GMK, which is key material for broadcast and multicast data.

The bottom line is that the EAP process stays the same. Supplicant and authentication server negotiate encryption information for unicast data while the AP creates encryption information for broadcast/multicast data.

The real difference is what happens after authentication. When WPA or WPA2 encryption are used, the PMK and GMK (key material) are used during the 4-Way Handshake to create the PTK (unicast) and GTK (broadcast/multicast), which are encryption keys. The PTK and GTK are actually *the same* for both WPA and WPA2 encryption.

Page 1 of 1

1

Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.
-Darren

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.
-Ben

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.
-Glenn