An important aspect of the different EAP types was to provide a secure means of authenticating the parties that wanted to communicate. Another important by-product of the EAP is to generate symmetric keys, such as the Master Session Key (MSK)-an all-important key.
After the authentication stage has been successfully completed, next comes the four-way handshake, an Authentication and Key Management Protocol (AKMP) used in IEEE 802.11i. Its job is to confirm that the parties that want to communicate securely each possess the Pairwise Master Key (PMK) and to also distribute the group keys. The PMK is derived from the MSK.
In general, the so-called master keys are not themselves used for encrypting data. They are used for generating other subordinate and temporary keys that can be used for encrypting data.
The four-way handshake is used for generating dynamic keys that will be used for protecting subsequent data transmissions. These keys are transient or temporary by nature and as such are referred to as transient keys and temporal keys. The two types of transient keys that can be derived from the four-way handshake are the Pairwise Transient Key (PTK) and the Group Temporal Key (GTK).
In general, the pairwise keys are used only between a pair of communicating entities. The group keys can be used between two or more communicating entities.
In this tutorial:
- Securing Wireless Networks
- Security Background
- Security Services
- Cryptographic Concepts and Terms
- Encryption and Decryption
- Exclusive OR (XOR)
- Asymmetric Encryption Algorithms
- Public-Private Key Cryptography
- Concealment Ciphers vs. Running Key Ciphers
- Stream Ciphers vs. Block Ciphers
- Cipher Examples
- Cipher Implementations
- Wi-Fi Protected Access
- Wi-Fi Protected Access 2 (WPA2)
- Hash Functions
- EAP Entities
- EAP Grammar
- EAP Types
- IEEE 802.11i
- Four-Way Handshake
- IEEE 802.11i Considerations