MSK Questions
Last Post: June 1, 2010:
-
To answer this, the MSK is synonymous with the AAA key and it is generated on the AS (Auth server) as part of the 802.1X authentication process. A new one is generated every time there is a reauth by the supplicant. The AS can pass this back to the supplicant and the Authenticator but this is dependent on what the EAP being used does with the key.
The easiest way to think of this process is like a pyramid, with the top being either the MSK or the PSK (802.1X vs PSK) which is then used to generate all the keys below it, i.e. PMK, PTK, etc. One of the things the 4 way handshake does is to verify that the PMK is the same on both sides.
I highly recommend reading Chicken & Egg (Devin's 802.11i Key Management paper) as it goes over this in some detail.
- 1