Info needed on AAA key
Last Post: July 3, 2018:
-
I need some help to understand this parameter called AAA key.
1. How is MSK related to AAA key? Is it a derivative of it or the same?
2. Is the AAA key same as that of the 'Radius Secret' parameter configured typically in AAA servers (secret key between AS and Authenticator)?
3. Is the AAA key required to be present in /or exported to the Supplicant as well? If so, how is this achieved in general? Is it a configuration parameter by any chance?
4. How is the PMK related to AAA key and/or MSK?
It would indeed be of much help if someone could help me overcome this confusion. -
Hi there, bit of a late reply but here goes.....
1. As per RFC 5247 (EAP Key Management Framework), they are the SAME. Quote: "The term AAA-Key is synonymous with Master Session Key (MSK)."
2. NO. The RADIUS secret is used to protect RADIUS communication between the Authenticator (wireless LAN controller in lightweight mode and AP in autonomous mode) and the Authentication Server (the RADIUS server). In reality, RADIUS only protects the password section of the communication. The AAA key is used to derive the MSK and will be different for each client that connects (see below).
3. OK, some confusion here. The AAA key is only relevant in WPA/WPA2 ENTERPRISE MODE. You cannot configure the AAA key as such. When a supplicant successfully authenticates, the AS will provide the AAA key (dynamically created) from which the PMK is derived.
4. According to the 802.11i standard, the PMK is derived from the AAA key (remember in point 1 that the AAA key is the same as the MSK). I have read in other documents that the PMK is equal to the AAA key! That means that the AAA key, MSK and PMK are all the same.
The main thing to remember is that the AS will provide the AAA key/MSK/PMK to the Authenticator. The Authenticator will share this with the Supplicant and through the 4-way WPA handshake establish the PTK (Pairwise Transient Key), all wireless data is then encrypted using the PTK.
Does this help? I wrote a tutorial about this on my website - www.og150.com/tutorials.php - download PDF under 'Wireless Pre-Shared Key Cracking (WPA, WPA2)'
Thanks
Darren -
Dear Darren,
First of all, thank you very much for clarifying all of that. Your answer is certainly of BIG HELP! I have just started my journey on the path to CWSP and apparently I'm trying to get the basics right while also trying to understand the practical applicability.
In the meantime, I have had a chance to download this tutorial & am currently exploring on it. I shall acknowledge my observations on your post(under this forum) soon.
Best Regards,
Ansuman -
No worries. If you have any further questions just let me know, either I or another member of the forum will try to assist.
Darren -
Juss real quick on Point#3 ( transportation of AAA key). So do this mean that the AAA key transportation occurs during the EAP security exchange procedure using certificates only? And if so, then which layer/s of the OSI Stack handles this job?
Is it Layers-5/6(Presentation/Session Layers) over the Controlled port? -
Yes, the AAA key is exchanged as part of the EAP transaction and EAP occurs inside of RADIUS. There are many types of EAP types, and not all use certificates. EAP typically operates at layer 2 - Datalink of the OSI model I would say.
-
Ansuman,
I recommend you to read "802.11 Authentication and Key Management (AKM)" white paper from Devin Akin. I am sure that this white paper will clear most of your queries on AAA key. -
Dear Sathwik,
Thank you as much for pointing to the document. I'm going through the same & at the inset it appears to be a great one with much effort taken to uncomplicate the standard. Shall keep everyone posted... Meanwhile a note of thanks to Devin as well.. -
Great read! And just so I get this correct, I’m summarizing my grasp of AKM below:
- AAA Key - Starting Point. Also used interchangeably as MSK. Manner of derivation is implementation specific, but in general this key is used to mean the Master Session Key(MSK). 64-octets in length & acts as Seeding material to create other keys in the hierarchy(4-way Handshake)
- PMK, GMK - Derivatives of MSK(AAA key). Manner of derivation of PMK varies based on type of Security mode configured viz., WPA/2-Personal(PSK) or WPA/2-Enterprise. In case of former,PMK==PSK=PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256). In case of latter(WPA/2-Ent), PMK=First 256 bits of MSK: PMK ← L(MSK, 0, 256).
Note: The RADIUS Attribute MS-MMPE-Recv-Key is used to transport PMK from AS(Radius Server) to Authenticator(AP) - PTK - Derived from PMK as under:
PTK ← PRF-X(PMK, "Pairwise key expansion", Min(AA,SPA) || Max(AA,SPA) || Min(ANonce,SNonce) || Max(ANonce,SNonce))
Used to encrypt Unicast Data - GTK - Derived from PMK as under:
GTK ← PRF-X(GMK, “Group key expansion” || AA || GNonce)
Used to encrypt broadcast/multicast data - KCK - Key Confirmation Key. Used in 4-Way Handshake & Group Key Handshake(2-Way) to provide data origin authenticity
Computed as first 128bits of PTK: KCK ← L(PTK, 0, 128) - KEK - Key Encryption Key. Used in 4-Way Handshake & Group Key Handshake(2-Way) to provide data confidentiality
Computed as bits 128-255 of PTK: KEK ← L(PTK, 128, 128) - TK - Temporal Key.
Computed as bits 256 to (255+TK_bits) of PTK: TK ← L(PTK, 256, TK_bits)
-
Graphically :
AAA Key aka MSK
------------┴-------------
▼ ▼
PMK GMK
▼ ▼
PTKïKCK GTKïTK
ïKEK
ïTK
- 1