WPA and WPA2 4-Way Handshake

Lessons Discussion
6

Hello, everyone.

I don’t understand a few things here. A cisco document defines the process as follows:

An MSK is derived from the EAP authentication phase when 802.1X/EAP security is used, or from the PSK when WPA/WPA2-PSK is used as the security method.
From this MSK, the client and WLC/AP derive the Pairwise Master Key (PMK), and the WLC/AP generates a Group Master Key (GMK).

The NW lesson for the WPA Key Hierarchy says

The AAA key is also called the Master Session Key (MSK).

However, in the cisco document above, it’s implying that an MSK is also used with PSK authentication? Which doesn’t use AAA.

Next, the GMK. NW says the following:

The group master key (GMK) is a 128-bit key at the top of the hierarchy for broadcast and multicast traffic. The AP generates a cryptographic-quality random number. The “cryptographic quality” part is important because some functions that generate random numbers are predictable.

How exactly is this key derived? Randomly? The Cisco document again says that the MSK is used to derive it.

From this MSK, the client and WLC/AP derive the Pairwise Master Key (PMK), and the WLC/AP generates a Group Master Key (GMK).

I thought the PSK is fed through a key derivation function and directly creates the PMK.

This leads to another thing that confuses me. If the AP/WLC does generate the GMK, does it actually send it to the client or not? My book says that both devices know the PMK and the GMK.

obrázok
obrázok866×358 29.8 KB

I thought the AP would create a GMK, derive the GTK, and send it to the client for installation. It doesn’t make sense to me for the client to know what the GMK is. This second image says the opposite

4-WAY-handshake
4-WAY-handshake728×822 94.8 KB

When a lightweight architecture is used, does the WLC participate in the 4-way handshake instead of the AP? And then once the keys are figured out, the AP encrypts/decrypts the data.

And the final question.

The GTK is sent in an encrypted format. In the case of PTK, a partition of it is used to generate a MIC which basically ensures that both sides are using the same key if they end up with the same value. Does the client do anything to verify the same, but with the GTK instead?

Thank you.
David