RE: [LinkSec] FW: [802-11Technical] <TGi> 802.1X Controlled Port
Bernard,
I believe the reason for running two four way handshakes is to generate
two (different) key encryption keys (and associated key MIC keys) to be
used for encrypting the two different group keys.
It sounds to me like one of those things that would probably be done
differently, if the whole system was to be redesigned from scratch based
on the group's current understanding. However, given that WPA is
already shipping, I can't see anyone suggesting it in the current
group's lifetime.
Mike Moreton
Synad Technologies Ltd.
-----Original Message-----
From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]
Sent: 07 June 2003 15:12
To: Mike Moreton; paul.congdon@hp.com; stds-802-linksec@ieee.org;
stds-802-1@ieee.org; stds-802-11@ieee.org
Subject: RE: [LinkSec] FW: [802-11Technical] <TGi> 802.1X Controlled
Port
>Different keys would be used for each direction where two stations are
>exchanging broadcast frames (neglecting for the purposes of explanation
>all the others who might hear them), however these keys are randomly
>generated rather than being derived from EAP.
As you state, a bi-directional EAP exchange is unnecessary because a
single
mutual authentication suffices for establishing an open link on both
sides,
as specified in RFC 2284bis, and because only one of the unicast keys
established during the bi-directional exchange is used. Similarly, only
a
single 4-way handshake is needed in order to establish transient session
keys and protect the ciphersuite negotiation.
>I think it's the
>decision to use these handshakes unmodified in two directions, rather
>than create a new bi-directional handshake that leads to the
requirement
>to generate two sets of keys, not anything inherent about the
>architecture of 802.11 ad-hoc.
Yes, the requirement for bi-directional authentication in IEEE 802.11i
has
nothing to do with EAP or IEEE 802.1X -- it arises purely from the
design of
the IEEE 802.11i group key exchange. While in infrastructure mode only
the
AP sends multicast traffic (and therefore only a single group key is
needed), in adhoc mode all the stations can potentially send multicast
traffic. That means that there is a need for multiple group keys in
adhoc
whereas no such need exists in infrastructure mode. Since a single IEEE
802.11i Group Key exchange is incapable of negotiating different group
keys
in each direction, it is necessary to run two complete IEEE 802.1X
exchanges, one in each direction.
This of course leads one to ask why a single IEEE 802.1X exchange with
mutual authentication followed by two group key exchanges would not be
sufficient. If the answer relates purely to a limitation of IEEE
802.11i's
4-way handshake and group-key exchanges, this should be made clear in
the
both IEEE 802.1X and IEEE 802.11i so that readers are not mislead into
believing that this limitation has anything to do with EAP or IEEE
802.1X.
This is important for future work such as LINKSEC which could
potentially
design an improved group key exchange, thereby removing the need for
bi-directional authentication for enabling communication between two
bridges.
Yes. However, there is a lot of confusion about this, so it needs to be
explained.
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
synad.com
**********************************************************************