IEEE 802.

11i 227

generate the PSK. Mutual authentication is performed using PSK. The key is
derived from the user credentials that have been entered in the AP.

9.7. IEEE 802.11i

IEEE 802.11i defines a robust secure network (RSN) architecture to provide

security capabilities for IEEE802.11-based WLANs and their extensions to
include authentication, data encryption, key management, fast roaming (pre-
authentication), and many other features (e.g., key-caching for quick recon-
nect, compatibility with IEEE 802.11e). For infrastructure netwoks, it requires
the use of an authentication server (AS), such as RADIUS, using authentica-
tion protocol such as IEEE 802.1X using EAP over LANs (EAPoL), master
key (MK) and pairwise master keys (PMK)s. Figure 9-19 shows the relation
among various components of an IEEE 802.11i architecture [18].
Following is a description of the functions of various key types.

9.7.1. Master Key (MK)

Defined only per session between an AS (not AP) and a STA, the MK is
required to establish authentication between the AS and the wireless station.
Authentication using MK guarantees access to an AS.

STA# j AP# l AS

Authentication (Master Key - per session)

Derive PMK from PMK only between

MK, and Distribute it STA# j and AP# l

Channel access using PMK

Derive and use PTK

from PMK

Figure 9-19. Relative position of master key (MK), pairwise master key (PMK), and
pairwise transient key (PTK) in IEEE 802.11i.

TEAM LinG
228 SECURITY IN WIRELESS DATA NETWORKS

9.7.2. Pairwise Master Key (PMK)

This is generated after a trust between AS and STA has been established
(assuming a trust between AS and AP already existed). It is generated from
the information sent by RADIUS (or non-RADIUS) AS to AP and STA.
PMK is used to access the wireless medium.

9.7.3. Pairwise Transient Key (PTK)

PTK is a collection of keys known as key confirmation key (KCK), key encryp-
tion key (KEK), and temporal key (TK).
KCK is used to prove the possession of PMK, thus binding PMK to
STA/AP. KEK is used to distribute group transient key (GTK) to be used in
multicasting and broadcasting. TK is used for data encryption. Figure 9-20
shows protocol architecture for security for authentication.
IEEE 802.1X is the transport for EAP over LAN (EAPoL). IEEE 802.1X
remains within the wireless LAN. Authentication transport between STA and
AS is provided by higher-level (end-to-end) EAP-TLS (Extensive authenti-
cation protocol—transport level security). What IEEE 802.1X does for LANs
is similar to what RADIUS does for IP network, that is, to provide a trans-
port for EAP.
Figure 9-21 shows various operational phases of IEEE802.11i. The required
data encryption algorithm is a version of advanced encryption system (AES).
In addition to providing a fairly comprehensive hierarchy of key man-
agement, IEEE 802.11i also has some features to enhance the networking
capabilities of the stations. Two of these that need special mention are, pre-
authentication for fast roaming and key-caching for fast reconnect. In a wire-
less LAN infrastructure served by a number of access points, a STA using
IEEE 802.11i could spend a significant amount of overhead in authentication
while moving from close to one AP to another. The handoff between the APs
can be rendered quicker by allowing a STA to pre-authenticate with a prospec-
tive next AP before actually establishing an authorization relation with it. The
STA does this through its current AP. Since APs are connected through a wired

STA AP AS

EAP-TLS

EAP

IEEE802.1X (EAPoL) RADIUS

WLAN (IEEE 802.11) UDP/IP

Figure 9-20. Protocol architecture for IEEE 802.11i authentication.

TEAM LinG
 SECURITY IN CELLULAR NETWORKS 229

STA AP AS

Capabilities discovery

IEEE 802.1X (Authentication)

IEEE 802.11i key RADIUS key

management distribution

Data encryption

Figure 9-21. Operational phases of IEEE 802.11i.

infrastructure, pre-authentication adds an element of security in addition to

quickly allowing authentication once the handoff process begins. The key-
caching feature of IEEE 802.11i allows an AP to keep the key information of
the STAs that recently de-associated. If a station tries to reconnect while cache
entry about its previous connection is still valid, it can be quickly authenti-
cated and associated.

9.7.4. IEEE 802.11i and WPA

The WPA is an interim standard and it was projected to be compatible with
the then future IEEE 802.11i. However, IEEE 802.11i has specified a differ-
ent encryption algorithm (AES) from WPA (RC4). This has created an inter-
operability problem between the two. There are some commonalities, such as
in authentication (IEEE 802.11i provides pre-shared key as well for home net-
works). Table 9.2 (available at various locations, amended from [18] [15]) lists
a comparison between WEP, WPA and IEEE 802.11i encryption and integrity
protection.
The IEEE 802.11i is also dubbed as WPA2. However, it is not considered
to be available in the existing devices, as it needs hardware upgrade.

9.8. SECURITY IN CELLULAR NETWORKS

In terms of data security, cellular networks pose a scenario quite different from
WLANs. Due to wide area roaming capability and international market for
operators, the network interoperability requirement and export constraints for
security algorithms make a unique paradox. With the all-IP based networks,

TEAM LinG