Pre-Shared Key Mechanism – Generation of Master key

In the Pre-Shared Key Mechanism, the upper layer handshake as performed in 802.1X mechanism is not performed as the Pair-wise Master Key is generated by utilizing a user supplied Pass-phrase.

The 802.11 user enters a passphrase which has to be a minimum of 8 characters and can be a maximum of 63 characters. The Passphrase is the input password from the user of the network and the network user should be aware of the password in use for that particular network.

The ASCII password entered is used by the 802.11 Station and Access Point to generate the Master Key for the 4-way handshake. The Master key so generated is not an encryption key but forms the input to generate further temporal keys that can be used to encrypt data. The Master key is termed as Pairwise Master Key (PMK). It is “Pairwise” – since it is the same between the station and the Access Point.

The 802.11TM-2012 standard defines the current Password based key derivation function (PBKDF2) to generate the Pairwise Master Key from the Passphrase entered by the user. The standard definition is provided below

The 256 bits output by the PSK function is also termed as the Pairwise Master Key (PMK). The PMK so generated is used as input to generate further temporal keys. The temporal keys are the keys that are used to encrypt each packet. The pair-wise master key generated at the Access Point and the 802.11 station is the same.

Once the PSK/EAP Method is used to generate the Pairwise Master Key material – a 4-way handshake termed the EAPOL handshake ensues. The 4 way EAPOL handshake is described in the next article

EAPOL 4-Way Handshake

Leave a Reply

Your email address will not be published. Required fields are marked *