When an
802.1x authentication server (such as RADIUS) is in use, the PMK is derived when a
station authenticates with the server. For networks that do not use an 802.1x server, a preshared
key (PSK) is distributed out of band to every station and access point. This PSK is
the PMK.
The security association between the two nodes is created during an exchange of four
EAPoL packets called a four way handshake. During this transaction, the nodes derive a
pair-wise transient key (PTK), which is then partitioned to provide the individual keys the
pair will use for encryption, data integrity, and so forth. The PTK is derived from the PMK
and a random value from both the station (the SNonce) and the access point (the ANonce).
When TKIP or CCMP are in use, broadcast and multicast traffic is also protected by
encryption, using a Group key shared by all members of the BSS or IBSS. The Group
Temporal Key (GTK) is distributed during the four-way handshake, or can be distributed in
a separate group key handshake.
2.2.6 Collision Avoidance and Media Access
One of the most significant differences between Ethernet and 802.11 WLANs is the way in
which they control access to the medium, determining who may talk, and when.
Pages:
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118