Graph linking
Information
"The MS-CHAP-MPPE-Keys Attribute contains two session keys for use by the Microsoft Point-to-Point Encryption Protocol (MPPE). This Attribute is only included in Access-Accept packets." [1]
There are two keys: MS-MPPE-Send-Key and MS-MPPE-Recv-Key and gcse coursework.
"The MS-MPPE-Send-Key Attribute contains a session key for use by the Microsoft Point-to-Point Encryption Protocol (MPPE). As the name implies, this key is intended for encrypting packets sent from the NAS to the remote host. This Attribute is only included in Access-Accept packets." [1].
"The MS-MPPE-Recv-Key Attribute contains a session key for use by the Microsoft Point-to-Point Encryption Protocol (MPPE). As the name implies, this key is intended for encrypting packets received by the NAS from the remote host. This Attribute is only included in Access-Accept packets." [1].
(Following interpretations are based on email-discussion. Can someone verify the interpretation of that discussion from specification and add references?)
In 802.11i, MS-MPPE-Recv-Key is used for delivering Pairwise-Master-Key from RADIUS to the access point. In plain 802.1X + WLAN context, it is used for encrypting the WEP key, which accesspoint delivers to mobile station.
In 802.11i, MS-MPPE-Send-Key is omitted. However, in plain 802.1X it is used for signing the WEP-key.
References
[1] Microsoft Vendor-specific RADIUS Attributes http://www.ietf.org/rfc/rfc2548.txt
Questions
- Q01: How the transformation from MS-MPPE-Recv-Key to PMK is done?
- A01:
- Q02: After succesful authentication, does the RADIUS server provide the Pairwise/Group Master Keys
- A02: Only the Pairwise Master Key (PMK)
- Q03: Is the method for delivering the keys same in both: Dynamic WEP (plainly 802.1X) and WPA/802.11i
- A03: No, in WPA MS-MPPE-Send key is omitted, while in Dynamic WEP, it is used for signing the encrypted WEP key
- Q04: Does the size of master keys vary depending on the EAP-method
- A04:
- Q05: How the keys are generated in Dynamic WEP case?
- P05: Keys are generated with pseudo random number generator, after which they are encrypted with MS-MPPE-Recv-key and sent to mobile station. (P=presumption)
- Q06: How is the GMK generated?