WiFi Security

[som_mukhopadhyay]

Hi All,
Presently I am working on WiFi security domain. I have a specific question about EAP-TTLS.
As all of you are aware that TLS handshake will do three specific task:

1. It authentuicates the server
2. It creates a pre master shared key..
3. And last but not the least it makes a ciphersuite ready.

Now as we are aware that WPA/RSN has got its own ciphersuite, namely TKIP and AES-CCMP. Hence WPA/RSN version of EAP-TTLS will avoid the last of the above three points.

Now as we know in EAP-TTLS, after the TLS handshake we tunnel further authentication information. That means that it will go through an encryption layer.

Assuming we are passing a CHAP response message containg the user name and the password through the tunnel, which of the encryption methodology will take place. what I want to know that will this be encrypted through the TLS record protocol or will it be encrypted by the standard AES-CCMP/RC4-TKIP?

If somebody can clarify it to me, I will be thankful.

Thanks in advance..

Somenath

[svendufva]

The delivery of MSK (that has been derived via EAP-methods) is done outside the basic 802.11 framework so it is being encrypted/calculated by any means that EAP-protocol type provides so it encrypted by TLS record protocol. Calculating the PSK from MSK is then done in .11 chipher suite specific protocols such as AES or TKIP.

Sven