capwap-3----Page:17
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
|
PSK Based Security Join request (DH-Params(g, p, g^x mod p), WNonce, SID) Join Response (DH-Params(g^y mod p), SID, ANonce, PSK-MIC) AC chooses exponent y and creates ANonce PMS = LEN_16(Z) | Z | LEN_16(PSK) | PSK KeyMaterial = PRF(PMS, "master secret", Wnonce + Anonce) Key Material is split into K1 (KCK), K2 (KEK) and K3 (Rekey key) WTP AC WTP computes key PSK-MIC validation provides key confirmation AES-CCM Encrypted Control Channel Join ACK (SID, PSK-MIC) Join Confirm (SID, PSK-MIC) PSK-MIC validation provides key confirmation Authenticated Join Confirm closes the state machine loop AC chooses exponent x and creates WNonce |