NIS Chapter 05

Question 1

Why is it advantageous to have dynamic key instead of static ones?

Answer 1

they are not at risk to things like social engineering making them more secure

Question 2

After the mutual authentication exchange (EAP). Both the authentication server and the supplicant have information about each other. What information is this?

Answer 2

• seeding material
• ## key per user and per session

Question 3

what is the difference between pre-RSNA and RNSA

Answer 3

preRSNA algorithms use static WEP encryption and legacy authentication methods

whereas RSN use TKIP/RC4 or CCMP /AES. dynamic key management and the 802.1X authentication methods

Question 4

What is the purpose of 802.1X/EAP?

Answer 4

for authorisiation and authentication

Question 5

what are the advantages of dynamic keys?

Answer 5

free of social engineering attacks

Question 6

Draw the dynamic WEP authentication process

Answer 6

draw / explain

Question 6

what is dynamic WEP

Answer 6

a WLAN security implementation that was a short term solution until TKIP/RC4 or CCMP/AES became available

Question 7

What is the name of the payload that is protected by WEP encryption? And what layer are these suits found?

Answer 7

MSDU payload. Found in layer 2

Question 8

What is RSNA? (3)

Answer 8

A security standard that requires 802.11 stations to:
- authenticate
- create dynamic keys that are unique
- do the 4 way handshake

Question 9

Between CCMP/AES and TKIP/RC4 which one is optional in RSNA?

Answer 9

TKIP/RC4

Question 10

With BSS that implement RSNA, a unique key has to be created between each AP and client to encrypt and decrypt all unicast traffic. What is the name of this key?

Answer 10

PTK(pairwise transient key)

Question 11

What is the name of the broadcast key of a RSNA implementing BSS? And what is it used for?

Answer 11

GTK (group temporal key)
- Used to encyrpt and decrypt all multitask and broadcast traffic

Question 12

What is the difference between IBSS and BSS?

Answer 12

BSS has an access point
IBSS has no AP. Solely consists of client stations

Question 13

How is RSNA in a IBSS implemented interms of key distribution?

Answer 13

• Peer 2 peer communication is used
• a client must have aPTK with each client it communicates with
• each STA will create and distribute its GTK

Question 14

What is a TSN? And what does it mean?

Answer 14

A transition security network is a type of security standard that supports both RSN security as well as legacy security such as WEP.

• This means that in the network, some clients use either TKIP/RC4 or CCMP/AES but others use static WEP

Question 15

Since dynamic WEPs are safer, are they considered RSNA?

Answer 15

No, they are pre-RSNA

Question 16

Virtual vlans can also be created within a WLAN and each has a different security standard

Answer 16

true

Question 17

What is an RSN information element?

Answer 17

a field found in 802.11 management frame that carries information about the encryption abilities of each station and also whether PSK or 802.1X/EAP is being used

Question 18

What is the AKM service?

Answer 18

This consists of one or more algorithms designed to provide key management and authentication

Question 19

What are the 2 options for AKMP authentication?

Answer 19

PSK and 802.1X/EAP

Question 20

What AKM operations are used when 802.1X/EAP is used for authentication?

Answer 20

• secure channel : authenticator and AS must have a secure channel established
• discovery: AP must be discovered either via active probing or passive beaconing
• Authentication: a
• ## Master key generation: supplicant and AS generate PMK (pairwise master key)

Question 21

At what point does the controlled port of an authenticator open?

Answer 21

once the temporal keys have been created and installed. Only then can the encrypted data frames be forwarded

Question 22

What 5 keys are needed in order to establish a RSNA?

Answer 22

• MSK
• GMK
• PMK
• GTK
• PTK

Question 23

Break down the hierarchy

Answer 23

-called AAA key
MSK are a result of 802.1X/EAP. It is used to create PMK, not used to encrypt or decrypt data

• PMK uses MSK as seeding material to create it. A new one is generated for each client in each session. It is used to create the PTK
• GMK is randomly generated at the authenticator. This is used to create GTK

-* These master keys are now used as seeding material for the 4 way handshake in the creation of the temporal keys

• PTK is derived from the PMK during the 4 way handshake. It is used to encrypt and decrypt all unicast data between a single client station and AP
  Same with GTK but multicast and broadcast

Question 24

What are the 3 components of a PTK?

Answer 24

• KCK: integrity of keys
• KEK: privacy
• TK: encrypt and decrypt frames between a supplicant and an authenticator

Question 25

What are EAPOL key frames used for in802.11 2007

Answer 25

to exchange cryptographic information between supplicants and authenticators

Question 26

What are the 6 major purposes of the EAPOL key frame?

Answer 26

1. confirm the existence of the PMK at the peer station
2. ensure that PMK is current
3. derive PTK from PMK
4. install PTK on A and STA
5. transfer GTK from A to STA and install key
6. Confirm selection of the cipher suites

Question 27

give the formula to derive the PTK?

Answer 27

PRF(AA + SA+ SNonce + ANonce + PMK)

Question 28

Describe the 4 way handshake

Answer 28

• 25

Question 29

What is the difference between 802.1X/EAP and PSK

Answer 29

• Pre shared keys come with defined passphrase that is configured on the STA and AP. Same key used for all devices connecting to the WLAN
• 802.1X/EAP uses unique keys for each session oer user, uses the 4 way handshake