Which of the following is the actual key used to encrypt wireless network traffic in a Wi-Fi Protected Access (WPA)-based network? (Wentz QOTD)
A. The Pre-Shared Key (PSK)
B. MSK (Master Session Key)
C. PMK (Pairwise Master Key)
D. GTK (Group Temporal Key)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. GTK (Group Temporal Key).
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
This question is designed to highlight that wireless networks compliant with Wi-Fi Protected Access (WPA) and its successors actually use TWO keys to encrypt and encrypt unicast and multicast/broadcast traffic. The Pre-Shared Key (PSK) is not used directly to encrypt all the traffic. Instead, the PSK is used to derive the actual keys that encrypt unicast traffic (PTK) and multicast & broadcast traffic (GTK) in the well-known WPA 4-way handshake.
The are many keys involved in the four-way handshake.
- Pre-Shared Key (PSK)
- MSK (Master Session Key)
- PMK (Pairwise Master Key)
- GMK (Group Master Key)
- PTK (Pairwise Transit Key)
- GTK (Group Temporal Key)
The master session key (MSK) is the first key generated either from 802.1X/EAP or derived from PSK authentication.
Reference
- 4-WAY HANDSHAKE
- Security Mechanisms and Resource Reservation Schemes for Fast Handoff in Wireless Internet
以下哪一項是在基於 Wi-Fi 保護訪問 (WPA) 的網絡中用於加密無線網絡流量的實際密鑰? (Wentz QOTD)
A. 預共享密鑰 (PSK)
B. MSK(主會話密鑰)
C. PMK(成對主密鑰)
D. GTK(組臨時密鑰)