Table of Contents
Advertisement
CSP
WPA2 PSK
802.11i Pairwise Master
Key (PMK)
802.11i Pairwise Transient
Key (PTK)
802.11i
EAPOL MIC Key
802.11i EAPOL Encr Key
802.11i data AES-CCM
encryption/MIC key
CSP TYPE
GENERATION
16-64
CO configured
character
shared secret
used to
authenticate
mesh
connections
and in
remote AP
advanced
configuration
512-bit
shared secret
Derived from WPA2
used to
PSK
derive
802.11i
session keys
512-bit
Derived during 802.11i
shared secret
4-way handshake
from which
Temporal
Keys (TKs)
are derived
128-bit
Derived from PTK
shared secret
used to
protect 4-
way (key)
handshake
128-bit
Derived from PTK
shared secret
used to
protect 4-
way
handshakes
128-bit AES-
Derived from PTK
CCM key
42
STORAGE
And
USE
ZEROIZATI
ON
Encrypted in
Used to derive
flash using the
the PMK for
KEK; zeroized
802.11i mesh
by updating
connections
through
between APs
administrative
and in
interface, or by
advanced
the 'ap wipe
Remote AP
out flash'
connections;
command.
programmed
into AP by the
controller over
the IPSec
session.
In volatile
Used to derive
memory only;
802.11i
zeroized on
Pairwise
reboot
Transient Key
(PTK)
In volatile
All session
memory only;
encryption/dec
zeroized on
ryption keys
reboot
are derived
from the PTK
In volatile
Used for
memory only;
integrity
zeroized on
validation in 4-
reboot
way
handshake
In volatile
Used for
memory only;
confidentiality
zeroized on
in 4-way
reboot
handshake
Stored in
Used for
plaintext in
802.11i packet
volatile
encryption and
memory;
integrity
zeroized on
verification
reboot
(this is the
CCMP or
AES-CCM
key)
Advertisement
Table of Contents
