Mixing
How is the Groupwise Transient Key used in WiFi networks?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
edited 53 mins ago
Ron Maupin♦
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
edited 53 mins ago
Ron Maupin♦
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
edited 53 mins ago
Ron Maupin♦
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
wireless ieee-802.11 layer2 access-point networking
edited 53 mins ago
Ron Maupin♦
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 53 mins ago
Ron Maupin♦
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 53 mins ago
Ron Maupin♦
58.6k1056102
edited 53 mins ago
Ron Maupin♦
58.6k1056102
edited 53 mins ago
Ron Maupin♦
58.6k1056102
58.6k1056102
asked 2 hours ago
Sush
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
Sush
1303
asked 2 hours ago
Sush
1303
1303
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Sush is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 54 mins ago
YLearn♦
21k54196
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupin♦
58.6k1056102
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 54 mins ago
YLearn♦
21k54196
add a comment |Â
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 54 mins ago
YLearn♦
21k54196
add a comment |Â
up vote
3
down vote
accepted
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 54 mins ago
YLearn♦
21k54196
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 54 mins ago
YLearn♦
21k54196
answered 54 mins ago
YLearn♦
21k54196
answered 54 mins ago
YLearn♦
21k54196
answered 54 mins ago
YLearn♦
21k54196
21k54196
add a comment |Â
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupin♦
58.6k1056102
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupin♦
58.6k1056102
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupin♦
58.6k1056102
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupin♦
58.6k1056102
answered 1 hour ago
Ron Maupin♦
58.6k1056102
answered 1 hour ago
Ron Maupin♦
58.6k1056102
answered 1 hour ago
Ron Maupin♦
58.6k1056102
58.6k1056102
add a comment |Â
add a comment |Â
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54236%2fhow-is-the-groupwise-transient-key-used-in-wifi-networks%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
