1. User is authenticated according to the IEEE 802.1X model, based on the Extensible Authentication Protocol (EAP, RFC 2284bis)
2.Authentication is conducted between the supplicant (user’s PC) and the (RADIUS) authentication server.
-The link between the users’ database (LDAP, GSM HLR;..) and the RADIUS server is not specified.3. At the end oh this process Master Session Key (MSK) is computed by the supplicant and the authenticator
- As specified in 802.1X-REV-d8 MSK is a couple of two 32 bytes key named MS-MPPE-Send-Key and MS-MPPE-Recv-Key. These keys are securely sent (by the RADIUS server) to the access point as described in RFC 2548 (Microsoft Vendor-specific RADIUS attributes).4. A key exchange protocol (IEEE 802.1X, IEEE 802.11i) is used in order share a session key SK (for example a WEP key or a PTK key) between the Access Point an the Supplicant.
5. According to the radio security protocol used between the Access Point and the Supplicant (WEP, TKIP, CCMP) various key are deduced from SK in in order to realize,
- 802 Frames privacy (data encryption)
- 802 Frames integrity
- 802 Frames authentication (data encryption + data integrity symmetric signature).