How is the Groupwise Transient Key used in WiFi networks?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
New contributor
add a comment |Â
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
New contributor
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
New contributor
In Wifi WPA, I understand that during association, a 802.11 client and AP negotiate a Pairwise Transient Key (PTK), using which the Groupwise Transient Key(GTK) is provided to the station.
I understood recently that all communication from/to this client, including broadcast from the client to all other stations happen through the AP.
Why then does the client need to encrypt the broadcast using the GTK? Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
wireless ieee-802.11 layer2 access-point networking
wireless ieee-802.11 layer2 access-point networking
New contributor
New contributor
edited 1 hour ago
Ron Maupinâ¦
58.6k1056102
58.6k1056102
New contributor
asked 2 hours ago
Sush
1303
1303
New contributor
New contributor
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
add a comment |Â
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
add a comment |Â
up vote
3
down vote
accepted
up vote
3
down vote
accepted
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
Why then does the client need to encrypt the broadcast using the GTK?
It doesn't. Since the AP broadcasts, not the client, the client doesn't use the GTK to encrypt the frame. The AP does.
Why can't the client just encrypt the broadcast frame using its PTK, and the AP decrypt it, ...
Exactly. This is what happens.
... the AP decrypt it, then encrypt it using each of the other clients' PTK before sending it out to them?
Here is where the magic happens. By the standard, a broadcast frame is sent one time from the AP to all associated clients. If the AP used the PTK from one client, none of the other clients would be able to process the frame. So instead, the GTK is used by the AP for broadcasts and each client has been given the GTK to decrypt such frames.
Now, if some sort of broadcast-to-unicast conversion takes place on the wireless infrastructure, then the PTK would be used by the AP for each corresponding client rather than the GTK.
answered 1 hour ago
YLearnâ¦
21k54196
21k54196
add a comment |Â
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
add a comment |Â
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
A WAP doesn't convert a broadcast frame into unicast frames to each individual Wi-Fi client. It sends a single broadcast frame to all the Wi-Fi clients at the same time. Sending a frame to each client really defeats the purpose of broadcast. That is why the WAP will broadcast at the slowest possible rate. All the devices need to be able to receive the single broadcast frame, including those requiring slow rates.
answered 1 hour ago
Ron Maupinâ¦
58.6k1056102
58.6k1056102
add a comment |Â
add a comment |Â
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sush is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54236%2fhow-is-the-groupwise-transient-key-used-in-wifi-networks%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password