IEEE 802.11r-2008 is also known as “fast basic service set transition –FT” is defined for allow fast secure roaming.802.11r mechanism introduce multiple layer of PMKs that are cached in different devices and assign different roles (key holder roles) to different devices as listed below.
WLAN Controller : PMK-R0 key holder (R0KH)
Access Point : PMK-R1 key holder (R1KH)
Client Station : PMK-S0 key holder (S0KH)
Client Station : PMK-S1 key holder (S1KH)
802.11r defines a three-level key hierarcy
1. Pairwise Master Key R0(PMK-R0) : The first level key of the FT key hierarchy. This key is derived from master session key (MSK)
2. Pairwise Master key R1(PMK-R1) : The second level key of the FT key hierarchy.
3. Pairwise Transit Key (PTK) : The third-level key of the FT key hierarchy. The PTK is the final key used to encrypt 802.11 data frames.
In 802.11r, various levels of FT keys are derived & stored in different WLAN devices. 802.1X/EAP creates the master session key (MSK) & then MSK is used to create first-level master key (PMK-R0). PMK-R0 is cached on the WLAN controller.So WLAN controller is key holder for first-level key
The second level key, PMK-R1 is derived from PMK-R0 & sent from WLAN controller to the controller managed APs.So PMK-R1 keys are cached on the APs & APs ar the key holders for PMK-R1.
PMK-R1 is used to derive PTKs, which are used to encrypt data. Below diagram summarized the key hierarchy of WLAN controller infrastructure (page 266- CWSP Official Study Guide)
There are various level of FT keys derived and stored on the client stations. 802.1X/EAP creates MSK & then MSK is used to create first level of master key (PMK-R0). The PMK-R0 is cached on the supplicant/client station. So client station is the key holder for first-level key.
Using PMK-R0, client station will derives the second-level key PMK-R1. PMK-R1 is cached on the client station. So supplicants are key holder for the PMK-R1. PMK-R1 is used to derive PTKs, which are used to encrypt data.
Below diagram (Page 267 -CWSP Offical Study Guide) shows the Supplicant FT key hierarchy.
1. CWSP Official Study Guide
2. CWNP-RSN Fast BSS Transition (FT) white paper.
1. CWSP-802.11 Roaming Basics
2. CWSP-802.11r FT initial Association
3. CWSP-802.11r Over-the-Air-FT
4. CWSP-802.11r Over-the-DS-FT