Wi-Fi is a Passion


Key Caching

PMK caching or static key caching (SKC) is the first caching method. The PMK is cached for a certain length of time. A client is able to cache multiple PMKs, so when a client associates with an access point a new PMKSA is established with PMK #1. This key will be cached on the client. When the client roams to another access point, a new PMKSA is established and PMK #2 is cached on the client. In the next reassociation request (the access point 1), there is a list with all the PMKIDs (found in the RSNIE). When there is a match the 802.1X/EAP exchange will be skipped and the client proceeds with the 4-way handshake. Since the PMK #1 is matched, there is not a new PMKSA established and also no new PMK. A roaming with 802.1X/EAP + the 4-way handshake can take 700ms. In this case, with SKC, only the 4-way handshake needs to be done and the roaming will between 40 to 60ms and this will help with Voice over Wi-Fi roaming. This is a slow roam forward and a fast roam backwards, because every time a client roams to an access point that doesn’t have the key cached, the 802.1X/EAP needs to be done for creating a PMK.

For a faster authentication, you can do pre-authentication. In this situation, the 802.1X/EAP exchange with the new access point is done at the moment the client is still associated with the current access point. The 802.1X/EAP exchange goes through the current access point over the DS to a possible new access point. A new PMK is created and cached on the new access point and on the client. At the moment that the client wants to roam to this new access point, both the client and the access point have already had the key cached and can skip the 802.1X/EAP exchange. The client uses active and passive scanning to learn about other access points in the ESS. Within the probe response frames and beacon frames is the RSNIE that have a field with capabilities for pre-authentication support. This sounds like a great solution for fast roam forward/backwards, but pre-authentication with all possible access points means a lot of RADIUS requests for all those access points. This asks a lot of load and might not be a smart idea.

Both solutions have their advantages and disadvantages. Vendors came up with a new solution for key caching. Opportunistic key caching (OKC) is not defined in an 802.11 standard. With OKC the key is also cached and distributed among the access points. The way this distribution works depends on the WLAN architecture that is in place. Within an architecture with a WLAN Controller, the WLC distributes the key to all the access points. In an architecture with only access points there is a proprietary protocol that distributes the PMKs to the other access points. With OKC there is a formula that calculates the PMKID. This formula is HMAC-SHA1-128 (PMK, “PMK Name” || AA || SPA). HMAC is Keyed-Hash Message Authentication code, a mechanism for message authentication with a hash function. AA is the authenticator MAC address; the SPA is the supplicant MAC address.
- The first step is the 802.1X/EAP authentication that finds place between the client, the current access point, and the RADIUS server. PMK #1 is created and PMKID #1 is created as well. After this the 4-way handshake process starts and the client is able to transmit data on the network.
- The current access point caches the PMK #1 and forwards the PMK #1 to the new access point.
- The client calculates, using the formula, a new PMKID #2 and uses the PMK #1 and the new access point MAC address and its own MAC address. In the reassociation request you can find the PMKID in the RSNIE.
- The new access point receives the reassociation request and calculates also the PMKID with the PMK (received from the current access point), client MAC address, and its own MAC address. There is no reauthentication needed, since the PMKID from the request matches the calculated PMKID from the new access point. The new access point sends the reassociation response frame to the client, the 802.1X/EAP exchange is skipped, and during the 4-way handshake the other encryption keys are created.

As you can see, there is only one 802.1X/EAP exchange and the access points calculate the PMKID with the formula. The PMK from the first 802.1X/EAP exchange is the seeding material for all the access points. This method is more efficient than pre-authentication where the 802.1X/EAP exchange still exists every time a client roams. Not all vendors support OKC with multiple controllers (intercontroller roaming). In that case for the new controller a new 802.1X/EAP exchange finds place, but the PMK will be used for all the access points that are associated with that controller.

Cisco has also a proprietary fast secure roaming option, and this is Cisco Centralized Key Management (CCKM). CCKM works only with a Cisco environment, but with FT (Fast BSS Transition) defined as an amendment, CCKM will not implemented often.