Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

HP Exam HPE6-A85 Topic 8 Question 12 Discussion

Actual exam question for HP's HPE6-A85 exam
Question #: 12
Topic #: 8
[All HPE6-A85 Questions]

What does WPA3-Personal use as the source to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network?

Show Suggested Answer Hide Answer
Suggested Answer: A

The source that WPA3-Personal uses to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network is session-specific information (MACs and nonces). WPA3-Personal uses Simultaneous Authentication of Equals (SAE) to replace PSK authentication in WPA2-Personal. SAE is a secure key establishment protocol that uses a Diffie-Hellman key exchange to derive a shared secret between two parties without revealing it to an eavesdropper. SAE involves the following steps:

The station and the access point exchange Commit messages that contain their MAC addresses and random numbers called nonces.

The station and the access point use their own passwords and the received MAC addresses and nonces to calculate a shared secret called SAE Password Element (PE).

The station and the access point use their own PE and the received MAC addresses and nonces to calculate a shared secret called SAE Key Seed (KS).

The station and the access point use their own KS and the received MAC addresses and nonces to calculate a shared secret called SAE Key Confirmation Key (KCK).

The station and the access point use their own KCK and the received MAC addresses and nonces to calculate a confirmation value called SAE Confirm.

The station and the access point exchange Confirm messages that contain their SAE Confirm values.

The station and the access point verify that the received SAE Confirm values match their own calculated values. If they match, the authentication is successful and the station and the access point have established a shared secret called SAE PMK.

The SAE PMK is different for each session because it depends on the MAC addresses and nonces that are exchanged in each authentication process. The SAE PMK is used as an input for the 4-way handshake that generates the Pairwise Temporal Key (PTK) for encrypting data frames.

The other options are not sources that WPA3-Personal uses to generate a different PMK each time a station connects to the wireless network because:

Opportunistic Wireless Encryption (OWE): OWE is a feature that provides encryption for open networks without requiring authentication or passwords. OWE uses a similar key establishment protocol as SAE, but it does not generate a PMK. Instead, it generates a Pairwise Secret (PS) that is used as an input for the 4-way handshake that generates the PTK.

Simultaneous Authentication of Equals (SAE): SAE is not a source, but a protocol that uses session-specific information as a source to generate a different PMK each time a station connects to the wireless network.

Key Encryption Key (KEK): KEK is not a source, but an output of the 4-way handshake that generates the PTK. KEK is used to encrypt group keys that are distributed by the access point.


Contribute your Thoughts:

Shannon
6 months ago
That makes sense, Elli. Thanks for the explanation.
upvoted 0 times
...
Elli
6 months ago
SAE allows for secure key exchange without the need for a pre-shared key, which makes it a strong candidate for generating PMKs.
upvoted 0 times
...
Colby
6 months ago
Interesting, Elli. Can you explain why you think SAE is used for this purpose?
upvoted 0 times
...
Elli
7 months ago
I believe WPA3-Personal uses Simultaneous Authentication of Equals (SAE) for generating PMKs.
upvoted 0 times
...
Shannon
7 months ago
I agree with you, Colby. Session-specific information like MACs and nonces can help in generating unique keys.
upvoted 0 times
...
Colby
7 months ago
I think WPA3-Personal uses Session-specific information to generate a different PMK.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77