Authentication and Key Management. Identifies the authentication method and key derivation algorithm used by an RSN. Defined in IEEE 802.11-2024 Table 9-190.
ANonce
Authenticator Nonce. A random value generated by the AP and sent in EAPOL Message 1 and Message 3, used as input to the PTK derivation.
AP
Access Point. The infrastructure device that bridges wireless clients to the wired network, acting as the authenticator in 802.11 authentication.
BSSID
Basic Service Set Identifier. The MAC address of the AP's radio interface, used to uniquely identify a BSS.
CCMP
Counter Mode with CBC-MAC Protocol. The mandatory encryption protocol for RSN (WPA2), based on AES-128 in CCM mode. Provides both confidentiality and integrity.
EAPOL
Extensible Authentication Protocol over LAN. The encapsulation used to carry EAP messages and 4-way handshake key frames between the STA and AP over 802.11.
ESSID
Extended Service Set Identifier. The network name broadcast in beacons and probe responses. Used as the salt in PBKDF2 for PSK-based key derivation.
FT
Fast BSS Transition. Defined in IEEE 802.11r, allows a STA to pre-authenticate with a target AP before roaming, reducing handoff latency. Introduces the R0/R1 key hierarchy.
GCMP
Galois/Counter Mode Protocol. An encryption protocol based on AES-GCM, introduced in 802.11ac (Wave 2) as an alternative to CCMP. Supports 128-bit and 256-bit key lengths.
GTK
Group Temporal Key. The key used to encrypt broadcast and multicast frames within a BSS. Distributed to stations via the 4-way handshake or group key handshake.
ICV
Integrity Check Value. The CRC-32 checksum appended to WEP frames before encryption. Provides no real integrity protection due to CRC-32 linearity.
IV
Initialization Vector. A value prepended to the WEP key before RC4 key scheduling. The 24-bit IV space in WEP is too small to prevent reuse.
KCK
Key Confirmation Key. Extracted from the PTK (typically 128 bits; 192 bits for SHA-384 AKMs), used to compute the MIC over EAPOL-Key frames during the 4-way handshake.
KDF
Key Derivation Function. A generic term for functions that derive cryptographic keys from input keying material. In 802.11, refers specifically to the function used to derive the PTK from the PMK and nonces.
KEK
Key Encryption Key. Extracted from the PTK after the KCK (typically 128 bits; 256 bits for SHA-384 AKMs), used to encrypt the Key Data field in EAPOL-Key frames (e.g., the GTK in Message 3).
MIC
Message Integrity Code. A keyed hash computed over EAPOL-Key frames using the KCK. The algorithm depends on the Key Descriptor Version: HMAC-MD5 (kv1), HMAC-SHA1-128 (kv2), AES-128-CMAC (kv3), or per Table 12-11 for kv0 (e.g., HMAC-SHA-384 for SHA-384 AKMs).
MPMK
Master Pairwise Master Key. The root key used in the FT key hierarchy to derive PMK-R0. For AKM 4 (FT-PSK), MPMK = PSK. For AKM 3 (FT-802.1X), MPMK is extracted from the MSK.
MSK
Master Session Key. The key material exported by an EAP method after successful authentication. The first 256 bits (or 384 bits for SHA-384 AKMs) become the PMK in 802.1X-based networks.
OWE
Opportunistic Wireless Encryption. Defined in RFC 8110 and 802.11 AKM 18, provides encryption on open networks using a Diffie-Hellman key exchange. No passphrase is involved, so there is nothing to crack.
PASN
Pre-Association Security Negotiation. Defined in 802.11az, allows security negotiation before association. Uses its own key hierarchy and supports AKM-defined PMKID derivation.
PBKDF2
Password-Based Key Derivation Function 2. Defined in RFC 2898, used in WPA/WPA2-PSK to derive the 256-bit PMK from the passphrase and SSID with 4096 iterations of HMAC-SHA1.
PMK
Pairwise Master Key. The 256-bit key from which the PTK is derived. In PSK mode, PMK = PBKDF2(passphrase, SSID). In 802.1X mode, PMK = first 256 bits of the MSK.
PMKID
Pairwise Master Key Identifier. A hash value derived from the PMK, AP MAC, and STA MAC. Optionally included in EAPOL Message 1 to identify a cached PMKSA. Can be used for client-less PSK cracking.
PMKSA
Pairwise Master Key Security Association. The cached state (PMK, PMKID, lifetime, authentication method) stored by both AP and STA after successful authentication, enabling session resumption.
PRF
Pseudo-Random Function. The HMAC-SHA1-based function used in WPA/WPA2 to derive the PTK from the PMK, nonces, and MAC addresses. Called PRF-384 for CCMP or PRF-512 for TKIP.
PSK
Pre-Shared Key. A passphrase-based authentication mode where the PMK is derived from a shared passphrase using PBKDF2. Used in WPA-Personal and WPA2-Personal deployments.
PTK
Pairwise Transient Key. The per-session key derived from the PMK, ANonce, SNonce, and both MAC addresses. Composed of KCK, KEK, and TK sub-keys.
R0KH
R0 Key Holder. The entity (typically the initial AP) that holds PMK-R0 in the Fast BSS Transition key hierarchy. Identified by R0KH-ID.
R1KH
R1 Key Holder. The entity (target AP) that holds PMK-R1 in the Fast BSS Transition key hierarchy. Identified by R1KH-ID (typically the target AP's BSSID).
RC4
Rivest Cipher 4. The stream cipher used by WEP and TKIP. WEP's use of RC4 with short IVs and per-packet key construction is fundamentally broken.
RSN
Robust Security Network. The security framework defined in IEEE 802.11i and incorporated into IEEE 802.11-2020, encompassing WPA2 and WPA3 security mechanisms.
RSNE
RSN Element (also RSN IE). The information element in beacons, probe responses, and association frames that advertises supported cipher suites, AKM suites, and RSN capabilities.
SAE
Simultaneous Authentication of Equals. The key exchange protocol used in WPA3-Personal (AKM 8/9). Based on the Dragonfly protocol (RFC 7664), it provides resistance to offline dictionary attacks.
SNonce
Supplicant Nonce. A random value generated by the STA and sent in EAPOL Message 2, used as input to the PTK derivation.
SPA
Supplicant Address. The MAC address of the client station. Used alongside the BSSID (AA) in key derivation functions and PMKID computation.
SSID
Service Set Identifier. The human-readable network name. In PSK mode, it serves as the PBKDF2 salt. Maximum 32 bytes, encoding not specified by the standard.
STA
Station. Any device with an 802.11-compliant MAC and PHY interface. In practice, refers to a wireless client device as distinct from an AP.
TDLS
Tunneled Direct-Link Setup. Allows two STAs within the same BSS to establish a direct link without routing traffic through the AP. Uses its own key hierarchy with a TPK derived from the PMK.
TK
Temporal Key. The portion of the PTK used for per-frame encryption and integrity. For CCMP, the TK is 128 bits; for GCMP-256, it is 256 bits.
TKIP
Temporal Key Integrity Protocol. The transitional encryption protocol introduced with WPA1 as a firmware upgrade for WEP hardware. Uses RC4 with per-packet key mixing and Michael MIC. Deprecated.
WEP
Wired Equivalent Privacy. The original 802.11 encryption mechanism using RC4 with a 24-bit IV. Broken by multiple attacks (FMS, KoreK, PTW) and fully deprecated.
WPA
Wi-Fi Protected Access. The Wi-Fi Alliance certification program. WPA1 uses TKIP, WPA2 mandates CCMP, and WPA3 adds SAE for personal mode and 192-bit security for enterprise mode.