43
CSP
CSP TYPE
GENERATION
STORAGE
And
ZEROIZATI
ON
USE
802.11i Group Master Key
(GMK)
256-bit
secret used
to derive
GTK
Generated from approved
RNG
Stored in
plaintext in
volatile
memory;
zeroized on
reboot
Used to derive
Group
Transient Key
(GTK)
802.11i Group Transient
Key (GTK)
256-bit
shared secret
used to
derive group
(multicast)
encryption
and integrity
keys
Internally derived by AP
which assumes
“authenticator” role in
handshake
Stored in
plaintext in
volatile
memory;
zeroized on
reboot
Used to derive
multicast
cryptographic
keys
802.11i Group AES-CCM
Data Encryption/MIC Key
128-bit
AES-CCM
key derived
from GTK
Derived from 802.11
group key handshake
Stored in
plaintext in
volatile
memory;
zeroized on
reboot
Used to protect
multicast
message
confidentiality
and integrity
(AES-CCM)
RSA private Key
1024/2048-
bit RSA
private key
Generated on the AP
(remains in AP at all
times)
Stored in and
protected by
AP’s non-
volatile
memory.
zeroized by the
‘ap wipe out
flash’
command
Used for
IKEv1/IKEv2
authentication
when AP is
authenticating
using
certificate
based
authentication