Start with Wifi Basics - Part 2: Types of Network and Association

Using the method of Scanning we have found the available network, now its time to connect to them.

There are Broadly two kinds of networks:
1. Open - Not Encrypted, No Authentication required, available to everyone and NOT recommended

2. Secured - Encrypted, Authentication required ( PSK or dot1x )
    i. WEP based - WEP stands for Wired Equivaled Privacy. When the 802.11 standard was                  developed this was the only security network, but this network was not very much secured and was soon Broken. This kind of security is not used nowadays. This security was based on Password/ Dot1x Credentials shared by Network administrator.
You really dont have to go in the details of this as this is DEAD.

   ii. WPA - Soon after WEP was broken, there was an immediate need to have a secured network in Wireless LAN and thus Wifi Alliance came up with WPA (Wifi Protected Access) standard. WPA Standard used TKIP as an encryption Cipher to encrypt the data and protect the network.

  iii. WPA2 or 802.11i - This was the IEEE developed standard and this provides a strong encryption technique called AES. This encrytion engine was developed at the Chip hardware and thus was fast.


Both WPA/WPA2 provides PSK and Enterprise Authentication:
In PSK, the network administrator provides a common password for all the users.
In Dot1x, the authentication is done by a radius server ( it is a kind of server which has Usernames and its Password).  More details on this in future.


Now lets see how the Connection Packet exchange looks like:

For Open Network:
After Scanning, the wireless client sends out a Authentication request process to the AP indicating its interest to Join the network. The packet contains a field called "Authentication Algorithm" this is set to "Open" for all networks except for WEP networks for which it is set to "Shared Key". 

The Authentication response is sent by the AP to wireless client with Status code as "Success".

After Authentication, Association packet is sent to the AP by the Station. This packets has all the required fields to join to a network. This packet has the following:
SSID field - which says as which network it wishes to join. 
Supported data rates - lists the supported data rates by client
QoS - QoS information 
and much more. For now, it is important to know that Association packet has all the required info to connect to the network

AP after looking at the Association request packet contents, decides if the client is fit to join the network, if yes, then it sends a Association response packet with an Association ID called AID. With this ID the AP now identifies this client. No two clients connected to the same AP can have the same AID. The association response packet also has the Association status as Success.

For Open network, the connection is completed at this state. The Client can now request for DHCP IP address and get a valid IP address. 

For PSK Network:

The Association process in PSK is same as Open network but has an extra step of doing a 4-way Handshake. This is to derive keys using the "Pre shared Password" between Client and AP for data encryption.
        Four Way Handshake: Refer the next Blog update 4way Handshake explanation


For Dot1x Network:

The initial process of Association is similar to an Open profile or PSK, the new part in Dot1x network is that there is no Pre shared Password in this. There is a radius server that takes care of authenticating the user and deriving a "PMK" Pair wise Master key between station and AP. This PMK is then used to derive the PTK  using the 4-way Handshake.

There are different 802.1X protocols that Wireless client uses, such as:
EAP-TLS
PEAP-MSCHAP, 
EAP-FAST
PEAP-TLS
LEAP
EAP-SIM... etc.

Comments

Popular posts from this blog

Wifi Roaming Techniques : Pre-Authentication, PMK Caching, OKC, Fast Transition - 11r

802.11w Protected Management Frames (PMF)

Power Saving Techniques