Start with Wifi Basics - Part 3: 4-way Handshake

Before we understand the 4-way key hand shake let us understand few definitions:

PMKSA
The Pairwise Master Key Security Association (PMKSA) is created after a successful 802.1x negotiation as part of EAP, or when a Preshared Key (PSK) is configured. It ties the PMK to a lifetime, the authenticator MAC address, and other authorization information. 
PTKSA
The Pairwise Transient Key Security Association (PTKSA) is created after the 4-way handshake completes. It is dependent on the PMKSA and is stored for as long as the PMKSA is valid or until the station is deauthenticated. The PTKSA includes the supplicant and authenticator MAC addresses, the pairwise cipher suite selected, and the PTK itself.
GTKSA

The Group Transient Key Security Association (GTKSA) is created during the 4-way handshake or updated during a group key handshake. It stores the GTK, the broadcast/multicast cipher suites, and for which direction the GTK is good. GTK is used for Broadcast/Multicast traffic only.

Now let us understand the 4-way handshake Packet flow:
At the start of the 4-way handshake, both the Access Point and the 802.11 station contain the PMK.
The Access Point and the 802.11 Station generate a random sequence at their respective ends these are called as Nonce.
The Access point random sequence is termed as ANonce (Short for AP Nonce) and the 802.11 Station random sequence is termed as SNonce (Short for Station Nonce)
The Access Point sends the AP Nonce in the first EAPOL message to the 802.11 Station
The different elements now in the possession of the 802.11 station are
  • AP Nonce
  • Station Nonce
  • Station MAC Address
  • AP MAC Address

The 802.11 Station – now has all the material to generate the Pairwise Transient Key – PTK, a key which is used to generate further keys and temporal keys for Data encapsulation.
----------------------------------------------------------------------------------------------------------------------
The 802.11 station sends the Station Nonce to the AP in EAPOL Message 2 along-with a MIC value (i.e. MIC(Key Confirmation Key, EAPOL)) which is computed over the body of the EAPOL key frame with the Key MIC field initially set to Zero. MIC is used to verify if both ends have derived the same PTK or not. If the PTK derived is not same, then MIC wont be same and will result in MIC check failure.
The Access Point on receipt of the SNonce – generates the Pairwise Transient Key and re-computes the MIC at its end.
----------------------------------------------------------------------------------------------------------------------
The Access Point goes ahead verifies the MIC at its end and in response sends the following to the 802.11 station in EAPOL Message 3
  • Install PTK set to 1
  • The Group Temporal Key (GTK) for Multicast traffic, if GTK is pre-negotiated
  • Receive Sequence Counter for the GTK key
  • MIC computed over the EAPOL frame
---------------------------------------------------------------------------------------------------------------------

The supplicant verifies the MIC and sends Message 4 to the Access point with a MIC calculation. At this Juncture – the 802.11 station has the necessary Key material to configure to the hardware and the 802.11 station can go ahead and configure the Hardware with the PTK and the GTK
The Access point on receiving Message 4, will verify the MIC computed and invoke its MLME.SETKEYS request to install the PTK and GTK
Finally the Data port is opened and unicast Data can be transmitted using the temporal keys in PTK and Multicast data using the GTK

Note: The above flow is for WPA2. In WPA, there is a separate 2-way handshake after 4-way handshake to generate the GTK and install them.

Comments

Popular posts from this blog

Wifi Roaming Techniques : Pre-Authentication, PMK Caching, OKC, Fast Transition - 11r

802.11w Protected Management Frames (PMF)

Power Saving Techniques