Wi-Fi Protected Access Authentication

Question 1

EAPOL

Answer 1

Extensible Authentication Protocol Over LAN

Question 2

Inputs for the four-way handshake

Answer 2

• Pairwise Master Key (PMK)
• Authenticator Nonce (Anonce)
• Supplicant Nonce (Snonce)
• Authenticator Address (AA) – MAC address
• Supplicant Address (SA) – MAC address

Question 3

Four way handshake, message 1

Answer 3

Authenticator sends ANonce

Supplicant creates Pairwise Transcient Key

Question 4

Elements of Pairwise Transcient Key

Answer 4

1. Key Confirmation Key
2. Key Encryption Key
3. Temporal Encryption Key
4. Temporary MIC Key

Question 5

Four way handshake, message 2

Answer 5

Supplicant sends SNonce with a Message Integrity Code (MIC)

Authenticator determines the PTK

Question 6

Four way handshake, message 3

Answer 6

Authenticator sends the Group Temporal Key with a Message Integrity Code

Question 7

Four way handshake, message 4

Answer 7

Supplicant sends an acknowledgement with a Message Integrity Code

Question 8

WPA/WPA2 Enterprise

Answer 8

Supplicant talks to Authenticator, the Authenticator talks to an Authentication Server (RADIUS, TACACS+)

First the user is authenticated with Extensible Authentication Protocol, only then the 4-way handshake is initiated between the supplicant and the authenticator.

Question 9

RADIUS

Answer 9

Remote Authentication Dial In User Service