WiFi Protected Access Authentication Flashcards
Learning Outcomes
Pairwise Transient Key (PSK)
Pairwise Master Key (PMK)
4 Way Handshake - Lots of detail!
Extensible Authentication Protocol Over LAN or EAPOL
WPS
WPA/WPA2 Enterprise
Introduction
WPA - PSK Authentication (256-bit key)
WPA2 - AES Encryption - Replaced RC4
WPA2 - CCMP - Replaced TKIP
802.11x Enterprise Authentication Protocol - Individual Login and Password
WPA Authentication
Extensible Authentication Protocol Over Lan (EAPOL)
Four-Way Handshake (When connecting to the router) This is how a device connects to a router before data is sent across the wireless network.
Both the client (supplicant) and the AP generate a Master Key using a password and SSID
Subsequently, each device will generate a random number (nonce) that will be used in the encryption algorithms
A session key is also generated
The client device will generate a checksum based on this key
The router will then confirm the checksum and sends a group session key
When the client (supplicant) confirms the checksum, then the key is installed
Explain what is happening in this WPA Authentication diagram
On the left, we see out client device (supplicant)
On the right is our authenticator which is our access point (router) that we wish to connect to
Initially, a probe request will be made to the AP and then a probe response will be sent back to the client device
An authentication request is sent by the client to the AP
Both parties will generate a pairwise master key (PMK) and will also generate a random number (ANonce)
The PMK is 256-bits in length
A Nonce is a randomly generated value and sent by the access point to the connecting station (client)
The station (client) the sends a SNonce, along with the pairwise transient key (PTK) and a message integrity code (MIC) to the access point
There will then be 4 EAPOL packets that will be sent as part of the authentication process.
This is also referred to as the 4 way handshake
This process will be used to generate encryption keys
WPA Authentication further discussion
Pairwise Master Key (PMK)
This is created using a password (8-63 chars long) and the network name (SSID)
The PMK is known by the supplicant and the authenticator (PMK will never be sent over the network and not used to encrypt packets.
This PMK is used to generate the pairwise transient key (PTK)
PTK is based on the PMK ANonce, SNonce access point MAC address and station MAC address
THe PBKDF2 (Password Based Key Derivation Function 2) - Used by the access point to verify the pairwise master key (PMK)
The PBKDF2 algorithm is used to generate a binary key for a WPA network
The PBKDF2 is comprised of the password, SSID, 4096 (no. of interations) and 256-bit key
Generating a Hash
A simple hash can take a value and run through an algorithm, like SHA256 to create a unique stream
SHA256 - devotter.com/sha256
Hello = (Sha256 output)
Unfortunately, using a simple hash like this with a password makes the hash vulnerable to dictionary attacks (hacker could create a hash of lots of words and using diff combos, could crack the password.
To overcome this vulnerability, we add a SALT to Password which is random no. of Bytes.
Create a hash of SALT, enter password and then add another SALT.
Still a problem given the speed of comps today, this hashing is still vulnerable to dictionary attacks and brute force attacks as sha256 is fast and it is well known how it works.
We can use HMAC (Hash based Message Authentication Code to iterate the salt and hash process thousands of times
However, comps and their processors have become faster and so this is still not secure.
We must find a better method for hashing….
Better method for hashing…
PBKDF2 (Password-Based Key Derivation Function 2)
Comprised of password, ssid, 4096 iterations to ultimately produce a 256-bit key
asecuresite.com/encryption/ - generate PBKDF2 key
More WPA Authentication
No. of inputs required for 4 way handshake
Pairwise Master Key (PMK)
Authentication Nonce (ANonce)
Supplicant Nonce (SNonce)
Authenticator Address (AA) - MAC address of router
Supplicant Address (SA) - MAC address of client device
Explain what’s happening in this diagram
In a unicast transmission environment(WPA personal) - The supplicant knows the PMK, SA, AA, SNonce and now has been sent the ANonce. thus the supplicant has all the inputs it requires to create encryption keys.
The PMK is used to create the PTK which is a set of encryption keys used for different functions.
Describe the Pairwise Transient Key (PTK)
Either contains 3 CCMP or 4 TKIP 128 bit keys that are used for encryption and data authentication in 4 way handshake and data transfer.
Key confirmation Key (KCK) - Authenticates MIC (Message Integrity Code)
Key encryption Key (KEK) - Data Integrity handshake
Temporal Encryption Key - Encrypt Unicast Data
Temporary MIC Key (TMK) - Not required for CCMP - Data Authentication for TKIP
WPA Authentication (Next step) - with diagram
We already discussed how PMK is used to generate PTK
Supplicant can then respond to authentication with SNonce
Again, this is a random generated no.
Since the supplicant generates the PTK, it can protect the SNonce with a MIC (Message Integrity Code)
The access point (Authentication) can then determine the PTK and also detemine if message has been tampered with during transit by nalysing the MIC, using the PTK.
The PTK will then be used for Unicast transmission, meaning comms between access point and one trusted client
Next Step - with diagram
The access point will respond by sending GTK (Group Temporal Key) to client. It will protect the frame with MIC (Message Integrity Code)
Here, the client now has the PMK, PTK and GTK
What is the GTK or Group Temporal Key?
Only key transmitted during handshake
Random number generated by authenticator (AP)
Encrypted Broadcast (Multicast Data)
Authenticator and Supplicant
Often derived from group master key (GMK) on a multicast system
Final Diagram of handshake
Finally, the client can then respond to access point and confirm PMK and the GTK frames have been received and installed and we are now able to communicate and send data.
As seen in diagram, an acknowledgement and message integrity code is sent by the supplicant to authenticator.
Sometimes some or all of 4 way handhshake will need to be repeated, esp if comms fail during process.
The 4 way handshake happens after the open system authenticatio and after the 802.11 association
WPA and WPA personal networks, the 4 way handshake happens after the association, whereas in enterprise networks with 802.11x EAP, the 4 way handshake happens after the full 802.11x EAP authentication.
The 4 way handshake can be used via Wireshark (EAP filter)
You will see that the first of 4 messages is repeated 4 times.
More Authentication
WPA/WPA2 - Pre Shared Key (PSK)
WiFi Protected Setup (WPS) - aka WiFi Simple Config - 2006 WiFi Alliance
WPA/WPA2 Enterprise - Individual Login and Password
RADIUS - (RemoteAuthentication Dial In User Service) Server
This does not have a regular key exchange as each user is authenticated based on his/her username and password
A master key is then exchanged. This allows network admins to control who has access to wireless network
WPA Enterprise (Diagram)
Supplicant sends association request to AP, who in turn responds by request that supplicant supplies his or her credentials.
The supplicant’s credentials are then relayed to the server for verification. If successful, there may be additional messages sent between the client and radius serverr for further authentication.
Once authenticated, the 4 way handshake can begin between the supplicant and the authenticator.
Numerous authentication protocols can be used with the WPA Enterprise authentication network including basic EAP (Extensible Authentication Protocol)
