WPA/WPA2
WPA
The WPA scheme was meant to be an alternative to the WEP scheme that was deemed insecure. Its creation in 2003/2004 was considered as an intermediate solution by the Wi-Fi Alliance. However, a drastic change was not possible due to hardware compatibility issues with older wireless devices. WPA uses the same hardware than the WEP scheme, but some firmware updates were made.
WPA2
In 2004, WPA2 succeeded to the WPA scheme as a long-term solution in replacement to WEP. Unlike WPA, WPA2 required significant hardware changes. WPA2 uses the more secure CCMP, also referred as AES (Advanced Encryption System) compared to the TKIP encryption system. Since 2006 until 202, any devices approved by Wi-Fi alliance need to be WPA2 certified. Unlike WEP, WPA2 uses a Dynamic Keys to encrypt data.
WPA2 has two variations WPA2-Personal and WPA2-Enterprise. The WPA2-Personal variation is destined for personal usage or for small enterprises. Anyone that know the pre-shared key can connect to the WPA2-Personal network. On the other hands, the WPA2-Enterprise uses a more complex authentication mechanism involving an external server (Radius).
WPA2-PSK
Unlike WEP, WPA2-PSK uses dynamic keys to encrypt data. More precisely data is encrypted using a PTK (Pairwise Transient Key) derived from the PMK (Pre Master Key). The keys are generated during authentication.
WPA2-PSK Authentication flow
PMK Generation
Anyone wishing to connect to WPA2-PSK network need to enter the passphrase which has a length between 8-63 character long. The passphrase is used to generate a Pre-Master Key (PMK), also known has the PSK (Pre Shared Key), of 256 bit via the PBKDF2 function (Password Based Key Derivation Function 2).
The PMK is derived from the formula below:
Pre-Shared Key (PSK) refers to the Pre Master Key (PMK).
4-Way Handshake
Following the generation of the PMK, a 4-Way Handshake occurs for the generation of the temporary key (PTK) that will be used to encrypt data. The 4-Way Handshake occurs after the Authentication and Association request and response. The four messages are exchanged via the EAPOL protocol.
Message 1: The Authenticator sends a random string to the supplicant, known as the ANonce (Authenticator Nonce).
Once the Anonce is received, the supplicant will generated the SNounce (Supplicant nonce) which is also a random generated string. Then, knowing the ANonce, SNonce, PMK and Mac address of the access point, the supplicant could generate the PTK.
Each PTK used to encrypt data is unique between the access point and the connected supplicant.
Message 2: Once the supplicant PTK is generated, the supplicant will send the SNonce to the access point. In its turn, the access point will generate the PTK using the SNonce sent by the supplicant. The supplicant will also calculated a MIC (Message Integrity Code) that is sent to the access point, which will be compared to the MIC calculated by the access point.
Message 3: The Authenticator will send the GTK (Group Transient Key) to the supplicant. The same GTK is shared for all supplicants connected to the access point and aim to send encrypted multicast/broadcast messages. These messages can thus be received and decrypt by all supplicants connected to the access point. The GTK can not be transferred in plain text, but the PTK can be used to transfer the GTK to the supplicants via encrypted communication.
Message 4: The last message is sent from the supplicant to the access point to acknowledge that keys are installed.
Once the 4-Way Handshake is completed, unicast message can be encrypted and sent between the access point and the supplicant.
In the illustration below, we can observed that a MIC (Message Integrity code) is sent in the second, third and forth message. MIC is used to verify data integrity. If the user enter a wrong passphrase, the PMK and so the PTK and MIC on the client side could not be generated correctly. The MIC validation will thus failed when the access point will compared the MIC calculated on its end with the one sent by the supplicant. Once the MIC validation failed, the client will be disconnected.
Last updated