WPA2 WPA2

WPA2 - Definition and Overview

IEEE 802.11i (also known as WPA2) is an amendment to the 802.11 standard specifying security mechanisms for wireless networks (see Wi-Fi). The draft standard was ratified on 24 June, 2004, and supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. It implemented a subset of 802.11i; the Wi-Fi Alliance also refer to the new standard as WPA2 which is their approved interoperable implementation of 802.11i. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher; WEP and WPA use only the RC4 stream cipher.

The 802.11i architecture contains the following components: 802.1X for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations and CCMP to provide confidentiality, integrity and origin authentication. Another important element of the authentication process is the four-way handshake, explained below.

The Four-Way Handshake

The authentication process leaves two considerations: the AP still needs to authenticate itself to the client and keys to encrypt the traffic needs to be derived. The earlier EAP exchange has provided the shared secret key PMK (Pairwise Master Key). This key is however designed to last the entire session and should be exposed as little as possible. Therefore the four-way handshake is used to establish another key called the PTK (Pairwise Temporal Key). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address and STA MAC address. The product is then put through a cryptographic hash function

The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic. The actual messages exchanged during the handshake are depicted in the figure and explained below:


4-way-handshake.png
The Four-Way Handshake in 802.11i

  1. The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.
  2. The STA sends its own nonce-value (SNonce) to the AP together with a MIC.
  3. The AP sends the GTK and a sequence number together with another MIC. The sequence number is the sequence number that will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
  4. The STA sends a confirmation to the AP.

As soon as the PTK is obtained it is divided into three separate keys:

  1. EAPOL-Key Confirmation Key (KCK) - The key used to compute the MIC for EAPOL-Key packets.
  2. EAPOL-Key Encryption Key (KEK) - The key used to provide confidentiality for EAPOL-Key packets.
  3. Temporal Key (TK) - The key used to encrypt the actual wireless traffic.

See also

Example Usage of WPA2
rspruijt: Crack a WPA and WPA2 password in 20 minutes using 'the #Cloud' ; http://bit.ly/8a0MUw;
e2optics: RT: Ordered 100 feet of cat6 from monoprice. Time to wire the xbox. Stupid no WPA2. http://bit.ly/83QahO
dh3lix: RT @cwagner: #WPA & #WPA2 cracking over the cloud http://bit.ly/86HnPM Use 400+ CPUs to crack that WiFi
Copyright 2009 WordIQ.com - Privacy Policy  :: Terms of Use  :: Contact Us  :: About Us
This article is licensed under the GNU Free Documentation License. It uses material from the this Wikipedia article.