Sep 30

The client would first need to make a connection to the access point. This would happen through the normal open key authentication process. Contrary to most 802.11 standards, 802.11i only allows for open system authentication. This is due to the discovery of a security flaw in shared key authentication.

After the initial connection request, the client would need to hear an RSN IE broadcast or send a probe request with an RSN IE. Whichever way this RSN IE frame is sent, both clients and access points need to negotiate on a cipher suite for use. After sending the RSN IE frames and reaching a negotiation, the EAP process starts. This can start with the access point sending an EAP identity request or a client sending an EAPOLStart frame. Once the EAP process has started, it will go through the EAP authentication process associated with each particular EAP type. It ends with the client receiving an EAP success message from the access point. During this process, an AAA key is sent from the authentication server to the wireless end device. This key is used as a seed key to create the keys outlined below.

The key exchange process takes the original 802.1x EAPOL-Key frame and makes some modifications, allowing for the use of WEP-40, WEP- 104, TKIP, and CCMP cipher suites. The EAPOLKey frame only supports WEP-40 and WEP-104 keys. The 802.11i standard modified this and added the ability for the frame to carry TKIP and CCMP keys as well. A process known as the four-way handshake accomplishes this key exchange. This process takes two main keys and creates unique group and session keys for each client. These session and group keys are created from the two main keys: (1) the pairwise key or the pairwise master key (PMK) and (2) the group key or the group master key (GMK).

In an 802.1x 802.11i setup, the PMK comes from the authentication server. If the 802.11i setup is using preshared keys, then the PMK is mapped to a password. The PMK is divided into three keys. The first key is the EAPOL-key confirmation key (KCK), which is used to provide data origin authenticity. The second key created from the PMK is the EAPOLkey encryption key (KEK), which is used to provide confidentiality. The last key is called the pairwise temporal key (PTK) and this key is also used for data confidentiality. To create the PTK, a pseudorandom function takes place with the access point’s MAC address, client MAC address, and a nonce sent from each side as well. This allows a single master key to create multiple session keys without having to re-exchange a new master key each time.

The next key with regard to 802.11i main keys is the group key or group master key (GMK). This key is similar to the PMK except that it is used for beacon and management traffic encryption. The same process of hashing senders’ and receivers’ MAC addresses and nonces is used to create a group temporal key (GTK) from a group master key. Having discussed the keys and how they are split up to accommodate session encryption, one can now look more closely at the four-way handshake. This handshake starts with the authenticator sending the supplicant a nonce. This is often referred to as the ANonce in the 802.11i standard. This nonce is a random value used to prevent replay attacks. This means that old nonces cannot be reused. After each party receives a message, the first step before any other is to check and see if the nonce was changed or if the same nonce was incorrectly reused. Once the wireless client receives the first message, it will check the nonce and then generate an SNonce. This nonce will be used in the next step to calculate the pair transient key (PTK). After the PTK is created, the client will then send the SNonce as well as the security parameters outlined in the RSN IE frame to the access point. This information is the second message in the four-way handshake. All of this information will be encrypted using the KCK, which will protect it from any modification while in transit. Once the access point receives this, it will check that the nonce is not an old value. Once this is done, it will also generate the PTK from the SNonce and ANonce, and then check the KCK to make sure it was not modified in transit. Once this is done, the third message in the four-way handshake will take place. This message is used to tell the client to install the PTK key that was created and, if used, this message will send a GTK to the client to install. Once the client receives this, it will check the KCK and, if it is correct, install the key or keys. The last message is a confirmation used to let the authenticator know that the client has successfully installed the keys and is ready to communicate using them.