Science Fair Project Encyclopedia
IEEE 802.11i (also known as WPA2) is an amendment to the 802.11 standard specifying security mechanisms for wireless networks (see Wi-Fi). The draft standard was ratified on 24 June, 2004, and supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. It implemented a subset of 802.11i; the Wi-Fi Alliance also refer to the new standard as WPA2 which is their approved interoperable implementation of 802.11i. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher; WEP and WPA use only the RC4 stream cipher.
The 802.11i architecture contains the following components: 802.1X for authentication (entailing the use of EAP and an authentication server ), RSN for keeping track of associations and CCMP to provide confidentiality, integrity and origin authentication. Another important element of the authentication process is the four-way handshake, explained below.
The Four-Way Handshake
The authentication process leaves two considerations: the AP still needs to authenticate itself to the client and keys to encrypt the traffic needs to be derived. The earlier EAP exchange has provided the shared secret key PMK (Pairwise Master Key). This key is however designed to last the entire session and should be exposed as little as possible. Therefore the four-way handshake is used to establish another key called the PTK (Pairwise Transient Key). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address and STA MAC address. The product is then put through a cryptographic hash function
The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic. The actual messages exchanged during the handshake are depicted in the figure and explained below:
- The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.
- The STA sends its own nonce-value (SNonce) to the AP together with a MIC.
- The AP sends the GTK and a sequence number together with another MIC. The sequence number is the sequence number that will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
- The STA sends a confirmation to the AP.
As soon as the PTK is obtained it is divided into three separate keys:
- EAPOL-Key Confirmation Key (KCK) - The key used to compute the MIC for EAPOL -Key packets.
- EAPOL-Key Encryption Key (KEK) - The key used to provide confidentiality for EAPOL -Key packets.
- Temporal Key (TK) - The key used to encrypt the actual wireless traffic.
The Group Key Handshake
The GTK used in the network may need to be updated due to the expiry of a preset timer. When a device leaves the network, the GTK also needs to be updated. This is to prevent the device from receiving any more multicast or broadcast messages from the AP.
To handle the updating, 802.11i defines a Group Key Handshake that consists of a two-way handshake:
- The AP sends the new GTK to each STA in the network. The GTK is encrypted using the PTK assigned to that STA and protects the data from being tampered using a MIC.
- The STA acknowledges the new GTK and replies to the AP.
Security in pre-shared key mode
Like WPA, 802.11i has a pre-shared key mode (also known as personal mode), designed for home and small office networks that cannot afford the cost and complexity of an 802.1X authentication server. Each user must enter a passphrase to access the network. The passphrase is typically stored on the user's computer, so it need only be entered once. The weak passphrases users typically employ create a major vulnerability to password cracking attacks. It is recommended that a passphrase of at least 5 Diceware words or 14 completely random letters be used with WPA. For maximum strength, 8 Diceware words or 22 random characters should be employed. Passphrases should be changed whenever an individual with access is no longer authorized to use the network or when a device configured to use the network is lost or compromised.
- IEEE standard can be retrieved at no charge through the GetIEEE802 program from http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
The contents of this article is licensed from www.wikipedia.org under the GNU Free Documentation License. Click here to see the transparent copy and copyright details