-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
140 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| --- | ||
| title: "4 Way Handshake - Wifi Authentication" | ||
| summary: "In this article, you will learn how authentitcation works for WPA/WPA2 network" | ||
| date: 2024-10-10T20:00:00+0200 | ||
| lastUpdate: 2024-10-10T20:00:00+0200 | ||
| tags: ["network", "wifi", "authentication"] | ||
| author: clementS | ||
| draft: false | ||
| --- | ||
|
|
||
| # 4 Way Handshake | ||
|
|
||
| ## Abstract | ||
|
|
||
| To connect to a WiFi network, the authentication depends on the WiFi protocol. The most common protocols currently in use are | ||
| 1. **WEP** | ||
| 2. **WPA Personal** | ||
| 3. **WPA Entreprise** | ||
| 4. **WPA2-Personal** | ||
| 5. **WPA2-Enterprise** | ||
| 6. **WPA3** | ||
|
|
||
| (There are 2 different versions of WPA and WPA2 which work slightly differently in terms of authentication.) | ||
|
|
||
| While WEP and WPA3 have their own authentication protocols, WPA and WPA2 (which are the most common) use the **4-Way Handshake** method to allow a device to connect to WiFi and secure connection. | ||
|
|
||
|
|
||
| The 4-Way Handshake requires a PMK (Pair Master Key), a secret shared by both side (client & server). This can be a password (network key) or a username + password as it's the case for Enterprise authentication. | ||
|
|
||
| In this article, you will learn how this method works from a network-oriented approach. | ||
|
|
||
| ## Configuration | ||
|
|
||
| We will consider a WPA-Personal/WPA2-Personal WiFi, so the PMK will just be the WiFi password encrypted. We will go into further explains soon. | ||
|
|
||
| But remember that except getting PMK before authentication starts threw a WiFi password(secret shared by both sides), WPA2-Entreprise & WPA-Entreprise works the same way. | ||
| Indeed, they use 4 way handshake to secure communication. | ||
|
|
||
| There is a device that knows the key (password) and wants to connect to a WPA/WPA2-PSK WiFi network. | ||
|
|
||
| ## 4 Way Handshake Initiation | ||
|
|
||
| **The device sends an authentication request to the network.** | ||
| ### This request is not included in the 4-Way Handshake. | ||
|
|
||
| ## 4 Way Handshake | ||
|
|
||
|  | ||
|
|
||
| ### *"STA" stands for Station and "AP" stands for Access Point* | ||
| ### This schema shows the different requests and what they contain. | ||
|
|
||
| ## First Request | ||
|
|
||
| Firstly, the AP sends a nonce, which is a large random integer. | ||
|
|
||
| When the station receives the packet, the station creates the PTK (Pairwise Transient Key) using the key derivation function (KDF). This key is created with: | ||
|
|
||
| 1. The PSK (Pre-Shared Key). | ||
| 2. The ANonce received previously. | ||
| 3. The SNonce. | ||
|
|
||
| The SNonce is similar to the ANonce, a large random number generated on the station side. Each time the station tries to authenticate, the SNonce and ANonce are generated again. These numbers ensure that the PTK is temporary. | ||
| **The KDF algorithm returns the PTK. We don’t use the password or the PSK directly because we don’t want the explicit key to go through the network.** | ||
| **This is quite obvious; we don’t want others to easily intercept the password.** | ||
|
|
||
| ### Pre-Shared Key | ||
|
|
||
| To get the PSK, the device only needs the SSID (network MAC address) and the password. | ||
| => The process is really simple: | ||
| **Hash the password with the SSID as salt using the SHA-1 algorithm.** | ||
|
|
||
| Now, we have the PSK (the AP also performs this operation). | ||
|
|
||
| **The PSK is calculated before authentication starts (the station has all infos it needs to)** | ||
| **The PMK is exactly the same as PSK for both WPA-Personal and WPA2-Personal** | ||
|
|
||
| **VERY IMPORTANT** | ||
|
|
||
| *For WPA-Entreprise & WPA2-Entreprise, they use here the PMK created by RADIUS authentication* | ||
| ## Second Request | ||
|
|
||
| Let’s make a short recap. | ||
| At the beginning, we only know the **PSK=PMK**, which we derive from the **network password** and **SSID**. | ||
| *PMK derived from RADIUS authentication in case of WPA-Entreprise & WPA2-Entreprise* | ||
|
|
||
| We received the AP's nonce from the first request, and the station generated the SNonce to create the **PTK** from the **ANonce**, **SNonce**, and **PSK**. | ||
|
|
||
| Now we need to tell the AP that we know the password without explicitly sending the password. | ||
|
|
||
| The station sends a packet containing the SNonce, allowing the AP to generate the same PTK. At the end of the packet, a MIC is added. | ||
| **Here’s the trick:** | ||
|
|
||
| **We add a signature, which is called the MIC (Message Integrity Code).** | ||
|
|
||
| The MIC is just a SHA-1 hash of the packet content with the PTK as salt. | ||
| When the AP receives the second request, it will generate its PTK (it has all the necessary information: SNonce, ANonce, PSK). However, at this moment, the AP does not know if the station has the correct password. | ||
|
|
||
| The AP generates the MIC from its newly generated PTK and compares it with the provided MIC. | ||
| **If the MICs are identical => the PTKs are identical => the PSKs are identical => the passwords are identical.** | ||
|
|
||
| ## Third Request | ||
|
|
||
| To tell the station that it has the correct password, the AP will not do so explicitly. | ||
| **The AP will use the same strategy -> MIC.** | ||
|
|
||
| To optimize the request, the AP will send useful information: the GTK. The **GTK** (Group Temporal Key) is directly generated by the AP. | ||
| To check if the station has the correct password, the AP generates the MIC corresponding to the GTK (packet content) using the PTK. | ||
|
|
||
| If both match, the station and AP are sure that the other has the correct password. | ||
|
|
||
| ## Last Request | ||
|
|
||
| The station sends an acknowledgment packet to tell the AP that everything is OK. | ||
| **The encrypted communication can now begin.** | ||
|
|
||
| ## Encryption | ||
|
|
||
| WPA2 uses **AES** while WPA uses **TKIP** to encrypt packet content. Even if both are encryption's methods, AES is more secure.This makes it impossible for a hacker to read a captured packet. | ||
|
|
||
| The PTK contains several keys. | ||
| Several keys are derived from the PTK: | ||
|
|
||
| 1. **KCK** = PTK bits 0-127, the key confirmation key -> used for MIC (verifying message integrity). | ||
| 2. **KEK** = PTK bits 128-255, the key encryption key -> used for encrypting the key data in the authentication packets. | ||
| 3. **TEK** = PTK bits 256-383, the temporal encryption key for unicast traffic -> used for AES encryption. | ||
|
|
||
| We simplify things by saying that we use the PTK for something, but in reality, we often use just a part of it. | ||
|
|
||
| ## Recap of Key Derivation | ||
|
|
||
|  | ||
|
|
||
| In WPA2-PSK & WPA-PSK, the PMK is the same as the PSK. | ||
|
|
||
| ## Conclusion | ||
|
|
||
| Remember that even if we use WPA/WPA2, if a hacker catch all packets, he can brutforce PTK and get WiFi; Indeed, he has all infos he needs (2 nonces, bssid, protocols, ...) | ||
|
|
||
| You learned how the 4 way handshake works. Now you can discover the way to get PMK for WPA(2)-Entreprise. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.