Though you wanted to know the authentication part, here I will be trying to explain a bit more than that which may help us build up some basics about this.
WLAN Encryption Methods: 5 types -
- 802.11 Legacy or WEP
- WPA Personal
- WPA Enterprise
- WPA2 Personal-802.11i
- WPA2 Enterprise-802.11i
Wired Equivalence Privacy (WEP): IEEE released the initial 802.11 standard, all of the security relied on the Wired Equivalent Privacy(WEP) algorithm. This algorithm was responsible for both authentication and encryption. WEP support 40-bit key and 104-bit key with 24bit IV.
The procedure of authentication and encryption of user end are described bellow:
- Generating a unique key using 24-bit random IV (Initialization vector) + 40/104 bit key.
- Generating a random number stream with RC4 using the unique key.
- Generating the hash value using CRC-32 of the plaintext message.
- Append the hash value with plaintext message to create payload.
- Then the payload gets encrypted with random number stream (created by RC4 at step 2) to create Cipher text.
- Then cipher text append with same 24-bit IV (used at step 1) in plaintext and transmitted to air.
Decryption procedure (AP end) is slightly reverse the procedure above.
WiFi Protected Access (WPA): WiFi protected access or WPA is also known as 802.11i. This is a whole lot more complicated than WEP. But to make things simple I will skip lots of detailed concepts. Let's see how 802.11i works.
802.11i consist of following phases:
1. Key Configuration: Dynamic encryption key management is much more complicated under the 802.11i. In this phase Access Point and client, both will engage in a key generation mechanism just to securely transmit broadcast and multicast traffic. Procedure at client-end are:
- Store your Pre-shared key as Pairwise Master Key(PMK)
- Create Pairwise Transient Key(PTK) from Pairwise Master Key.
- Dividing pairewise transient key into 3 important key. i) KCK ii) KEK iii) Temporal Key (TK)
- Temporal Key is then used for unicast frame encryption and further used as an input key at the encryption phase.
Access Point also goes through several steps to create a key called GTK (Group Temporal Key).
2. Authentication: To authenticate, 802.11i follows the following procedure:
- Initiation: By frequently transmitting EAP-request(Extensible Authentication Protocol) frame to AP/Client from Client/AP, any one of them responds with EAP-respond frame which includes devices MAC address. Then AP forward this response to the authentication server (RADIUS SERVER).
- EAP Negotiation: After having EAP-respond from AP, authentication server then forwards request to follow EAP procedure to AP and then AP send that to Client.
- If the client agrees with that procedure then client complete authentication by following EAP. If everything goes smoothly, the authentication server generates a Master Session Key(MSK) and delivers it to the client and then to the AP. The client and AP derive the PMK from the MSK and then begin the 4-way handshake
3. 4-way handshake: After completing authentication successfully Client and Access Point engaged in a 4-way handshake to establish a connection. 4-way handshake has shown bellow are drawn with ASCIIFlow.com and shamelessly copied fromThe Evolution of 802.11 wireless security by Kevin Benton
+----------------+ +-----------------+
| Client | | Access Point |
+-------+--------+ +--------+--------+
| |
| +--------+--------+
|Cleartext "AckNounce"| Generating a |
| <-----------------+ random Number |
| 1 | "AckNounce" |
+--------+--------+ | |
| Generating a | +--------+--------+
| random number | |
| "SynNounce" | |
| | |
+--------+--------+ |
| |
+--------+--------+ Cleartext SynNounce |
|PTK=PRF(PMK, | +KCK - Encrypted |
|Client Mac, | MIC |
|AP MAC, AckNounce+-----------------> |
|,SynNounce | 2 |
+---------+-------+ |
| +--------+--------+
| | |
| KEK - Encrypted GTK|PTK=PRF(PMK, |
| + KCK - Encrypted |Client Mac, |
| MIC |AP MAC, AckNounce|
| <----------------+,SynNounce |
+---------+-------+ 3 +--------+--------+
| | KEK - Encrypted GTK |
| Verifies AP | + KCK - Encrypted |
| if AP has correct MIC |
| PTK by | |
| decrypting +----------------> |
| Messege and M IC| 4 |
| | +--------+--------+
+---------+-------+ |Verifies AP |
| |if AP has correc |
| |PTK by |
| |decrypting |
| |Messege and M IC |
| +--------+--------+
| |
+ +
4. Encryption: When client successfully complete key configuration, authentication, and 4-way handshake then regular traffic get encrypted by Temporal Key Integrity Protocol (TKIP) or the Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (CCMP). Both TKIP and CCMP use Temporal Key as input key for encrypting traffic.
Basic difference between these 5 methods are,
+------------------------+--------------------------------------------------------------+
|Standard | Authentication method |Encryption Method |Cipher |
+---------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------+
|802.11 / WEP | Open System or Shared Key |WEP |RC4 |
+---------------------------------------------------------------------------------------+
|WPA Personal | WPA Passphrase |TKIP |RC4 |
+---------------------------------------------------------------------------------------+
|WPA Enterprise | 802.1x/EAP |TKIP |RC4 |
+---------------------------------------------------------------------------------------+
|WPA2 Personal/802.11i | WPA2 Passphrase |CCMP (default) |AES (default)|
| | |TKIP (optional) |RC4 (optional|
+---------------------------------------------------------------------------------------+
|WPA2 Enterprise/802.11i | 802.1x/EAP |CCMP(default) |AES (default)|
| | |TKIP (optional) |RC4 (optional|
+------------------------+--------------------------------------------------------------+