7

When I try asking this question on other websites I get massive downvotes and am told "We're not doing your homework. Use google." Also I sometimes get banned.

Anyways, I've searched tens of pages of google and still can't get a grasp on it.

There's the authentication part, where Radius access request, accept, reject, and challenge messages are sent. And then AFTER that the wireless AP and the supplicant negotiate the encryption key by first getting the Pairwise-Master Key (PMK) using the Pre-Shared Key (PSK), then generating the Pairwise-Transient Key (PTK)?

Are those the total steps? An image would really help.

Second question: In case both sides are using certificates (EAP-TLS) then how exactly is the PMK generated? There is no PSK with certificates.

Final question: I read on a security website that: "The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake". But in other websites I read that neither the PMK nor the PTK are ever sent during the handshake. So which is it?

Newlo Newly
  • 145
  • 1
  • 1
  • 6
  • Well, googling is not easy for technical knowledge , unless you know what keyword to use, i.e. WIFI handshake security https://www.packtpub.com/books/content/common-wlan-protection-mechanisms-and-their-flaws – mootmoot Sep 13 '17 at 15:06
  • Yes but how does it happen in the case there's a radius server and you're using client certificates? – Newlo Newly Sep 13 '17 at 17:17
  • I think I already answered this: [Check it out](https://security.stackexchange.com/questions/151912/wpa2-enterprise-eap-tls-key-exchange/151925#151925), and If not, I'll add another answer. – Azteca Sep 13 '17 at 23:12

3 Answers3

4

Below is the information on frame exchange which happens between Supplicant and NAS (Server)

EAP Handshake process

The cipher suite is the algorithm or hash technique which is accepted by both STA and AS used for generating MSK.

EAP Handshake Process About Certificate

Ashok Kumar
  • 41
  • 3
2

Are those the total steps? An image would really help.

The process you detail isn't quite accurate. For one, WPA2-Enterprise doesn't make use of a PSK. Pre-shared keys are used by WPA2-Personal.

WPA2-Enterprise uses 802.1X to authenticate an device to the network. The protocol used by 802.1X is EAP (extensible authentication protocol) which is defined in RFC 3748.

EAP allows for a variety of different methods to authenticate; you reference EAP-TLS as an example which is defined by RFC 5216. Each EAP method is responsible for describing in their specification how the MSK is created. So the actual process can vary depending on the method used. You would have to reference the specification for each method you are interested in to determine exactly what is taking place.

No matter what process is used to create the MSK, this is provided to both the supplicant and the NAS during the EAP transaction and is the basis for the PMK used by 802.11.

In case both sides are using certificates (EAP-TLS) then how exactly is the PMK generated? There is no PSK with certificates.

I know I said it already, but there is no PSK involved. The PMK is generated from the EAP MSK and again the exact method of generating the MSK would be determined by the EAP method. Specifically, the PMK is the first 32 bytes of the MSK.

I read on a security website that: "The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake". But in other websites I read that neither the PMK nor the PTK are ever sent during the handshake. So which is it?

Neither the PMK, the PTK or the PSK is sent during the handshake. However, when you are using a PSK, the PSK is used to generate the PTK so any device that knows the PSK and captures the handshake can then also generate the PTK used and decrypt all the traffic.

With WPA2-Enterprise, the MSK for each EAP transaction should be "unique" to that exchange, so the PMK will be different each time a device connects and authenticates to the network. No other device has access to the MSK/PMK and as such even when the handshake is captured, they will not be able to realistically generate the PTK used or decrypt the traffic.

Community
  • 1
YLearn
  • 3,967
  • 1
  • 17
  • 34
1

Second question: In case both sides are using certificates (EAP-TLS) then how exactly is the PMK generated? There is no PSK with certificates.

It is generated as random number, and every time it's different.

Final question: I read on a security website that: "The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake". But in other websites I read that neither the PMK nor the PTK are ever sent during the handshake. So which is it?

The PMK key is shared in hashed form. So it's possible to crack it with brute-force. It's salted with AP name.

Aria
  • 2,706
  • 11
  • 19
  • The PMK is a random number? – Newlo Newly Sep 13 '17 at 20:41
  • @NewloNewly lol, no, It's not random, let me clarify some things. The PMK it's the first half (32 octets) of the MSK. The PMK it's shared from the RADIUS server to the AP, not to the client, since most of RADIUS server are connected though internal network (wired) it's you won't catch it through Wi-Fi-sniffing. – Azteca Sep 13 '17 at 23:20
  • @Azteca, the MSK/PMK is shared to both the NAS and the supplicant (i.e. client) by the RADIUS server. If this were not the case, then it would not be usable as the PMK. All common 802.11 EAP methods will use a TLS tunnel to encrypt the authentication and exchange of the MSK. – YLearn Oct 14 '17 at 02:37