7

Normally people think of WiFi authentication as the client proving to the AP that it knows the pre-shared key. But does the AP also prove to the client that it knows the pre-shared key?

Is it fundamentally impossible for a connection to be negotiated in WPA2-PSK if either of the parties doesn't know the pre-shared key, or is it up to each party to decide whether to connect regardless?

(I'm just wondering about the possibility of Wi-Fi-based Smart Unlock in Android, which is claimed by many people to be insecure because it's spoofable - but I was under the impression that it's impossible to spoof an authenticated connection unless you have the PSK)

RomanSt
  • 1,180
  • 9
  • 25
  • Do you have any links about the Wi-Fi based Smart Unlock? By `non-existent` are you speculating why Wi-Fi isn't an option (there is "on body", voice, location and bluetooth, but no Wi-Fi)? – SilverlightFox Jun 10 '15 at 10:22
  • @SilverlightFox by "non-existent" I'm only pointing out that it's not available, otherwise it looked like it could raise people's hopes up. I've rephrased slightly. – RomanSt Jun 10 '15 at 11:33

2 Answers2

4

In PSK mode, the Pairwise Master Key (PMK) is derived from the passphrase.

Both the supplicant and the authenticator prove that they have knowledge of the pre-shared key to one another:

[Supplication to authenticator Message B] contains a MIC value and thus proves that the supplicant knows the PMK

[Authenticator to supplicant Message C] verifies to the supplicant that the authenticator knows the PMK and is thus a trusted party.

So therefore, Android Smart Unlock could use the fact that the phone has authenticated to a particular WPA2 network as an indicator that it is in a secure location. Of course this does not verify that the AP hasn't been stolen, cloned or otherwise compromised.

Community
  • 1
SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
0

Yes it is impossible to connect to the (trusted) access point unless both the client and access point have the same pre shared key (password).

Regarding the Android Smart Unlock feature, it depends how it's implemented. If it unlocked when it sees the ESSID (the AP name such as "MyHomeWifi") or the BSSID (the MAC address) then both of those can be spoofed. In either of those cases you may want to read more about how the karma attack works. If Android were vulnerable to this style of attack, then I suppose the unlock feature may be activated.

KDEx
  • 4,981
  • 2
  • 20
  • 34
  • 1
    The question is mostly interested in knowing whether an attacker's AP can fool clients even if the attacker doesn't know the PSK – miniBill Jun 10 '15 at 05:36