1

I'm currently trying to understand WPA-2 and I've discovered that it's built on the EAP-PSK protocol which sets up some keys derived from the SSID name and a password.

I assume that the keys derived from EAP-PSK, namely AK and TEK, are used in the 4-way handshake to verify that the 2 parties have generated on each derivative level the correct keys (KDK vs MSK and EMSK). (see the RFC)

What I don't understand is which type of key is used for message encryption in WPA2-PSK after the 4-way handshake is successful. Is it through extended authentication with TEK key?

Edit: I am aware of this question and the book presented in the voted answer. Unfortunately, the book has different notations compared to the RFC and I'm looking for a more precise answer that tells me exactly which is the key used in the encryption after the handshake is successful.

Community
  • 1
Dragos
  • 113
  • 4
  • 4
    possible duplicate of [Four-way Handshake in WPA-Personal (WPA-PSK)](http://security.stackexchange.com/questions/17767/four-way-handshake-in-wpa-personal-wpa-psk) – RoraΖ Sep 10 '15 at 14:44
  • I've searched through the [libtins library](https://github.com/mfontanini/libtins) and found that there isn't any AK, TEK or EMSK keys derived in the WPA2 protocol. The 4 way handshake happens differently in WPA2 than presented in the RFC. – Dragos Oct 02 '15 at 10:44

1 Answers1

1

What you have to understand is that EAP is less of a protocol, and more of a framework. The terminology from this answer is valid because of the following quote from the IEEE 802.11i wiki page:

To derive the PMK from the PSK, the PSK is put through PBKDF2-SHA1 as the cryptographic hash function. If an 802.1X EAP exchange was carried out, the PMK is derived from the EAP parameters provided by the authentication server.

So when EAP-PSK is configured a four-way handshake occurs with a client to essentially establish authentication to the AP. The result of that authentication is essentially the PMK. This link explains the difference between using WPA2-PSK and WPA2-PEAP. I know it's not exactly the same, but you can see that a separate exchange occurs before the WPA2 four-way handshake.

The entire EAP-PSK process outlined in RFC4764 is only used to establish authentication and secure channels to relay the PMK to the client. Which I believe is the MSK/EMSK since they're not mentioned at all in the RFC after derivation. Then that's used as the basis for the rest of WPA2 setup.

I agree this is confusing, and wireless technology is really just black magic with dragons taking your packets to places.

Now the libtins library uses the PMK and PTK terminology. Their WPA2 session keys are derived in src/crypto.cpp.

Community
  • 1
RoraΖ
  • 12,317
  • 4
  • 51
  • 83
  • Indeed, the fact that WPA2-PSK is called this way is because of the 4-way handshake and the RFC4764 should be consider a framework (WPA2 uses with slightly different parameters). – Dragos Oct 04 '15 at 19:24