World Library  
Flag as Inappropriate
Email this Article

IEEE 802.11i-2004

Article Id: WHEBN0000783135
Reproduction Date:

Title: IEEE 802.11i-2004  
Author: World Heritage Encyclopedia
Language: English
Subject: IEEE 802.10, IEEE 802.11, PTK, Reference desk/Archives/Computing/2014 December 14, 11i
Collection: Cryptographic Protocols, Ieee 802.11
Publisher: World Heritage Encyclopedia
Publication
Date:
 

IEEE 802.11i-2004

IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

Contents

  • Replacement of WEP 1
  • Protocol operation 2
    • The four-way handshake 2.1
    • The group key handshake 2.2
  • See also 3
  • References 4
  • External links 5

Replacement of WEP

802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have security vulnerabilities. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.[1]

Protocol operation

IEEE 802.11i enhances IEEE 802.11-1999 by providing a Robust Security Network (RSN) with two new protocols, the 4-Way Handshake and the Group Key Handshake. These utilize the authentication services and port access control described in IEEE 802.1X to establish and change the appropriate cryptographic keys.[2][3] The RSN is a security network that only allows the creation of robust security network associations (RSNAs), which are a type of association used by a pair of stations (STAs) if the procedure to establish authentication or association between them includes the 4-Way Handshake.[4]

The standard also provides two RSNA data confidentiality and integrity protocols, TKIP and CCMP, with implementation of CCMP being mandatory.[5]

The initial authentication process is carried out either using a pre-shared key (PSK), or following an EAP exchange through 802.1X (known as EAPOL, which requires the presence of an authentication server). This process ensures that the client station (STA) is authenticated with the access point (AP). After the PSK or 802.1X authentication, a shared secret key is generated, called the Pairwise Master Key (PMK). To derive the PMK from the PSK, the PSK is put through PBKDF2-SHA1 as the cryptographic hash function. If an 802.1X EAP exchange was carried out, the PMK is derived from the EAP parameters provided by the authentication server.

The four-way handshake

The four-way handshake in 802.11i

The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key. Instead of disclosing the key, the access point & client each encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The four-way handshake is critical for protection of the PMK from malicious access points—for example, an attacker's SSID impersonating a real access point—so that the client never has to tell the access point its PMK.

Since the PMK is designed to last the entire session and should be exposed as little as possible; therefore, keys to encrypt the traffic need to be derived. A four-way handshake is used to establish another key called the Pairwise Transient Key (PTK). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a pseudo random function. The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic.

The actual messages exchanged during the handshake are depicted in the figure and explained below (all messages are sent as EAPOL-Key frames):

  1. The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.
  2. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code (MAIC).
  3. The AP constructs and sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
  4. The STA sends a confirmation to the AP.

The Pairwise Transient Key (64 bytes) is divided into five separate keys:

  1. 16 bytes of EAPOL-Key Confirmation Key (KCK)– Used to compute MIC on WPA EAPOL Key message
  2. 16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the 'Key Data' field) to the client (for example, the RSN IE or the GTK)
  3. 16 bytes of Temporal Key (TK) – Used to encrypt/decrypt Unicast data packets
  4. 8 bytes of Michael MIC Authenticator Tx Key – Used to compute MIC on unicast data packets transmitted by the AP
  5. 8 bytes of Michael MIC Authenticator Rx Key – Used to compute MIC on unicast data packets transmitted by the station

The Group Temporal Key (32 bytes) is divided into three separate keys:

  1. 16 bytes of Group Temporal Encryption Key – used to encrypt/decrypt Multicast and Broadcast data packets
  2. 8 bytes of Michael MIC Authenticator Tx Key – used to compute MIC on Multicast and Broadcast packets transmitted by AP
  3. 8 bytes of Michael MIC Authenticator Rx Key – currently unused as stations do not send multicast traffic

The Michael MIC Authenticator Tx/Rx Keys in both the PTK and GTK are only used if the network is using TKIP to encrypt the data.

The group key handshake

The Group Temporal Key (GTK) used in the network may need to be updated due to the expiry of a preset timer. When a device leaves the network, the GTK also needs to be updated. This is to prevent the device from receiving any more multicast or broadcast messages from the AP.

To handle the updating, 802.11i defines a Group Key Handshake that consists of a two-way handshake:

  1. The AP sends the new GTK to each STA in the network. The GTK is encrypted using the KEK assigned to that STA, and protects the data from tampering, by use of a MIC.
  2. The STA acknowledges the new GTK and replies to the AP.

See also

References

  1. ^ "IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements" (pdf).  
  2. ^ IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements (pdf),  
  3. ^ IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements (pdf),  
  4. ^ IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements (pdf),  
  5. ^ IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements (pdf),  
General
  • "IEEE 802.11-2007: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications".  
  • "The Evolution of 802.11 Wireless Security" (PDF). ITFFROC. 2010-04-18. 

External links

  • Vulnerability in the WPA2 procotol, hole196 [3], [4]
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.