In a wired network – due to the fact that stations are connected via cables, the data is pretty secure in itself. However when the transmission medium is air, all data transmissions are heard by every Station in the network. The Data can also be sniffed by hacker stations that can try and decrypt the […]

The initial Open system authentication and Shared Key authentication provided for user authentication by the 802.11 standard body was seen to be inadequate in providing a strong user authentication method. To circumvent the issues seen in the 802.11 authentication methods, the decision to use upper layer authentication of user stations was considered. The use of […]

The 802.1X authentication mechanism is an upper layer authentication mechanism and comprises of a supplicant (802.11 Station), Authenticator (Access Point) and Authentication Server (e.g. RADIUS). Numerous methods of upper layer authentication are specified in various RFCs. Some examples are provided be below EAP-TLS EAP-TTLS EAP-GTC PEAP-MSCHAPv2 LEAP etc The 802.1X mechanism involves the following steps […]

Prior to the 802.1 X EAP and 4-way EAPOL handshakes – the 802.11 Station and the Access Point exchange information to associate to one another. At the end of a successful association – the 802.11 client is connected to the Access point but the Data channel is still blocked. The Data channel will be enabled […]

The WPA/WPA2 standards described two methods of user authentication. They are 802.1X EAP/EAPOL mechanism Pre-Shared Key (EAPOL) Mechanism Both the above authentication mechanisms involve authenticating the user and also generating a set of encryption keys that could be used for data security. The WLAN association and authentication mechanism can be broken into three phases. The […]

In the Pre-Shared Key Mechanism, the upper layer handshake as performed in 802.1X mechanism is not performed as the Pair-wise Master Key is generated by utilizing a user supplied Pass-phrase. The 802.11 user enters a passphrase which has to be a minimum of 8 characters and can be a maximum of 63 characters. The Passphrase […]

The below  example shows how an 802.11 authentication occurs via the Pre-Shared Key Authentication Mechanism. For an understanding of the Pre-Shared key Mechanism refer here <802.11 Pre-Shared Key Mechanism>.  The below example shows a WPA-PSK example. AP sends a beacon packet with the WPA Information element with the Authentication Key Management as PSK and in […]

The current article outlines the packet exchange between an Access Point and a WLAN station till association partaking in an 802.1X authentication mechanism. The WPA mechanism is shown here The Access Point sends a beacon indicating support of 802.1X authentication in the WPA element Authentication key management field The WLAN station sends a Probe request […]

The Pre-shared Key mechanism till association was described here <Wireless Capture Example – Pre-shared Key Part 1>. In the Pre-shared Key mechanism – the Master Key material for the 4-way EAPOL handshake is obtained from the secret passphrase that is known a-priori between the Access Point and the WLAN station. The reader can understand the […]

The reader can understand the association mechanism between a WLAN station and Access point for 802.1X authentication here <Wireless Capture Example – EAP Handshake – Part 1> There are a number of 802.1X EAP mechanisms that are used in WLAN. The number of EAP exchanges depend on the EAP Method employed. The Frame exchanges that […]