The 802.1X authentication mechanism is an upper layer authentication mechanism and comprises of a supplicant (802.11 Station), Authenticator (Access Point) and Authentication Server (e.g. RADIUS). Numerous methods of upper layer authentication are specified in various RFCs. Some examples are provided be below EAP-TLS EAP-TTLS EAP-GTC PEAP-MSCHAPv2 LEAP etc The 802.1X mechanism involves the following steps […]

Prior to the 802.1 X EAP and 4-way EAPOL handshakes – the 802.11 Station and the Access Point exchange information to associate to one another. At the end of a successful association – the 802.11 client is connected to the Access point but the Data channel is still blocked. The Data channel will be enabled […]

The WPA/WPA2 standards described two methods of user authentication. They are 802.1X EAP/EAPOL mechanism Pre-Shared Key (EAPOL) Mechanism Both the above authentication mechanisms involve authenticating the user and also generating a set of encryption keys that could be used for data security. The WLAN association and authentication mechanism can be broken into three phases. The […]

In the Pre-Shared Key Mechanism, the upper layer handshake as performed in 802.1X mechanism is not performed as the Pair-wise Master Key is generated by utilizing a user supplied Pass-phrase. The 802.11 user enters a passphrase which has to be a minimum of 8 characters and can be a maximum of 63 characters. The Passphrase […]

The below  example shows how an 802.11 authentication occurs via the Pre-Shared Key Authentication Mechanism. For an understanding of the Pre-Shared key Mechanism refer here <802.11 Pre-Shared Key Mechanism>.  The below example shows a WPA-PSK example. AP sends a beacon packet with the WPA Information element with the Authentication Key Management as PSK and in […]

The current article outlines the packet exchange between an Access Point and a WLAN station till association partaking in an 802.1X authentication mechanism. The WPA mechanism is shown here The Access Point sends a beacon indicating support of 802.1X authentication in the WPA element Authentication key management field The WLAN station sends a Probe request […]

The Pre-shared Key mechanism till association was described here <Wireless Capture Example – Pre-shared Key Part 1>. In the Pre-shared Key mechanism – the Master Key material for the 4-way EAPOL handshake is obtained from the secret passphrase that is known a-priori between the Access Point and the WLAN station. The reader can understand the […]

The reader can understand the association mechanism between a WLAN station and Access point for 802.1X authentication here <Wireless Capture Example – EAP Handshake – Part 1> There are a number of 802.1X EAP mechanisms that are used in WLAN. The number of EAP exchanges depend on the EAP Method employed. The Frame exchanges that […]

The TKIP encapsulation process is shown below FIG Courtesy – 802.11 Standard Description of the parameters TA – Transmitter address TK – Temporal Key TSC – TKIP Sequence Counter Priority – QoS TID Priority – set to 0 if QoS control field is not present MIC Key – MIC transmitter Key (64 bits) obtained during […]

The TKIP decapsulation Process is shown below FIG Courtesy: 802.11 Standard Description of the parameters TA – Transmitter address TK – Temporal Key TSC – TKIP Sequence Counter Priority – QoS TID Priority – set to 0 if QoS control field is not present MIC Key – MIC Receiver Key (64 bits) obtained during EAPOL […]