Showing posts with label Sequence Diagrams. Show all posts
Showing posts with label Sequence Diagrams. Show all posts

Saturday, November 16, 2013

STA-AP: WPA2-PSK Connection Establishment



WPA2 vs WPA Comparison

WPA2WPA
Encryption TypeAESRC4
PTK length384(KCK,KEK,TK)512(KCK,KEK,TK,MIC)
Message integrityUses TKUses MIC
Group KeyTKIP or CCMPTKIP
Group Key messageM3 Group-M1
Information ElementRSN IEWPA IE


Posted by at No comments:
Labels: ,

Saturday, October 5, 2013

STA-AP: WPA-PSK Connection Establishment (Sequence Diagram)



Summary

  • Probe response and beacon frames include the WPA IE (AP WPA capabilities)
  • Association request from STA includes the WPA IE (STA WPA capablities)
  • IEs in EAPOL messages and corresponding probe/beacon/assoc messages should match
  • WPA Pairwise Key (TKIP) is dervied from the following
    • STA MAC address
    • AP MAC address
    • PMK (Pairwise Master Key) (PMK = PSK (256 bits))
    • Authenticator (AP) Nonce (A random value genearted by AP)
    • Supplicant (STA) Nonce (A random value generated by STA)
  • Pairwise key consists of 
    • EAPOL KEK (128 bits)
    • EAPOL KCK (128 bits)
    • TKIP TK (128 bits)
    • TKIP MIC Key (128 bits)
  • WPA does not use KEK to encrypt the keys (Q:What is the purpose of KEK in TKIP?)
  • KCK is used for integrity protection of EAPOL messages
  • Group key messages are encrypted using TKIP TK
  • Group key consists of
    • Group Temporal Key (128 bits)
    • Group MIC (128 bits)
  • Group key may be periodically updated by the AP
  • Air-traces used to generate this diagram can be downloaded from here 

Posted by at 13 comments:
Labels: ,

Sunday, August 25, 2013

STA-AP: Connection Establishment(No Security)

Sequence diagrams are very useful in understanding the interaction between various nodes in an 802.11 network. I will post sequence diagrams of 802.11 scenarios in this blog.
  • The sequence diagrams will be created from "actual" air traces in the network (Notice the frame numbers in the diagram)
  • The air trace used to create the sequence diagram will also be attached
I will start with a very basic scenario: "Connection establishment"
  • Mode: Infrastructure
  • No security (Open Network)


Connection establishment involves the following basic steps:

  • Scan
    • In case of an active scan, the STA would send out a probe request and receive a probe response from the AP.
    • In case of a passive scan, the STA would find the AP by listening to the beacon.
  • Authentication
  • Association

The air-trace for this scenario can be downloaded here.

Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)