Page 449 - From GMS to LTE
P. 449
Wireless Local Area Network (WLAN) 435
In the first message, the AP sends a random number to the client device. On the client
side, the random number is used in combination with the secret password (PSK) to gen-
erate a response. The password can have a length of 8–64 characters. The result is then
sent to the AP in a response message together with another random number. In the next
step, the AP compares the response with the expected value that it has calculated itself.
These can only be identical if both sides have used the same password for the process.
The client device is authenticated if the values match. The AP then creates a session key
which it encrypts with the common password and sends it to the client device. The client
device deciphers the session key with the common password and returns a confirmation
to the AP that the message was received correctly. This message also implicitly activates
ciphering in both directions. In the final step, the AP informs the client device about the
current key for deciphering broadcast frames. While there is an individual session key
for each client device, the key for broadcast messages is the same for all devices, as
broadcast frames must be deciphered by all devices simultaneously.
The advantage of the use of individual session keys compared to the use of a pass-
word as an input to the encryption and decryption algorithms is that the session key
can be changed during an ongoing connection. This prevents brute force attacks that
try to obtain the key by trying out all different combinations or by analyzing a large
amount of data collected over time. A typical value for the update of the session key
is one hour.
While WPA‐PSK can protect a network against external attackers and eavesdroppers
one internal weakness remains. An attacker who is aware of the Pre‐Shared Key (PSK)
and, in addition, has observed the individual session key negotiation of another device
can use this information to decrypt the data frames sent between this device and the
access point. Network analysis software such as Wireshark have this functionality built‐
in by default. This means that besides being aware of the password of a WPA‐PSK
encrypted network, little technical knowledge is required to decipher packets being
sent and received by other devices.
6.7.3 WPA and WPA2 Enterprise Mode Authentication – EAP‐TLS
In addition to WPA‐PSK authentication, which uses a common key (Pre‐Shared Key) in
the AP and all client devices, there is also an enterprise mode with an individual key or
certificate for each device. The keys or certificates are not stored in the access point but
in central authentication servers. This allows companies to have several APs to cover a
larger area without the need to store the keys in each AP. In addition, individual keys or
certificates significantly increase overall security as network access can be granted and
removed on a per‐user basis. The most popular protocols for communicating with an
external authentication server are RADIUS (Remote Authentication Dial In User
Service) and the Microsoft Authentication Service.
For WPA, a number of different authentication protocols have been specified to be
compatible with as many external authentication servers as possible. These protocols
are referred to as Extensible Authentication Protocols (EAPs). A popular authentication
protocol is the Extensible Authentication Protocol – Transport Layer Security (EAP‐
TLS) protocol, described in RFC 5216. The protocol uses certificates stored on the
client device and on the authentication server. Important parts of the certificate are
the public keys of the client device and the authentication server. These are used to
