WiFi 4-WAY HANDSHAKE

4-Way Handshake - WiFi

I was thinking to write about the 4-way handshake and started to think that from where I should start writing. Shall I just describe 4-way handshake which can be found everywhere on the web or shall I do a deep dive?  Reason for me to write is to make it easier to understand for non WiFi people who can just read and understand because sometimes different terminologies used in this process can be confusing. So, let’s start with…

What is 4-way Handshake:

The 4-way handshake is the process of exchanging 4 messages between an access point (authenticator) and the client device (supplicant) to generate some encryption keys which can be used to encrypt actual data sent over Wireless medium. These keys which are generated through 4-way handshake are generated by some source key material which will be discussed later.

If you do not want to get confused about the terminologies used in 4-way handshake then let’s have a quick look. Let’s see what terminologies we might come across to understand 4-way handshake. I would say don’t be scared of these terminologies. It’s like much ado about nothing.

These are the few keys we will be discussing…

• MSK (Master Session Key)
• PMK (Pairwise Master Key)
• GMK (Group Master Key)
• PTK (Pairwise Transient Key)
• GTK (Group Temporal Key)
• ANonce
• SNonce
• MIC

I will start by talking about the keys which are generated during the 4-way handshake and towards the keys and other variables needed in order to generate these keys.

PTK (Pairwise Transient Key):

Pairwise Transient key is used to encrypt all unicast traffic between a client station and the access point. PTK is unique between a client station and access point. To generate PTK, client device and access point need the following information.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Anonce is a random number generated by an access point (authenticator), Snonce a random number generated by the client device (supplicant). MAC addresses of supplicant (client device) and MAC address of authenticator (access point). PRF is a pseudo-random function which is applied to all the input.

PTK is dependent on another high-level key PMK (pairwise master key) which is discussed below.

GTK (Group Temporal Key):

Group temporal key is used to encrypt all broadcast and multicast traffic between an access point and multiple client devices. GTK is the key which is shared between all client devices associated with 1 access point. For every access point, there will be a different GTK which will be shared between its associated devices.

GTK is dependent on another high-level key GMK (group master key) discussed below.

PMK (Pairwise Master Key):

What is PMK and why we need it? Now we know what is PTK and GTK. PTK is generated with the help of PMK. As we discused above in order to generate PTK, we need the following input.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Pairwise master is key generated from master session key (MSK). In case of WPA2/PSK when device authenticates with access point the PSK becomes PMK.

Point to Remember: PMK resides on all stations as in AP and client devices, so we do not need to share this information. We use this information to create PTK which are used for unicast data encryption.

GMK (Group Master Key):

Group master key is used in a 4-way handshake to create GTK discussed above. GTK is generated on every access point and shared with the devices connected to this AP.

MSK (Master Session Key):

The master session is the first key which is generated either from 802.1X/EAP or derived from PSK authentication.

We discussed above keys from bottom to top and how keys are dependent on other keys. This is the view from top to bottom.

1. The first level key is generated is MSK during the process of 802.1X/EAP or PSK authentication.
2. The second level key is generated from MSK is PMK and GMK. PMK is used to generate PTK and GMK is used to create GTK.
3. Third level keys are the actual keys used for data encryption.

(Keys Hierarchy)

4-Way Handshake in Action: 

Once we understand important keys and how they are generated now let’s have a look on an actual 4-way handshake. Imagine an access point is configured with WPA2/PSK and device is trying to connect to it. In our example its SSID PRINTERS with password printer123.

Sooner user click on printers SSID it goes through the states which I have discussed in another post. From authentication to the association to security validation. This is where 4-way handshake happens, instead of sending the password to the access points there are EAPOL (Extensible authentication protocol over LAN) messages exchange happens.

(4-way handshake)

Device States:

A device going through states from authentication to association. Once the device is authenticated and associated and now security will be checked, and 4-way handshake will start.

4-way handshake Wireshark view:

Message1: access point sends EAPOL message with Anonce (random number) to the device to generate PTK. Don’t forget client device knows Ap’s MAC because its connected to it. It has PMK, Snonce and its own MAC address. Once it receives Anonce from access point it has all the inputs to create the PTK.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Mac address 9c:5d:12:5e:6c:66 is source address or mac address of the access point who is sending first EAPOL message to the device and d0:c5:f3:a9;16:c5 is Mac device. In this message access point sending ANonce to the client device.

(Anonce from AP to the device)

Message2: Once the device has created its PTK it sends out SNonce which is needed by the access point to generate PTK as well. The device sends EAPOL to AP message2 with MIC (message integrity check) to make sure when the access point can verify whether this message corrupted or modified. Once SNonce received by the AP it can generate PTK as well for unicast traffic encryption.

This is the second message going from the client device to AP with Snonce and MIC field set to 1.

(Message 2)

Message3: EAPOL message3 is sent from AP to client device containing GTK. AP creates GTK without the involvement of the client from GMK.

(Message 3)

Message4: Fourth and last EPOL message will be sent from the client to AP just to confirm that Keys have been installed.

4-way handshake Result:

Control port unlocked: Once the 4-way handshake is completed successfully virtual control port which blocks all the traffic will be open and now encrypted traffic can flow. Now all unicast traffic will be encrypted with PTK and all multicast traffic will be encrypted via GTK which created in the 4-way handshake process.

 Summary:

Lets summaries all this what we have discussed above. I have broadcasted PRINTERS SSID and tried to connect to it.  AP is beaconing SSIDs and when I clicked PRINTERS SSID to connect we can see full conversation with acknowledgment frame.

The device is requesting to connect to PRINTERS and the access point is responding with a probe response. Now device goes through the states from unauthenticated and un-associated to authenticated and associated.

Once authenticated and associated now it goes through security check and 4-way handshake happens and after successful 4-way handshake now the control port will be open for communication.

(Full conversation from association to complete 4-way handshake)