Cryptography Reference
In-Depth Information
12.2.5
WPA and WPA2
We now look at how WPA and WPA2 overcome the many problems with WEP.
MUTUAL ENTITY AUTHENTICATION AND KEY ESTABLISHMENT
In order to avoid all the problems relating to use of a shared, fixed WEP key, a
key hierarchy (see Section 10.4.1) is employed. The top key in this key hierarchy
is known as the
pairwise master key PMK
, which is a key that is shared between
a device and a wireless access point. There are two ways in which this key
PMK
can be established:
1.
During an AKE protocol that is run between a device and a central authentication
server.
Both WPA and WPA2 support the use of a central authentication server
to provide authentication in a way that is scalable and can be tailored to fit the
needs of the specific application environment. A wide range of authentication
techniques are supported by the
Extensible Authentication Protocol
(EAP),
which is a suite of entity authentication mechanisms that includes methods
that deploy SSL (see Section 12.1) to secure a connection to an authentication
server.
2.
As a pre-shared key that is programmed directly into the device and the wireless
access point.
This is most suitable for small networks. The most common
method for generating
PMK
is by deriving it from a password. Any users
requiring access to the WLAN must be made aware of this password. A home
user who purchases a wireless router may be provided with a (weak) default
password from the manufacturer or service provider. It is important that this is
changed on first installation to something less predictable.
Note that even if a device has successfully authenticated itself to a central
authentication server and this server has passed
PMK
to the wireless access
point, it is still necessary for the device to authenticate itself to the access point.
Regardless of how
PMK
has been established, it forms the basis for this entity
authentication process between the device and the access point. The master key
PMK
is also used to derive session keys using the following AKE protocol that
runs between Alice (a device) and Bob (a wireless access point) and is shown in
Figure 12.5:
1. Alice generates a nonce
r
A
and sends
r
A
to Bob.
2. Bob generates a nonce
r
B
. Bob then uses
r
A
,
r
B
and
PMK
to derive the following
four 128-bit session keys:
• an encryption key
EK
;
• a MAC key
MK
;
• a data encryption key
DEK
;
• a data MAC key
DMK
.
