Cryptography Reference
In-Depth Information
Alice
Bob
r
A
Derive
EK
,
MK
,
DEK
,
DMK
r
B
||
MAC
MK
(
r
B
)
Derive
EK
,
MK
,
DEK
,
DMK
Ready to start ||
MAC
MK
(ready to start)
Figure 12.5.
WPA authentication and key establishment protocol
3. Bob then sends
r
B
to Alice, along with a MAC computed on
r
B
using MAC
key
MK
.
4. Alice uses
r
A
,
r
B
and
PMK
to derive the four session keys. She then checks the
MAC that she has just received from Bob.
5. Alice sends a message to Bob stating that she is ready to start using encryption.
She computes a MAC on this message using MAC key
MK
.
6. Bob verifies the MAC and sends an acknowledgement to Alice.
At the end of this protocol both Alice and Bob have achieved mutual entity
authentication, since each has demonstrated knowledge of
PMK
by successfully
computing MACs using
MK
, which is derived from
PMK
. (Strictly speaking, Bob
has only achieved assurance that Alice is
one of
the authorised users of theWLAN,
since there may be more than one user sharing
PMK
with Bob.) In addition, Alice
and Bob have agreed on four session keys. Two of these,
DEK
and
DMK
, will be
used to secure the data exchanged between Alice and Bob in the coming session
(the fourth key
EK
plays a role in group key management, which we will not
discuss).
CONFIDENTIALITY AND DATA ORIGIN AUTHENTICATION IN WPA
WPA and WPA2 differ in the way that they provide protection for the data
exchanged during a communication session between a device and a wireless access
point. Recall that WPA was designed as a temporary 'fix' of WEP, while WPA2 is
a complete redesign.
While WPA still uses RC4, it features several design improvements:
• The RC4 encryption key is created by
mixing DEK
and an IV, rather than
concatenating, as in WEP. Further, a separate encryption key is derived by such
