Connection handshake in WiFi WiFi State Machine

1
Connection handshake in WiFi WiFi State Machine

• -Amit Vartak

2
WiFi Jargons

• AP (Access Point)
• Client/Station
• SSID
• WEP
• Infrastructure
• AdHoc
• Authentication
• Association
• MAC address
• IP address
• TKIP/ CCMP/ AES

3
Some Questions.

• What all you should know for getting connected to
  AP?
• How Station comes to know the existence of AP?
• How Station and AP negotiate the capabilities?
• Can AP check the credentials of Station and vice
  versa?
• Does all this happen at layer 2 or layer 3?
• Since my AP is connected to ethernet jack Does
  ethernet and wireless frames share same structure?

4
Solution to above Questions ? ? WiFi State
Machine
Courtesy IEEE 802.11-1999 standard
5
Important Frames in Association (OPEN case)

• Beacon
• Probe Request
• Probe Response
• Authentication (From Client to AP)
• Authentication (Success/failure) (From AP to
  Client)
• Association Request
• Association Response

6
Importance of each frames

• Beacon
• Announce the existence
• Synchronization
• Probe request/ response
• Wireless credentials handshake
• Authentication
• Check the genuineness
• Association
• Can you server my needs?

7
Shared key Authentication

• A shared secret between AP and Station
• Authentication phase now consists of 3 way
  handshake
• AP authenticates the Station but Station DOESNOT
  authenticate AP
• A simple challenge-response type of
  authentication
• If you are using WEP your first 128 byte key
  stream for the IV is known to all.. ? ? ?

8
WEP Association any extra frame?

• NO, there is shared secret between AP and
  Station.
• Either party will use that secret for encryption
• Are you using WEP?
• First step is change it to WPA or WPA-2
• SecurityTube.net has videos for cracking WEP key
  and flaws in WEP protocol BUT first change your
  security level WEP is broken its
• Worst Ever Privacy ?

9
-Thank You

• -Amit Vartak
• amitcv_at_gmail.com