Authentication and Key Management (AKM) & PSK Authentication
In the previous blogs, we have mentioned about Robust Security Network (RSN) that was being defined in 802.11i amendment. RSN now also being part of the 802.11-2012 standard. Robust security network association (RSNA) requires 802.11 stations to have process for dynamic encryptions keys creation after the authentication and association.
AKM which stands for Authentication and Key Management is the process that helps us to explain how encryption keys are derived from authentication. It was also defined in the 802.11-2012 standard for the AKM services.
Authentication is the process or action of verifying the identity of a client station before its access to the network is granted
Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Although Authentication and Encryption serves two different set of goal, but they were linked together in the modern 802.11 network in the AKM services.
Before we view and study the whole frame exchanges during the AKM services, it is important that we understand the RSN key hierarchy and its different keys.
Master Session Key (MSK)
MSK is at the top of the RANA key hierarchy. It is the first key being generated during the process from 802.1X/EAP or is derived from PSK authentication. In PSK authentication, it follows the below passphrase-PSK mapping formula to convert the passphrase to a 256bit PSK:
PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)
Master Keys
There are two master keys being created which are PMK and GMK. These master key will be used as seeding material later for the 4-Way Handshake process.
Pairwise Master Key (PMK)
The PMK is derived from MSK seeding material. In 802.1X/EAP authentication, a unique PMK is generated every time a client authenticates or re-authenticates. While in PSK authentication, the 256-bit PSK is also being used as the PMK and thus every client will be having the same PMK in this case. PMK will be used to create PTK.
Group Master Key (GMK)
GMK is another master key but created randomly on the access point or authenticator. This GMK key may be regenerated at a time interval. GMK will be used to create GTK.
Temporal Keys
PTK and GTK are being created from the 4-Way Handshake process and these temporary keys are used to encrypt or decrypt 802.11 data.
4-Way Handshake
During the 4-Way Handshake, four EAPOL-key frames are being exchanges to create the dynamic encryption keys. We will look into the details of these exchanges in the next blog.
Pairwise transient key (PTK)
The PTK is used to encrypt all the unicast traffic between the client stations and the access point. It is created by the 4-Way Handshake using a pseudo-random function that combines the PMK, Numerical authenticator nonce, Numerical supplicant nonce, Authenticator (or Access point)’s MAC Address (AA) and Supplicant’s MAC Address (SPA)
PTK = PRF (PMK + ANonce + SNonce + AA + SPA)
The PTK is composed of Key Confirmation Key (KCK), Key Encryption Key (KEK) and Temporal Key (TK)
Group Temporal Key (GTK)
The GTK is used to encrypt all broadcast and multicast traffic between the client stations and the access point.
AKM Operations for PSK Authentication
Let’s now go back to the AKM Operation. I have run the packet capture to perform this study. The example used below will be using WPA2/PSK with CCMP (AES) to be the encryption method. We will study further for the 802.1X/EAP later in another blog of this series.
AKM overview from Certified Wireless Security Professional (CWSP) Study GuideFor both 802.1X/EAP and PSK authentication, Discovery will happen and that involves active or passive scanning, open system authentication and association.
1. Beacon
2. Probe Response
3. Association request
4. Re-Association request
From the RSN information, we can determine the authentication and encryption methods being used. PSK and CCMP was shown in this example.
After discovery, the PSK authentication will start. And it followed by master key generation. The passphrase-PSK mapping formula use both the passphrase and SSID inputs to generate the 256-bit PSK. This PSK will then be used a PMK. GMK is randomly created on the access point. With the 4-Way Handshake, four EAPOL key frames are exchanged and used to generate the temporary keys PTK and GTK for encryption and decryption of the 802.11 data frames. Once the temporary keys are installed, the controlled port of the authenticator which block the traffic will be unlocked and the traffic can be sent through.
