WPA 2 – Wi-Fi Protected Access II- This security method is the advancement of the WPA
and is equipped with a more robust and reinforced access control and data
security across a network. Due to its security features, it is said to provide
Government grade security based on the IEEE 802.11 i standard.
WPA2 comes in two forms;
·
The WPA2-Personal for personal protection from
unauthorized network access
·
The WPA2-Enterprise for corporate protection from
unauthorized access to server.
Comes with two new protocols:
·
The 4-Way Handshake:
The process leaves two cogitation:
The Access Point would need to validate itself to the client station, and
keys to encrypt the traffic need to be derived. The image below shows the
thread of messages during the handshake.
1.
The Access Point sends a nonce-value to the STA (ANonce). The
client then constructs the PTK with all the attributes.
2.
The STA sends its own nonce-value(SNonce) to the Access Point
together with a MIC, including validation, which is a Message
Authentication and Integrity Code(MAIC)
3.
The Access Point sends the GTK (Group Temporary Key)
and a sequence number together with another MIC. In the next number of
multicast or broadcast frame, the sequence number will be used, in order for
the receiving STA to perform basic replay detection.
4.
The STA sends a confirmation to the Access Point.
All the messages are transmitted as EAPOL - Key frames.
·
The Group Key Handshake
An update of the Group Temporary Key may be necessary because of a timer.
The GTK would require an update whenever a device leaves the network.
Consists of a two way Handshake:
·
The Access Point sends the new GTK to each STA across the network.
·
The STA accepts the new GTK and gives a response to the Access Point.
Reference: Wikipedia
About the Author
0 comments: