UoL CS Notes
Menu

WiFi Security

COMP211 Lectures

With a wireless network the arriving mobile must:

  • Associate with the access point.
  • Authenticate to the network.

802.11 Authentication & Encryption

  1. Discovery of Security Capabilities:
    1. AP advertises its presence, forms of authentication and encryption provided.
    2. Device requests specific forms of authentication and encryption desired.

    Although the device and AP are already exchanging messages the device is not yet authenticated and does not have encryption keys.

  2. Mutual Authentication & Shared Symmetric Key Derivation:
    1. AS and the mobile already have a shared common secret (the password).
    2. AS and the mobile use the shared secret, nonces (to prevent replay attacks) and cryptographic hashing (to ensure message integrity) to authenticate each other.
    3. AS and the mobile derive a symmetric session key.

    AS is the authentication server (could be combined into the AP).

  3. Shared Symmetric Session Key Distribution (for AES encryption):
    1. Same key derived at the mobile and AS.
    2. The AS informs the AP of the shared symmetric session.
  4. Encrypted communication between the mobile and remote host via the AP.