Friday, July 17, 2015

WEP Shared key(4 way authentication)















The following steps occur when two devices use Shared Key Authentication:
  1. The station sends an authentication request to the access point.
  2. The access point sends challenge text to the station.
  3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and it sends the encrypted text to the access point.
  4. The access point decrypts the encrypted text using its configured WEP key that corresponds to the station's default key. The access point compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP key, and the access point authenticates the station.
  5. The station connects to the network.
 Details of each packet:
 
Shared Key authentication may be used if WEP has been selected and shall not be used otherwise.

FIRST PACKET:

DESC: Upon receipt of a Shared Key MLME-AUTHENTICATE.request primitive, the requester shall perform the following procedure:

a) If one or more request parameters are invalid, issue an MLME-AUTHENTICATE.confirm primitive with ResultCode set to INVALID_PARAMETERS; else
b) Construct a Shared Key authentication request frame and transmit it to the responder.

Frame: 94: 34 bytes on wire (272 bits), 34 bytes captured (272 bits)
802.11 radio information
IEEE 802.11 Authentication, Flags: .........
    Type/Subtype: Authentication (0x000b)
    Frame Control Field: 0xb000
    .000 0001 0011 1010 = Duration: 314 microseconds
    Receiver address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Destination address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Transmitter address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Source address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    BSS Id: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Fragment number: 0
    Sequence number: 9
    Frame check sequence: 0x00000000 [incorrect, should be 0xd5391e0a]
IEEE 802.11 wireless LAN management frame
    Fixed parameters (6 bytes)
        Authentication Algorithm: Shared key (1)
        Authentication SEQ: 0x0001
        Status code: Successful (0x0000)

SECOND PACKET:

DESC: Upon receipt of an authentication frame requesting Shared Key authentication, the responder may authenticate the requester using the procedure here and in the following two frames:
a) Issue an MLME-AUTHENTICATE.indication primitive to inform the SME of the authentication request.
b) Before sending the second frame in the Shared Key authentication sequence, the responder shall use WEP to generate a string of octets to be used as the authentication challenge text.
c) Construct and transmit to the requester an authentication response frame.

If the status code is not “successful,” this shall be the last frame of the transaction sequence; and the content of the challenge text field is unspecified.
If the status code is “successful,” the following additional information items shall have valid contents:
— Authentication algorithm dependent information = The challenge text
— This authentication result shall be of fixed length of 128 octets. The field shall be filled with octets generated by the WEP PRNG. The actual value of the challenge field is unimportant, but the value shall not be a static value

Frame: 97: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits)
802.11 radio information
IEEE 802.11 Authentication, Flags: .........
    Type/Subtype: Authentication (0x000b)
    Frame Control Field: 0xb000
    .000 0001 0100 0000 = Duration: 320 microseconds
    Receiver address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Destination address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Transmitter address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Source address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    BSS Id: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Fragment number: 0
    Sequence number: 7
    Frame check sequence: 0x00000000 [incorrect, should be 0x8e3a237d]
IEEE 802.11 wireless LAN management frame
    Fixed parameters (6 bytes)
        Authentication Algorithm: Shared key (1)
        Authentication SEQ: 0x0002
        Status code: Successful (0x0000)
    Tagged parameters (130 bytes)
        Tag: Challenge text
            Tag Number: Challenge text (16)
            Tag length: 128
            Challenge Text: af3bad3b301e6a7c30f16b0138c823ea7ea074c46284ed1c...

THIRD PACKET:
DESC: The requester shall copy the challenge text from the second frame into a third authentication frame. The third frame shall be transmitted to the responder after cryptographic encapsulation by WEP

Frame: 98: 172 bytes on wire (1376 bits), 172 bytes captured (1376 bits)
802.11 radio information
IEEE 802.11 Authentication, Flags: .p.......
    Type/Subtype: Authentication (0x000b)
    Frame Control Field: 0xb040
    .000 0001 0011 1010 = Duration: 314 microseconds
    Receiver address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Destination address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Transmitter address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Source address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    BSS Id: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Fragment number: 0
    Sequence number: 10
    Frame check sequence: 0x00000000 [incorrect, should be 0x9f917d1f]
    WEP parameters
        Initialization Vector: 0x0d0000
        Key Index: 1
        WEP ICV: 0xcf4de011 (not verified)

FOURTH PACKET:
The responder shall WEP-decapsulate the third frame as described in 11.2.2. If the WEP ICV check is successful, the responder shall compare the decrypted contents of the Challenge Text field with the
challenge text sent in second frame. If they are the same, then the responder shall transmit an authentication frame to the requester with a successful status code in the final frame of the sequence. If the WEP ICV check fails or challenge text comparison fails, the responder shall respond with an unsuccessful status code in final frame.
 
Frame: 100: 34 bytes on wire (272 bits), 34 bytes captured (272 bits)
802.11 radio information
IEEE 802.11 Authentication, Flags: .........
    Type/Subtype: Authentication (0x000b)
    Frame Control Field: 0xb000
    .000 0001 0100 0000 = Duration: 320 microseconds
    Receiver address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Destination address: 00:02:5b:00:33:05 (00:02:5b:00:33:05)
    Transmitter address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Source address: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    BSS Id: 90:f6:52:a1:95:d8 (90:f6:52:a1:95:d8)
    Fragment number: 0
    Sequence number: 8
    Frame check sequence: 0x00000000 [incorrect, should be 0x5fa1b3ec]
IEEE 802.11 wireless LAN management frame
    Fixed parameters (6 bytes)
        Authentication Algorithm: Shared key (1)
        Authentication SEQ: 0x0004
        Status code: Successful (0x0000)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)