Keys, Keys, and Even More Keys!

I thought I had a good understanding of how the WPA/WPA2 encryption key generation process worked, that was, until I read Chapter 5 of the CWSP (Certified Wireless Security Professional) Study Guide. I was definitely amazed and a little confused of what all happens in the background when a client authenticates and the encryption keys are created. Dealing mostly with personal or small office wireless environments I took a special interest in the process to generate the encryption keys in small office home office (SOHO) networks. I’m a firm believer that a strong passphrase is mandatory when using WPA/WPA2 Personal, and part of writing this blog was not only my way to fully understand the encryption key creation process, but at the same time to stress how important it is to select a completely random WPA/WPA2 passphrase. An easily guessed passphrase or a common dictionary word can expose your wireless network and connected devices to hacking or decryption of the data. The passphrase will not only authenticate clients to the access point, but it is also the initial seeding material to create the master keys that are then used to create the transient and temporal keys that encrypt the unicast data frames and broadcast and multicast frames.

Definitions

Let’s start by defining the alphabet soup of letters and give some quick definitions to the important terms being used in the article.

WPA/WPA2 Passphrase: Selected by the network owner and entered as a simple ASCII character string from 8 to 63 characters. The passphrase is configured on the access point and manually entered on the client devices that will join the APs wireless network.

Authenticator: In a SOHO network this will be the access point.

Supplicant: Any device wanting to join an access points service set.

Pre-Shared key (PSK): The result when the passphrase goes through the passphrase to PSK mapping formula.

PMK (Pairwise Master Key): Is the highest order key and derived from the pre-shared key (PSK).

GMK (Group Master Key): Generated by the authenticator (access point) and is the seeding material for the group temporal key.

4-Way Handshake: Uses the pseudo-random function to create and distribute the dynamic encryption keys.

Nonce: A randomly generated value only used once.

PTK (Pairwise Transient Key): Final encryption key used to encrypt unicast data traffic.

GTK (Group Temporal Key): Final encryption key used to encrypt broadcast and multicast traffic.

Selecting the Passphrase

The first step is to choose the passphrase and enter it in the security section of the wireless routers management interface. Notice I did not say select a password! As mentioned before avoid using common dictionary words, and don’t use your name, address, phone number, pet’s names, favorite sports team name, etc… It is recommended to select a completely random passphrase and using a passphrase generator is the best option to select a random passphrase. For help on selecting a highly secure passphrase read my earlier blog post on creating a secure WPA/WPA2 passphrase.

WPA/WPA2 passphrases are static and susceptible to offline dictionary attacks, and it will become very clear why this passphrase be absolutely random for maximum security of the wireless network.

The graphic below shows the encryption key generation process and can be referenced throughout the article.

WPA/WPA2 Encryption Key Generation

WPA/WPA2 Encryption Key Generation

Passphrase to PSK Mapping

Manually enter the passphrase on the client devices that will be joining the wireless network. The passphrase authenticates the device to the APs wireless network, and behind the scenes the passphrase will go through the “passphrase to PSK mapping” function to transform it into the 256-bit Pre-Shared Key (PSK).

Here is the formula to convert a passphrase to the PSK.

PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)

The whole point of the passphrase to PSK mapping formula is to simplify configuration for the average home network user. Anyone can remember an 8 to 63 character passphrase compared to a 256-bit PSK.

Master Keys

The PSK will become the Pairwise Master Key (PMK), so basically the PSK is equal to the PMK.

The authenticator (access point) generates the Group Master Key (GMK). The GMK is derived by the authenticator and used to create the Group Temporal Key (GTK). The GTK will be used by the AP and all the authenticated clients to encrypt multicast and broadcast traffic.

4-Way Handshake

The graphic below is from Chapter 5 of the CWSP Study Guide to further explain the 4-way handshake process.

4wayhandshake2

The 4-way handshake is a 4 frame exchange (not including acknowledgements) between the supplicant and the authenticator. Using a pseudo-random function (PRF) the 4-way handshake will create the Pairwise Transient Key (PTK) by combining the PMK, an authenticator nonce, a supplicant nonce, the authenticator’s MAC address (AA), and the supplicant’s MAC address (SPA).

Here is the pseudo-random function formula and below the formula is a brief description for the 4 frames exchanged during the 4-way handshake.

PTK = PRF (PMK + ANonce + SNonce + AA + SPA)

Message 1: The authenticator sends its ANonce to the supplicant. The supplicant now has all the information needed to generate the PTK using the pseudo-random function. The PTK protects the unicast data traffic.

Message 2: The supplicant will send its SNonce to the authenticator. The authenticator now has all the information needed to generate a matching PTK using the pseudo-random function.

Message 3: The authenticator generates the GTK from the GMK and transfers the GTK to the supplicant. The GTK is encrypted using the PTK and a secure exchange takes place. The GTK protects the broadcast and multicast traffic.

Message 4: An acknowledgement that the client has successfully installed the PTK and GTK.

The client is now authenticated and possesses the dynamic encryption keys and can securely send and receive traffic through the access point.

Conclusion

In a SOHO network the passphrase is not only used for keeping unwanted devices from joining the network, but also the seeding material to create the transient and temporal encryption keys. If an attacker obtains the passphrase they could not only join the wireless network, but they could crack the PTK encryption key. If an attacker captures a 4-way handshake exchange between a client and the access point, and with possession of the passphrase the attacker has all the variables needed to duplicate the PTK. With the PTK the attacker can decrypt any unicast encrypted data frames between the individual client and the AP. Passphrase secrecy and having a passphrase that is not susceptible to dictionary cracking methods is vital for the security of any network using WPA/WPA2 Personal.

Extra Security Note: Having one person control the passphrase is probably a harder thing to do in a home network, but in a small office environment ideally one person should know the passphrase and enter it on the devices needing to connect to the wireless network. The less people who know the passphrase the more secure the network will be!

Is Your WPA2 Protected Wireless Network Really Secure

You’ve set up a wireless network in your home or small office and configured it with the highest level of encryption using a WPA2 passphrase. But is that WPA2 passphrase strong enough to protect the wireless network? A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites.

You’re probably saying to yourself if WPA2 encryption could be broken on my wireless network is there anything I can do to improve security for the network? Yes, with a couple of safe guards WPA2 can provide the required security, and I will describe how to apply these safe guards by always changing the factory default network SSID, and how the WPA2 passphrase should be a completely random string of characters.

All small office home office routers ship from the factory with a default SSID assigned to the wireless network name. It might be Dlink, Linksys, or something else the vendor selected. You should always change this SSID to something of your choosing, but avoid a network SSID that might identify who owns the network, or something found in the top 1000 SSID names. Along with the WPA2 passphrase, the SSID is used to create the key to encrypt the wireless communications. Even though the SSID name can easily be found, if you’re using the factory default SSID or a common SSID name you make the job of the hacker that much easier.

With the SSID changed let’s move on to WPA2 passphrase. The WPA2 passphrase should be a completely random string of letters and numbers. Don’t use common dictionary words, names, a famous quote, the name of your favorite sports team, etc… At a minimum the WPA2 passphrase should be 25 characters, and you can bang on the keyboard until you get something with 25 characters or use a password generator web site. I like to use the password generator on the WhatsMyip.org website. If you use this site scroll down to the bottom of the page and look for the WPA Password Generator section, and use the “Better” option to generate a random 32 character passphrase.

WPA Password Generator

WPA Password Generator

After getting WPA2 passphrase entered into the wireless management interface on the router you should copy it into a Notepad file and save that to a USB storage drive. You can plug the USB drive into the other wireless devices and open the file to copy and paste the WPA2 passphrase into those devices to quickly add them to the network. Some devices may not have USB ports, and may require you to manually type in the passphrase, but this will be a onetime entry since the devices will save the passphrase.

The two suggestions above will increase the security of your wireless network and make it harder for a potential hacker to break. Making your wireless network a difficult target will more than likely cause a hacker to move on to an easier one.

Additional Reading:

To learn more about passphrases check out the Wikipedia page.

If you’re looking for more security tips when setting up a home wireless network check out my earlier blog post.