WPA and WPA2 4-Way Handshake

This topic is to discuss the following lesson:

Hello Rene,

just to verify a few things here.

First of, I heared that both sides not only know the PMK but also the GMK, that is why the GTK can derived right? Essentially the entities on both sides (STA, AP) know the PMK and the GMK, correct?

My understanding is that in the 4-way handshake nothing is encrypted and basically open. So if anyone will throw up a wireshark anywhere and sees those messages in the air, and also knows the PMK somehow. He would be able to read all the data the client sends back and forth no?

So why exactly is the 4-way handshake considered secure? Is it because of the MIC and the replay counter? Am I missunderstanding something here?

Thanks in advance!

Kind regards,
Mirko

Hello Mirko

You’re correct in your understanding that both the STA and AP know the PMK and the GMK. However, let me clarify a few things.

In the 4-way handshake, the PMK is used to derive the PTK, and the GMK is used to derive the GTK. The PTK is then used to encrypt unicast communication between the STA and AP, while the GTK is used to encrypt multicast and broadcast traffic from the AP to all STAs.

The 4-way handshake is considered secure, even though the handshake itself is not encrypted. This is because the handshake is designed in such a way that it verifies the possession of the PMK without revealing it. Even if an attacker intercepts the handshake packets, they wouldn’t be able to obtain the PMK or decrypt the communication.

Additional security parameters are employed including the Message Integrity Check (MIC) which is used to ensure the integrity of the handshake messages, preventing tampering or forgery, and the replay counter is used to prevent replay attacks where an attacker might try to resend a previously captured packet.

So, even if someone were to capture the 4-way handshake using a tool like Wireshark, they would not be able to derive the PMK or decrypt the communication without the pre-shared key (PSK) or the output of the EAP authentication, or the MAC address of the client, or the proper MIC algorithm, and even if they were able to do all that, the replay counter would be used if an attacker attempts to resend a “valid” packet.

All of this is enough to make the 4-way handshake sufficiently secure.

I hope this has been helpful!

Laz