Hello Mirko
You’re correct in your understanding that both the STA and AP know the PMK and the GMK. However, let me clarify a few things.
In the 4-way handshake, the PMK is used to derive the PTK, and the GMK is used to derive the GTK. The PTK is then used to encrypt unicast communication between the STA and AP, while the GTK is used to encrypt multicast and broadcast traffic from the AP to all STAs.
The 4-way handshake is considered secure, even though the handshake itself is not encrypted. This is because the handshake is designed in such a way that it verifies the possession of the PMK without revealing it. Even if an attacker intercepts the handshake packets, they wouldn’t be able to obtain the PMK or decrypt the communication.
Additional security parameters are employed including the Message Integrity Check (MIC) which is used to ensure the integrity of the handshake messages, preventing tampering or forgery, and the replay counter is used to prevent replay attacks where an attacker might try to resend a previously captured packet.
So, even if someone were to capture the 4-way handshake using a tool like Wireshark, they would not be able to derive the PMK or decrypt the communication without the pre-shared key (PSK) or the output of the EAP authentication, or the MAC address of the client, or the proper MIC algorithm, and even if they were able to do all that, the replay counter would be used if an attacker attempts to resend a “valid” packet.
All of this is enough to make the 4-way handshake sufficiently secure.
I hope this has been helpful!
Laz