Connectivity and Data Protection
13.
The station and RADIUS server each generate a dynamic
unicast WEP key (which will match) from key material
exchanged during the mutual authentication phase.
14.
The RADIUS server sends the unicast WEP key to the access
point in a RADIUS attribute. The attribute is encrypted using
the shared key used between the access point and RADIUS
server.
15.
The access point generates a broadcast WEP key, encrypts it
using the unicast WEP key received from the RADIUS server,
and sends it to the station.
16.
The station and the access point now both have the unicast and
broadcast WEP keys.
17.
The access point sends an EAPoL-Key message to the station
indicating that they should both activate encryption.
This book is not meant to be a comprehensive wireless security text,
but rather we intend for it to give the reader a good understanding of
how the authentication/association framework of 802.1X/EAP and
WPA should operate. This understanding will aid the analyst in
troubleshooting various authentication protocols using a wireless
protocol analyzer.
Because of the critical threat that unsecured wireless LANs pose to
information security, organizations are quickly implementing strong
wireless security mechanisms. For this reason, it is very common to
use a wireless protocol analyzer in an environment where data is
encrypted. Since WEP and TKIP are layer 2 security protocols, all
protocols for layers above the MAC layer are encrypted. Additionally,
802.1X/EAP uses unique unicast keys for each station, which are then
rotated periodically. For these reasons, most troubleshooting must be
done based only on information found at layer 2. For example,
troubleshooting a broken FTP session would not be possible above the
Data-Link because all data from the L2/LLC to the L7/FTP would be
encrypted using WEP or TKIP. The protocol analyzer will display
only “WEP Data” as shown in Figure 3.14.
FIGURE 3.14
WEP Data
