Shared Key Authentication - WLAN FoundationsBy CWNP On 09/07/2012 - 25 Comments
Shared Key authentication was thought to be more secure than Open System authentication at the time of their joint specification in the IEEE 802.11-1997 standard. This was due to the fact that Shared Key authentication verified the requestor using a real authentication method whereas Open System authentication simply authenticated the requestor regardless of identity. However, Open System authentication leaves the door open for the use of advanced and evolving security technologies that run across the association created using null authentication.
Shared Key authentication relies on a specific set of security technologies, namely WEP and RC4, which have proven to be insecure in their IEEE 802.11 implementation. As stated by the standard, Shared Key authentication “is only available if the WEP option is implemented.”
Shared Key authentication uses a secret key that is shared by the requestor (the STA desiring to be authenticated) and the responder (the STA performing the authentication). The method of communicating this secret key into the two STAs in the first place is not specified by the IEEE 802.11 standard, but it is most usually implemented by manually typing the key into the client’s network card configuration software interface. The standard specifies that this secret key shall not be transmitted across the wireless LAN and assumes that a secure channel was used for installation of the secret key on the requestors as well as the responders.
In the traditional Shared Key system, the requestor is a wireless LAN client STA and the responder is a wireless LAN AP. The responder may also be another wireless LAN client STA or any other IEEE 802.11–compliant device. Figure 1 shows the frame exchange sequence in a Shared Key authentication implementation. As you can see, unlike Open System authentication, the Shared Key authentication process involves more than just requesting authentication and then blindly approving it. There are four frames involved in the Shared Key authentication system. The first frame is the initial authentication request frame. Assuming the responder is configured for Shared Key authentication, the responder will respond to the request frame with challenge text that will be used to authenticate the client’s possession of the secret key. The requesting client will then encrypt the challenge text with the secret key and send the challenge text back to the responder in the encrypted state. The responder decrypts the challenge text using the secret key. If the result matches the challenge text, then the requestor has been authenticated and a successful authentication response frame is sent to the client.
Figure 1: Shared Key authentication process
Tagged with: security, cwsp, tom carpenter, shared key authentication
While this authentication process (Shared Key) appears to be much more secure than Open System authentication (and indeed it was for a short time), its dependence on WEP for the encryption of the authentication challenge response and the ongoing communications was its greatest weakness. As you will see, WEP was an insecure implementation of encryption that was quickly cracked and can be cracked today in less than five minutes on most older hardware. Newer equipment often implements algorithms that attempt to avoid using weak initialization vectors, but the WEP encryption is still too vulnerable to recommend for any environment. Even in a home setting, if you have hardware purchased in the past 6-8 years, you should be able to run WPA-Personal at a minimum.
Frames Are Food, Tom