CWNP CWSP – Module 05 – Dynamic Encryption Key Generation Part 5

13. Steps of the 4 -way Handshake

Alright, I love to draw, but I did give you kind of a nice pictorial to look at to again talk about the exchange of this four way handshake. Again, we see the random numbers, the nonces write the A notes helping us derive the transient key or use the transient key to come up with the knots that we’re going to send back in both sides. Like I said, you should come up with that pairwise key.

And then again sending the message from the GTK to the GMK, excuse me? And then having the final acknowledgment. I didn’t know if drying it out because it’s a little more interactive would be better for you, but as kind of a reference, this just helps you remember how important the four way handshake is in this process test.

14. Group Key Handshake

Well, let’s take a look. I’m hoping you’re not getting tired of my beautiful artwork. Here’s my supplicant. Here’s my access point. And we know that after we’ve done the four way handshake, we had a group and pairwise transient key. But we also know that over time this access point may need to distribute a new GroupWise transient key maybe to client stations that have already gotten their pairwise transient key.

Which is really kind of the idea is that if we’ve already got the pairwise but we want to send a New one, then we do what’s called A Group Key handshake, which is A much lower two step set of messages. As you see Here, where basically the Authenticator, again, that’s the access point will derive a new GTK. Remember that’s the one that came up with it the first time and does it from the GroupWise master key and then sends that or does that as a step and then the supplicant sends an epaul keyframe to the authenticator to basically be able to say the acknowledgment that I’ve already got or that I’ve got your new GroupWise temporal key.

15. PeerKey Handshake

So the PeerToPeer or Peer key handshake is a way of having two peers associate with the same access point. What we’re going to see here is that it’s a method that they can communicate with each other securely, which means that if they can communicate with each other securely, that they don’t necessarily have to go through the access port, but they still do have to exchange keys. And so we to call that the peer key handshake management protocol. So again, another acronym for you all, I guess to remember.

Now, how is it going to go through there? There’s actually two different handshakes. So we’re going to start off with what we call, again, this SMK, this Master Key Handshake. And we call it the St SL Master or SMK, but it’s still a master key. Then with a four way handshake, we use that SMK as the seating material to create what we call the Stsl Transient Key. And again, we’re talking about what’s called Station to Station Link. If you’re not sure what Stsl is, I don’t want to write it down, but I just told you what it is. The goal here is that, again, there might be more network out here that you’re talking to. But now these two stations can actually use their radios to be able to have peer to peer communications without having to go as I said before, without having to go through the actual access point. Now, one of the things that we would tell you is even though that’s a possibility, it’s not considered a best practice to do that because again, you never know who you’re going to connect to if you’re not really paying attention, whether or not somebody might be spoofing another person. And so that’s where with the access point and through the use of 802 One X, we might actually have a better method of being able to verify the identity and still have good access from Station A to Station B, even though we have to go through the access point.

16. Demo – EAP

So what we’re going to do is take a look at some of the EP exchanges. Now I know I’ve talked a lot about this thing called a four way handshake. We also talked about an epaul start and other types of packets. But in this packet capture file we’ve already gone past the epaul start and we’re now taking a look at some of the exchanges. And I just wanted to make sure that you understand the value of being able to use something like a packet capture software program to be able to capture this information and verify what’s going on or even if you wanted to, just to be able to learn more about this entire security process. So the first four packets are really a part of 802 one x authentication. So if you look at the frame first, we can look at 155 bytes on the wire, bytes captured, what time it arrived, how long it took to be received, the radio tap header again.

Well here we see it’s an 811 b. We see the signal, the noise, just stuff that is useful as we’re trying to figure out what we can negotiate. The data flags again for IEEE. Here again showing receiver destination, transmitter address, source address, frame check sequence. Of course, we told you would be at the end of all of these frames. The fact that it’s as good as true, bad as false means that we passed. Some people call it the sanity check. The logical link part of this really is kind of showing you the subnetwork application version of DSAP organizational code, encapsulated ethernet and type is interview one x authentication. Things that probably don’t mean much, but here’s where it gets interesting.

So here we’re taking a look at the type of 821 x in this particular case, right, we know that it’s what version it’s running, we know it’s a key type of message. And when we talk about these four way handshakes and we’ll certainly get into them even deeper, but these four way handshakes are trying to exchange basically what’s called a pairwise transient key that we’re going to use. And that’s why it says here this is key descriptor type as epaul RSN key. That’s the robust security networks. So we’re trying to do as good as we can. And one of the things that we send to help add to this negotiation process is a nonce. Remember, that’s a reasonably random number that we will send in both directions. We will have an A nonce and an S nonce and we use that to help derive the key.

Here you can see though we’re just sending the nons, there’s nothing here about the keys. And by the way, you won’t see the keys. Those are going to be created on each device. They’re going to mutually figure it out. So I just went up here to frame two and I’ll come back down here and we can see that we’re going in the other direction, right? We were going from the Cisco to F five, C two, C six to the 74, 95, 92 now it’s the other direction.

And again we’re exchanging a nunce and we’re also adding the message integrity code or Michael to be able to help make sure that the message is still good. And then when we come down here to the WPA key data then you’re getting the idea here, right? We’re using looks like temporal key. The pairwise cipher suite count is one, so we haven’t made it yet, but we’re working on our way, working with AES for the type of encryption. And the other part of what we’re doing down here is showing you what type of capabilities we have and what we can support as far as the type of authentication. So we get to key three now we’re done, right? We still have the nonces. Again, you can see that we’re now replay counter is to remember we’re anti replay. As part of that we should not see one again because we already saw counter one. But now we’re seeing some data being exchanged that we’re going to use, as I said, to be able to help create these keys.

And this is a back and forth combination. So I just wanted to give you kind of an idea of how you can verify what we’ve talked about with these EP messages back and forth. And I think more importantly that I wanted you to know that you can do that with some sort of packet capturing software. The trick is that you need a card, a wireless card that can work in Promiscuous mode for whatever reason. Windows doesn’t like you to do that if you’re running Linux or same computer, same network card. Just change your operating system from Windows to Linux. It allows you to put your card into Promiscuous mode and you can run wireshark on Linux as well to create these capture files. I just don’t know why Windows is so picky about it. That is better than going out and spending a few hundred dollars on an Air PCAP card if you boot it up that way. In many versions of Linux you can just reboot the computer and boot off the DVD drive without racing your Windows experience and have a Linux operating system right there in front of you that you can do these packet captures with your own wireless card.

17. Demo – Information Elements

So when we talk about information elements, what we told you is that it shows up in the management information which is a part of what we see when we start looking at these beacons. And so what I’m doing here is showing you some captures that we have of some beacons that were being sent out by our access point. And we’re going to really focus here at the wireless LAN management frame because information elements are a part of management and it tells us a lot of things about the capabilities of what this access point will do or wants to do. And remember that we also should see some coming from the clients as well that also are able to say well I can do some of these things as well and they agree and everybody’s happy. So what I’ve done, I’ve expanded. So again I’ve just clicked on the top room, that’s how wireshark works. Clicked on the kind of the summary of the frame and then from there came down to the detail information expanded the IEEE 800 and 211 wireless land management frame because that is where we look for information elements. And so here we’re seeing these capability informations and so let me tell you about these ones and zeros. You can have more.

I guess I should look at it this way. This little spot right here is the spot that tells us that the transmitter is an access point because it has a one in this little spot. So that means true, if it didn’t have anything then that would be just be a dot. We wouldn’t even see it to just be a client. Actually it was a zero, then it’d be a station. As far as the independent BSS status, a zero here is basically saying that no we’re not independent transmitter belongs to the BSS. So I’m not going to take you through all of these but that’s what these little things are. They’re showing you the truths and falses like here, short preamble allowed, I got a true channel Agility not in use, I got a zero.

And you’re probably saying to yourself well, none of this deals with what you talked about in this module and you’re right, I’m just kind of trying to help make sure that you’re all stronger at knowing what you’re looking for. What I am looking for in the information elements is here in the tagged parameters. In fact we have tagged parameters and if I expand it out like I’ve done here, one of the first ones tells us the SSID total the tag length. But I guess the biggest thing is we know the SSID, some of what we have to do is to and this is here is just showing it to you in a different list, but it’s showing it to you here is we also have to talk about what supported database or bandwidth rates that we support. So basically if we’re saying one meg, two megs, 5. 511 megabits per second, 612, 24, 36, whatever the case is. So that means that if I had a station that is so far away from the access point that it does see the signal, but it can’t get to this 1 MB rate and it wants to be lower than that, then you can’t associate because you’ve got to meet these information elements. All right, so I’m not going to worry about country information. Now, down here, the RSN information, that’s where we want to get into what we talked about, parts of the robust security network. So here we can see a setting that talks about the group cipher suite. It’s set up to support the temporal key, the TKIP, which is great. Also we see the pairwise cipher suite set up. So we know we can get the keys for down here, AES for encryption, as well as still adding temporal key if you want to.

And that’s what is basically breaking it down. It’s letting you know that, hey, I can support TKIP if you want to add it on. But as we’ve said with CCMP, that AES is mandatory. And that’s what we’re seeing now as far as the authentication key management, something we haven’t gotten into just yet, but we will eventually. What we’re seeing here is how it manages the keys. And I don’t want to get too far into the keys right now because we have a chance to talk about those master keys and pairwise shared keys and all of these sort of things. So we’ll get into those a little bit later. Here we are. Other RSN capabilities. Here it says, transmitter supports pre authentication. Transmitter can support web default key zero simultaneously with pairwise keys.

So I guess that means that we’re happy to also run Web. Well, let’s not do that. Here’s the pairwise transient key, the group transient keys, that it’s saying that we can only have one replay counter per key. That’s important, again, for people who want to do replay attacks. Management frame protection is not turned on, and probably because this access point is not capable of doing management frame protection. So you can see again some of the settings. So all of this is what goes on when you receive that beacon. I mean, on your Windows machine, you see the name of an SSID and you highlight it. I mean, if I come over here and I highlight this, it tells me that this is doing well. Disappeared WPA two pre shared key. It gives me some of that information, but you don’t see the management information that’s going on behind the scenes with the software both on the client and with the settings on the actual access point. So that’s what I wanted to show you.

We’d see pretty much the same thing with all of these beacon frames that are being sent out. Here’s another beacon frame, again, being sent out. And like I said, it’s just designed to tell us what’s happening again. This is still the access point, so you can see that even though you’re sending data, we are still sending beacon frames in case anybody else wants to join our network. So that’s why you’re seeing interspersed amongst all the encrypted data that mention of the beacon frame. We do that periodically. So another benefit I hope that I slowly will encourage all of you to get into some of the packet capturing methodologies to verify your security settings to help troubleshoot your security settings so that you also should know what the rest of the world can see. I think that’s important as well.

18. Module 05 Review

All right. In this module, we talked a lot about session keys, starting off with the dynamic keys with Web. Talked about how we wanted to move to what we call a robust security network. That meant that we talked about methods of creating keys, dynamically keys that we would use with CCMP AES. We talked about four way handshakes, how they actually negotiate their keys. We talked about how we know what the capabilities are are in a robust security network by the exchange of information elements within the management frames. We then looked at authentication and key management. So we understood about the master keys, the pairwise GroupWise master keys, how we were able to develop the actual pairwise transient key and GroupWise transient key. So we looked at it as a hierarchy of keys. We then also talked about the group handshake. We talked about the peer key handshake. And so we had a lot of information that we were able to give you about these different types of keys.