Tuesday, April 19, 2016

4 Way Key Handshake Packet Capture

  • Message 1


After receiving message 1 from AP, Client generates PTK. This PTK (512 bit) is split into five pieces 5 separate session keys. 

    • Key Confirmation Key (KCK) is 128 bits long: Used in key(2/4) to calculate MIC of Key Data (RSN IE).
    • Key Encryption Key (KEK), 128 bits: Used in key(3/4) to encrypt GTK
    • Temporal Key (TK) 128 bits: Used to encrypt data packets.
    • Two shorter keys Rx and Tx used for providing Message Authentication Codes (MACs), both 64 bits long.

Using KCK, station calculates MIC of Key data (RSN IE) and send it to AP (in Message 2) for validation along with its own SNONCE.

  • Message 2

After receiving this message, AP calculates PTK and validates the MIC of key data to validate the correctness of the key with the client. If it matches then the station possesses the key. 

  • Message 3
Now its the turn of AP to validate itself to the station. AP prepares key data (which has GTK along with other information) which is encrypted using KEK and MIC is calculated. Since, station possess the keys it can decrypt key data. 




  • Message 4
Its the confirmation for keys installation. Key data is of zero length.