Wireless Authentication And WEP
| | There are two kinds of wireless authentication open-system and shared-key authentication. Find out here more about this here.
Wireless authentication is only one way street. Station has to authenticate to the access point, but the access point has no obligation to authenticate to the station. |
Open-System Authentication - access point accepts every request for authentication. Without encryption, every device that knows SSID, can access the network. With enabled WEP, on access point, WEP key becomes an access control. If station does not have the correct WEP key, the device cannot transfer data, even though authentication was successful. Open-system authentication exchange has two frames:
 | First frame (Sequence number - 1) is from the station. It is authentication request with two elements. | | Direction | Client->AP | | Algorithm Identification | 0 | | Transaction Sequence | 1 | | Authentication Algorithm Identification set to 0 – which means this is an Open-System. Authentication Transaction Sequence is set to 1 – this means it is the first frame in the sequence. | After that, access point returns its response with 3 elements: | Direction | AP->Client | | Algorithm Identification | 0 | | Transaction Sequence | 2 | | Status code | 0 | | Authentication Algorithm Identification is set to 0 – Open-System. The sequence number is 2. Status Code - result of the authentication request. |
Shared-Key Authentication - use WEP. This means that authentication itself does not guarantee you high level of the security.  | The access point needs to transfer the shared-key to stations, before authentication. The Shared-key authentication exchanges four frames: |
A client sends an authentication request to the access point. This frame is almost identical to the first frame in the Open-System. | Direction | Client->AP | | Algorithm Identification | 1 | | Transaction Sequence | 1 | | Algorithm Identification set to 1 – which means this is Shared-Key Authentication. Transaction Sequence is set to 1 – this means it is the first frame in the sequence. | Access point responds with the frame that serves as the challenge. | Direction | AP->Client | | Algorithm Identification | 1 | | Transaction Sequence | 2 | | Status Code | 0 | | Challenge text | 128 B text | | To proceed, Status Code should be 0 (successful). Access Point may deny the authentication request. If Status Code is 0, then frame includes Challenge text – 128 bytes generated using WEP key. | The third frame is stations response to challenge. | Direction | Client->AP | | Algorithm Identification | 1 | | Transaction Sequence | 3 | | Status Code | 0 | | Challenge text | 128 B | | Station uses WEP key to encrypt the Challenge text. Its response is the subsequent authentication request. Request is again hidden with WEP key as shared-key. | If access point can decrypt the authentication request, then it responds with the authentication response that grants access to the client. | Direction | AP->Client | | Algorithm Identification | 1 | | Transaction Sequence | 4 | | Status code | 0 | | If the status code is 0 (success), then the network can grant access to the station. If any problem occurs, AP returns status code 1 - unsuccessful. |
Return from Wireless Authentication to Wireless Internet Security
New! Comments
|
