The advantage for dynamic encryption is that the encryption key cannot be compromised by, for example, social engineering. With static keys, all the keys need to be replaced in your environment. With dynamic encryption, it is not possible to compromise the key with social engineering since the user is not aware of the keys. Another advantage is that, if a key is compromised, the hacker has only one key. All the users have their own unique generated key.
Dynamic encryption keys need seeding material to generate those keys. To generate those keys with EAP protocols, EAP must be able to do mutual authentication. EAP-MD5 is not qualified for dynamic encryption key generation.
The first dynamic key mechanism that we will discuss is Dynamic WEP. Before robust security networks (RSN) there was Dynamic WEP. RSN are networks with strong encryption methods (TKIP/ARC4 or CCMP/AES). Dynamic WEP is a legacy encryption and never became a standard. The EAP frame exchange, where the autonomous access point is the authenticator, must have mutual authentication. The information that is exchanged is used for the seeding material to generate a dynamic key for the supplicant and the authenticator server. The keys, as said earlier, are per user, but also per session. After a new authentication, the key will be different. A copy from the key that is generated on the authenticator server is sent over to the authenticator and with those keys it is possible to encrypt and decrypt the unicast data frames. For multicast and broadcast data frames there is a random generated or manually configured broadcast key. This key will be sent to the supplicant encrypted with the unicast key. The first EAPOL-key is the encrypted key, the second EAPOL-frame is the confirmation. The broadcast key is not unique like the unicast key is. After both keys are available on the supplicant and the authenticator, the MAC service data unit (MSDU) frames will be protected with WEP. As mentioned in a previous blog post, WEP is legacy and should not be used anymore.
What should we use then? In 802.11i, stronger encryptions and better authentication methods are defined. The 802.11-2012 defines the RSN with robust security network associations (RSNAs). The security association is a set of policies and keys that are used to protect information. RSNA is when two stations use the 4-way handshake to authenticate and associate with dynamic encryption keys. For encryption, CCMP/AES is mandated and TKIP/ARC4 can be used optionally. In a basic service set (BSS) is one access point with multiple clients. Those clients want to associate with the access point. The services set identifier (SSID) is the logical name of the network, and the BSSID is most of the time the mac address of the access point within the BSS. When there are multiple SSIDs there are also multiple BSSIDs. Each SSID has their own BSSID, the BSSID are virtual mac addresses derived from the base mac address from the access point. The clients that associate in the BSS will have a unique encryption key for unicast and multicast/broadcast. The unicast key is called the pairwise transient key (PTK) and the broadcast key is called the group temporal key (GTK). Those keys are discussed during the 4-way handshake. Also in an independent BSS is a 4-way handshake process for generating the unicast (PTK) and the broadcast keys (GTK). Each station has a unique PTK and also generates a random GTK.
In an RSN network, the PTK can be CCMP/AES or TKIP/ARC4, while the GTK will be TKIP/ARC4. Since TKIP/ARC4 clients are still existing, the lowest method will be used for the GTK. It is also possible to have Dynamic WEP in a network. This network is not an RSN but a pre-RSN or another word is transition security network (TSN). In a TSN network it is possible to have RSN security (CCMP/AES and TKIP/ARC4) as legacy security (WEP) in the same BSS. In this scenario, the GTK will be the lowest, so static WEP.
The RSN capabilities can be found in the field robust security network information element (RSNIE). This is an optional field in the management frames with the encryption capabilities. It can be found in beacon frames, probe response frames, association request frames, and reassociation request frames. If 802.11r is enabled on the access point and client, the RSNIE is also in the reassociation response frames. The access point tells the client what their security capabilities are, like CCMP/AES and 802.1X/EAP, and the client tells the access point what their security capabilities are.
Pairwise Cipher OUI and the Group Cipher OUI/Type use the same numbers:
00-0F-AC-01 WEP-40
00-0F-AC-02 TKIP
00-0F-AC-04 CCMP
00-0F-AC-05 WEP-104
In the RSNIE you can also see what kind of authentication method is supported. Under the authentication key management (AKM) suite field you can see the following numbers:
00-0F-AC-01 802.1X
00-0F-AC-02 PSK
00-0F-AC-03 FT over 802.1X
I will talk more about AKM in another blog.
As mentioned earlier in this blog, after the handshake there is a successful association between two clients (RSNA). There are different handshakes, which will be explained in a different blog, and there are also different types of associations.
Pairwise Master Key Security Association (PMKSA)
This happens after a successful 802.1X/EAP exchange (between supplicant and authentication server) or Pre-Shared key.
Pairwise Transient Key Security Association (PTKSA)
This happens after a successful 4-way handshake between the supplicant and authenticator).
Group Temporal Key Security Association (GTKSA)
This happens after a successful created GTK during the 4-way handshake or the group key handshake.
STSL Master Key Security Association (SMKSA)
This happens after a successful SMK handshake. The SMK is provided by the access point parameters and the client station.
STSL Transient Key Security Association (STKSA)
This happens after a successful 4-way station-to-station link (STSL) handshake. This is between the initiator client and peer client.
TDLS Peer Key Security Association (TPKSA)
This happens after a successful direct link between two clients during the TDLS Peer Key Handshake. The association is between the initiator client and the peer client.
