Wireless security: Port-based security, EAP, AKM

Tutorial on cyber security for wireless networks: Authentication and key management (AKM) is the term used to describe the process of IEEE 802.1X/EAP authentication and subsequent encryption key generation and is a major component of extensible authentication protocols (EAP) and IEEE 802.1X. Each time a client associates or re-associates, the entire AKM process must occur, which results in an extremely secure and robust wireless network. Learn the 4-way authentication handshake.


Industrial Wireless Tutorials – a new Control Engineering blogDo you know the 4-way handshake that helps wireless networks increase security? IEEE 802.1X is a wired protocol that has been adapted for use in wireless networks. It is not, however, a wireless security protocol. In port-based security, a client device seeking to access network resources engages the access point (AP) in negotiations through an uncontrolled port; upon successfully authenticating, the client is then connected to the controlled port and the wireless network. The controlled port remains blocked if the client fails to properly authenticate. The entire process is known as an extensible authentication protocols (EAP), of which there are several in use.

Authentication and key management (AKM) is the term used to describe the process of 802.1X/EAP authentication and subsequent encryption key generation. Authentication and key generation are mutually dependent upon one another. There are three entities to a wireless authentication transaction: the supplicant (client), the authenticator (access point), and the AS-the authentication server. It is also known as remote access dial-in user service (RADIUS) and is typically a dedicated server containing a database of security credentials. A RADIUS server is typically used in larger, enterprise networks with a large number of users. A small office/home office (SOHO) type of network typically cannot justify the expense of installing or maintaining a RADIUS server and relies on passphrase or pre-shared key (PSK) authentication. In the former setup, the RADIUS server generates encryption key material, while the latter "maps" the password to the keying material. These terms and concepts are the basis for a discussion of wireless authentication. 

Discovery, authentication

The first step in the process is the discovery phase. A client device detects a beacon from a nearby AP and reads the AP's security capabilities from the beacon's robust security network (RSN) field. An open system authentication is performed as previously described. The controlled port stays closed at this stage. Refer to Figure 1.

Figure 1: A client device detects a beacon from a nearby wireless access point (AP) and reads the AP's security capabilities from the beacon's robust security network (RSN) field. An open system authentication is performed as previously described. The con

The next step is the AKM authentication and master key generation phase:

  • The client (supplicant; S) and the AP (authenticator; A) begin the authentication process by identifying each other as valid entities. The authenticator or the supplicant can begin the process; in this case, the supplicant will transmit an EAPOL (EAP over LAN) to the authenticator.
  • The authenticator responds with an EAP-Request/Identity message. The supplicant responds with an EAPOL-Response/Identity to the authenticator (or the AS through the authenticator).
  • The next step is a negotiation between the supplicant, authenticator, and AS, if used, to determine the EAP method to be used for authentication.
  • The A/AS then sends an EAP Request to the supplicant, which returns its credentials via the appropriate EAP response.
  • The A/AS sends an EAP Success or EAP Failure message back to the supplicant and opens the controlled port.

This process is illustrated in Figure 2. Bear in mind that an AS might not be used on all systems; AS resources are expensive to implement and maintain, and usually only exist in enterprise scale networks, as previously noted. In small networks, the authenticator and the authentication server are the same device.

Figure 2: The next step is the authentication and key management (AKM) authentication and master key generation phase. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

After the authentication process is complete, the master session key (also called the AAA key) is generated and installed on both the supplicant and the authenticator/authentication server. The MSK is generated either through a password or through 802.1X/EAP authentication. From the MSK, the pairwise master key (PMK) is generated and installed on the supplicant and the A/AS. The PMK exists for this pair of devices only. Generation of these keys is not possible unless a successful authentication has occurred. From the master keys, a set of temporal keys are generated by which subsequent data transmissions will be encrypted. 

Single-use encryption keys

Temporal keys are encryption keys that are generated for use on a given transaction and then are discarded. The keys are generated per transaction, per user, using a process known as the 4-way handshake. There are two types of temporal keys: pairwise transient keys and group temporal keys. It should be noted that master keys are so named because the encryption keys are derived from them; master keys are not used to encrypt data. The illustration below shows the RSN key hierarchy.

Figure 3: This is an example of the robust security network (RSN) key hierarchy. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

As shown in Figure 3, several types of keys are derived from the MSK. At the top of the hierarchy is the MSK, also referred to as the AAA key. The MSK is derived either from the 802,1X /EAP process or from password/phrase authentication. In actuality, a password, or passphrase, is mapped to a PSK. The 64-octet MSK is provided to the supplicant and to the authenticator following derivation during the authentication process. The MSK is then used as seeding material for the creation of the pairwise master key (PMK), which is exported to the supplicant and authenticator. It should be understood that the PMK is unique to each supplicant and is regenerated each time a supplicant authenticates. If an AS is used, it will generate the PMK and send it to the authenticator. To reiterate, master keys are not used to encrypt data; master keys are used to derive temporal keys during the 4-way handshake described below, which are used to encrypt data.

Temporal keys are generated per transaction, per user, and are unique for every supplicant/authenticator pair. When the transaction completes, the keys are discarded. The pairwise transient key (PTK) is the primary means of encrypting unicast transmissions; unicast traffic is between two distinct entities. The group temporal key (GTK) may or may not be generated depending upon the type of traffic. A GTK is used to encrypt broadcast or multicast traffic, and is shared between all supplicants involved in the transmission and one authenticator. 

Pairwise transient key

Note the three additional keys at the lower left of the diagram. These three keys make up the PTK. Briefly:

  • Key confirmation key (KCK): Used to provide data integrity during the 4-way handshake
  • Key encryption key (KEK): Used by the EAPOL frames for data privacy during the 4-way and Group Key handshakes.
  • Temporal key (TK): Used to encrypt and decrypt the data frames exchanged between the supplicant and authenticator.

The Group Key handshake is a two-frame exchange used to distribute a GTK to supplicants already in possession of a PTK and the original GTK; this process is used upon reauthentication of a client station following disassociation or deauthentication.

The final stage in the AKM process is the 4-way handshake. This is a 4-message exchange between the supplicant and the authenticator resulting in the generation of the temporal keys used for data encryption. Essentially, it is an exchange and validation of keys between the entities, ensuring that all parties are using the same keys. The preceding authentication process provides the seed material for these keys in the form of the master keys. The 4-way handshake is shown in Figure 4:

Figure 4: Shown is an example of the 4-way handshake and the different protocols and processes involved. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

  • Message 1: The authenticator and supplicant each generate a random nonce, the Anonce and Snonce, respectively. The authenticator sends the Anonce to the supplicant, which then derives a PTK from the Anonce, the PMK, the Snonce, and MAC addresses. The generation of the PTK follows the formula:
    • PTK - PRF (PMK+Anonce+Snonce+AA+SA)
  • Where PRF is a pseudo-random function, AA and SA are the authenticator and supplicant MAC addresses, respectively. A nonce is a one-time, randomly generated numerical value.
  • Message 2: The supplicant sends the Snonce to the authenticator, along with any RSN parameters and a MIC. The authenticator derives a PTK using the same method as the supplicant and validates the MIC.
  • Message 3: The authenticator, if required, sends the supplicant a message to install the temporal keys, including the GTK. The GTK is encrypted by the PTK inside a unicast frame.
  • Message 4: The supplicant sends a final message to the authenticator confirming the temporal keys have been installed.

Daniel E. Capano, owner and president, Diversified Technical Services Inc. of Stamford, Conn., is a certified wireless network administrator (CWNA) and writes posts for the Control Engineering blog, Industrial Wireless Tutorials.At this stage, the virtual controlled port is opened and secure data communication can begin. Each time a client associates or re-associates, the entire AKM process must occur. This results in an extremely secure and robust network.

- Daniel E. Capano, owner and president, Diversified Technical Services Inc. of Stamford, Conn., is a certified wireless network administrator (CWNA), dcapano@sbcglobal.net. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, cvavra@cfemedia.com.

ONLINE extras

www.controleng.com/blogs has other wireless tutorials from Capano on the following topics:

Wireless security: IEEE 802.11 and CCMP/AES

Wireless security legacy, background

Wireless security basics

www.controleng.com/webcasts has wireless webcasts, some for PDH credit.

Control Engineering has a wireless page.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me