unicast key rotation

In WPA/WPA2 Personal Wi–Fi networks, the only element responsible for security is a preshared key (PSK), which in fact is a pairwise master key (PMK).

In a process 4-Way Handshake, both the mobile client and AP generates dynamic keys without sending a preshared key in the air. Every association between AP and mobile client must have a unique dynamic keys for encryption/decryption of 802.11 payload, which means each mobile client associated to the AP will have different encryption keys.

Pairwise transiest key (PTK) is the final key, which will be responsible for encrypting/decrypting the unicast traffic.

When someone knows the PSK and captures the 4-Way Handshake, it can decrypt the 802.11 payload in Wireshark. The PTK is generated based on 5 elements: PSK, ANonce (Authenticator Nonce), SNonce (Supplicant Nonce), mobile client’s MAC address, AP’s radio MAC address.

As WPA/WPA2 Personal shares the PSK between all users and is less secure than WPA/WPA2 Enterprise, there is a little workaround, which can make WPA/WPA2 Personal more secure.

Initially a mobile client authenticated and associated to the AP, finally 4-Way Handshake process ended the successful association to the AP:

1.PNG

Every 30 seconds, the unicast key has been setup to change:

WLC(config-wlan-study)#wpa-wpa2 key-rotation unicast ?
   <30-86400>  Periodic interval in seconds when keys are to be rotated

WLC(config-wlan-study)#wpa-wpa2 key-rotation unicast 30

After 30 seconds, we see the following in the packet capture:

2.PNG

Expanding the first frame, there is an information it is a QoS data frame directly from the AP to the mobile client, which is rare. The main purpose of the AP is to be a portal translating wireless data frames into wired frames and vice versa, therefore a source or destination of the QoS data frame is to be transmitted to or from a wired network.

In this situation the AP encrypts the traffic with the previous PTK as normally.

3

Decrypting the traffic shows the following in the Wireshark:

4

This is an encrypted 4-Way Handshake with the previous PTK.

Obviously for the lab scenario, it is set for 30 seconds. In a production environment it may be configured with a longer interval, like 30 minutes, 1 or 2 hours.

It might be beneficial as someone who sniffs the network, will have to capture initial 4-Way Handshake during first association to the WLAN network or during any roam to a different AP. Otherwise that person wouldn’t be able to decrypt the traffic.

It may be used also with 802.1X/EAP. During one WLAN consultation, my customer told me this feature saved them a lot of money and reputation in the market. One of the employee was disciplinary fired and wanted to do a lot of nasty things with documents, while waiting for a termination letter. The administrator disabled the user account in Active Directory and the WLAN was set to change the keys every 30 minutes. As the process is a little different in 802.1X/EAP and PMK is derived during the RADIUS authentication, after 30 minutes the user’s access to the WLAN network was rejected due to expiration of the account.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s