All the references I have found
https://en.wikipedia.org/wiki/IEEE_802.11i-2004
https://www.wifi-professionals.com/2019/01/4-way-handshake
https://www.hitchhikersguidetolearning.com/2017/09/17/eapol-4-way-handshake/
indicate that the first thing that happens is the sending of the Anonce( a random number) from the access point to the client. This communication carries no information and could have come from any attacker. The client then constructs message 2 with this formula: PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA)) Now the access point can create message 3 to return to the client.
Since the access point kicked off the whole process with just a random number, How does the client know that the access point is genuine and not a spoof? Somewhere I am missing where the 4 way handshake proves the access point's authenticity.
http://dlvr.it/RzP9MV
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment