Security - WPA 4-way handshake

The Wireless - Wi-Fi Protected Access (WPA) 4-way handshake is a security process used in wireless networks to validate a client device's access to a secure Wi-Fi network and to negotiate a session key for encrypting the data. This handshake is part of the WPA, WPA2, and WPA3 protocols, which are designed to provide secure wireless communication. Here's how the 4-way handshake works:

  1. Authentication: The process begins with the client device (like a smartphone or laptop) requesting access to a wireless network.
  2. ANonce (Authenticator Nonce): The access point (router) responds to the client's request by sending a unique value called the ANonce (Authenticator Nonce), which is used in the encryption key generation process.
  3. SNonce (Supplicant Nonce): The client device then sends back another unique value known as the SNonce (Supplicant Nonce), along with information that verifies the client's credentials (like a password or passphrase). This is also used in the key generation process.
  4. Confirmation: The access point finalizes the process by sending a message to the client confirming that both parties have the correct encryption keys. This step ensures that both the access point and the client have authenticated each other and agree on the encryption key, which will be used to secure all subsequent communication.

The 4-way handshake uses 802.11 EAPOL-Key Frames and is important because it provides mutual authentication (both the client and the access point authenticate each other), and it establishes a fresh, unique encryption key for each session. This makes it much harder for attackers to intercept or tamper with the data transmitted over the network.

https://networklessons.com/wireless/introduction-to-wpa-key-hierarchy https://networklessons.com/wireless/wpa-and-wpa2-4-way-handshake https://networklessons.com/wireless/eapol-extensible-authentication-protocol-over-lan