In this blog post, I will briefly cover IEEE 802.11 frame analysis for modern Wi-Fi security modes. We will cover the components and how modern security protocols like WPA3 and Enhanced Open are advertised to clients. The intention is to provide updated information where previous blogs only covered legacy protocols. The intended audience is folks who are focused on analyzing and troubleshooting Wi-Fi operation and frame exchange.
Fields for security modes are conveyed to clients through the Robust Security Network (RSN) Information Element (IE). Often referred to as the Robust Security Network Element (RSNE). The RSNE is commonly found in certain 802.11 management frames such as Beacons, Probe Responses, and (Re-)Association.
An Information Element (IE) is an item found in IEEE 802.11 frames sent between Access Points (APs) and clients. Information Elements are variable in length because the field carried varies depending on purpose and content. Security fields are just one of the many different fields carried by Information Elements.
Legacy protocols
With the inception of Wi-Fi and the 802.11 standard, security was optionally provided by Wired Equivalent Privacy (WEP). WEP was intended to be “at least as secure as a wire” but was quickly reverse-engineered and the claim was proven wrong. This was one of the reasons for the formation of the Wi-Fi Alliance.
The Wi-Fi Alliance then introduced a stopgap called Wi-Fi Protected Access (WPA) to replace WEP. There were similarities with WEP, but improvements in how security keys were handled. WPA used a Temporal Key Integrity Protocol (TKIP) to dynamic change the key used. WPA supported two types. 802.1X (Enterprise) and PSK (Personal). Security fields for WPA are advertised in the WPA vendor specific Information Element which won’t be covered in this post.
IEEE 802.11i-2004
The 802.11 standard was then amended by 802.11i in 2004 which introduced the concept of a Robust Security Network identified through the RSNE using a cipher suite other than WEP. 802.11i also introduced fields for Wi-Fi Protected Access 2 (WPA2) which superseded TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
Note that sometimes encryption protocols and ciphers are used interchangably. This can lead to confusion. For clarity, TKIP, CCMP, and GCMP are all encryption protocols (note they all end with ‘P’). RC4 and AES are ciphers, TKIP/RC4, CCMP/AES, and GCMP/AES-GCM. Just to be clear, TKIP/RC4 should no longer be used.
Transitional networks
Assume you currently have a WPA2-Personal (PSK) SSID and you want to move to WPA3-Personanl (SAE). This is an example of when you may consider transition mode configuration. Because of a transition from WPA2 to WPA3. This is sometimes referred to as “mixed mode”.
In production networks, transition mode should help in most cases but could present challenges. Certain clients may not like seeing parameters for both WPA2-Personal and WPA3-Personal being advertised. This is similar to the transition many years prior between WPA/TKIP and WPA2/CCMP. Deploying an SSID in transition mode can act as a means for transition, but some legacy clients may exhibit poor behaviors when both security modes are advertised. If you experience such, use separate SSIDs for the security modes.
Another consideration to avoid transition mode networks is that they may be vulnerable to downgrade and replay attacks. At some point, you should move away from transition mode as legacy clients are phased out.
Group ciphers
The Group Cipher identifies the type of encryption used for multicast and broadcast traffic (group traffic). In Wi-Fi, the Broadcast Integrity Protocol (BIP) is the mechanism used to provide integrity and protection of group traffic. The two versions relevant are
Pairwise ciphers
The Pairwise Cipher identifies the type of encryption used for unicast traffic. Each client negotiates a unique encryption key.
Cipher suites
Each cipher has a unique identification representing a specific encryption type. These can be found in defined in the RSNE.
|
OUI |
Suite type |
Meaning |
|
00-0F-AC |
1 |
WEP-40 |
|
00-0F-AC |
2 |
TKIP |
|
00-0F-AC |
4 |
CCMP-128 |
|
00-0F-AC |
5 |
WEP-104 |
|
00-0F-AC |
6 |
BIP-CMAC-128 |
|
00-0F-AC |
9 |
GCMP-256 |
|
00-0F-AC |
12 |
BIP-GMAC-256 |
I’ve left out cipher suites not commonly used and included a few that we will see more use of with Wi-Fi 7 such as GCMP-256 and BIP-GMAC-256.
AKM
Each Authentication Key Management (AKM) has a unique identification representing a specific authentication type. Such as if 802.1X or a passphrase mechanism is used.
AKM suites
|
OUI |
Suite type |
Meaning |
|
00-0F-AC |
1 |
802.1X with SHA-1 |
|
00-0F-AC |
2 |
PSK |
|
00-0F-AC |
3 |
FT 802.1X with SHA-256 |
|
00-0F-AC |
4 |
FT PSK with SHA-256 |
|
00-0F-AC |
5 |
802.1X with SHA-256 |
|
00-0F-AC |
8 |
SAE |
|
00-0F-AC |
9 |
FT SAE |
|
00-0F-AC |
18 |
OWE |
|
00-0F-AC |
24 |
SAE with group-dependent hash |
|
00-0F-AC |
25 |
FT SAE with group-dependent hash |
FT means Fast Transition. These are the AKMs for 802.11r.
As before with the cipher suites, I’ve left out a few AKMs not commonly used and included a few that we will see more use of with Wi-Fi 7 such as SAE with group-dependent hash.
The following sections will include images for frame analysis of non-FT AKMs.
Enhanced Open - OWE
Enhanced Open Transition Mode - Open/OWE
BSS 1.
BSS 2.
WPA2 Personal - PSK
WPA3 Personal - SAE
WPA3 Personal Transition Mode - SAE/PSK
WPA2 Enterprise - DOT1X
WPA3 Enterprise - DOT1X
WPA3 Enterprise Transition Mode - DOT1X
WPA3-Enterprise GCM-256 - DOT1X
WPA3 Enterprise CNSA (192-bit) - DOT1X
About the author
