Following diagram shows the initial handshaking between the device ( like mobile ) and wireless access-point ( AP ) in open access mode and secured ( e.g. WPA ) mode,
Authentication frame ( in open access ): 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. The NIC begins the process by sending an authentication frame containing its identity to the access point. With open system authentication (the default), the radio NIC sends only one authentication frame, and the access point responds with an authentication frame as a response indicating acceptance (or rejection).
Authentication frame ( in shared key authentication ) With the optional shared key authentication, the radio NIC sends an initial authentication frame, and the access point responds with an authentication frame containing challenge text. The radio NIC must send an encrypted version of the challenge text (using its WEP key) in an authentication frame back to the access point. The access point ensures that the radio NIC has the correct WEP key (which is the basis for authentication) by seeing whether the challenge text recovered after decryption is the same that was sent previously. Based on the results of this comparison, the access point replies to the radio NIC with an authentication frame signifying the result of authentication.
Shared-key authentication is a cryptographic technique for authentication. It is a simple “challenge-response” scheme based on whether a client has knowledge of a shared secret. In this scheme, the access point generates a random 128-bit challenge and sends it to the wireless client. The client, using a cryptographic key that is shared with the access point, encrypts the chal-lenge, or nonce (as it is called in security vernacular), and returns the result to the AP. The AP decrypts the result computed by the client and allows access only when the decrypted value is the same as the random challenge
transmitted. The algorithm used in the cryptographic computation and for the generation of the 128-bit challenge text is the same RC4 stream cipher used for Wireless Equivalent Privacy (WEP).
The shared-key authentication process follows:
1. Client requests association.
2. AP sends random cleartext (128-bit challenge).
3. Client encrypts challenge and sends back to AP
4. AP verifies the challenge.
5. The access point authenticates the client and sends a positive
response and then associates the client.
References –