Wi-Fi communication between a device and an access point (AP) begins with a series of steps to establish a secure connection. The process starts with the device scanning for available networks. Once a network is selected, the device sends a “Probe Request” to the AP, which responds with a “Probe Response.” The device and AP then perform a handshake to exchange encryption keys and establish a secure connection, typically using WPA2 or WPA3 security protocols.
Authentication frame ( in open access ): 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. The NIC begins the process by sending an authentication frame containing its identity to the access point. With open system authentication (the default), the radio NIC sends only one authentication frame, and the access point responds with an authentication frame as a response indicating acceptance (or rejection).
Authentication frame ( in shared key authentication ) With the optional shared key authentication, the radio NIC sends an initial authentication frame, and the access point responds with an authentication frame containing challenge text. The radio NIC must send an encrypted version of the challenge text (using its WEP key) in an authentication frame back to the access point. The access point ensures that the radio NIC has the correct WEP key (which is the basis for authentication) by seeing whether the challenge text recovered after decryption is the same that was sent previously. Based on the results of this comparison, the access point replies to the radio NIC with an authentication frame signifying the result of authentication.
Shared-key authentication is a cryptographic technique for authentication. It is a simple “challenge-response” scheme based on whether a client has knowledge of a shared secret. In this scheme, the access point generates a random 128-bit challenge and sends it to the wireless client. The client, using a cryptographic key that is shared with the access point, encrypts the chal-lenge, or nonce (as it is called in security vernacular), and returns the result to the AP. The AP decrypts the result computed by the client and allows access only when the decrypted value is the same as the random challenge
transmitted. The algorithm used in the cryptographic computation and for the generation of the 128-bit challenge text is the same RC4 stream cipher used for Wireless Equivalent Privacy (WEP).
The shared-key authentication process follows:
1. Client requests association.
2. AP sends random cleartext (128-bit challenge).
3. Client encrypts challenge and sends back to AP
4. AP verifies the challenge.
5. The access point authenticates the client and sends a positive
response and then associates the client.
After authentication, the device sends an association request to the AP, which then replies with an association response. This establishes a link between the device and the AP.
In WPA2/WPA3 networks, a four-way handshake occurs to establish encryption. The device and AP exchange keys to ensure a secure communication channel.
- Once the device is connected, it uses the Dynamic Host Configuration Protocol (DHCP) to request an IP address from the AP, finalizing the connection.
Example:
For instance, when your smartphone connects to your home Wi-Fi, it actively scans for networks. Upon selecting your network, it sends a probe request to the router. The router responds, and then the authentication and key exchange occur before your phone receives an IP address.
References –