Where does the 4way handshake fit in with the 802.11 Authentication Frame

Question

In an open network you have the authentication frame on just the 802.11 level:

but if the network has WEP or WPA(2/3) there will also be a four way handshake:

My question is, where does the 4 way handshake fit in on the 802.11 authentication level? After the Authentication request?

Did any answer help you? if so, you should accept the answer so that the question does not keep popping up forever, looking for an answer. Alternatively, you could post and accept your own answer. — Ron Maupin, Commented Dec 23, 2021 at 16:41

user61999user61999 · Accepted Answer · 2021-07-03 10:50:19Z

2

The 4-way handshake occurs after the client is Authenticated and Associated.

The 4-way handshake is used to generate the keys used to encrypt various types of traffic (Unicast, Multicast, Broadcast) between the AP and client.

enter image description here

answered Jul 3, 2021 at 10:50

user61999

Add a comment |

auspicious99 · Accepted Answer · 2021-07-04 14:34:17Z

Referring to the 4 states an 802.11 station can be with respect to the Robust Security Network (RSN), we see that:

moving from state 1 to state 2 happens when 802.11 Authentication completes successfully (the Open Systems Authentication you see in the diagram in the question)
moving from state 2 to state 3 happens when Association completes successfully

However, state 3 is "pending RSN Authentication". Getting to state 4 involves one of the following:

in personal mode, the station and AP share a shared secret (typically, derived from a shared passphrase), which then goes as input to the 4-way handshake. At no point in the 4-way handshake is it sent over the air, of course, but the 4-way handshake allows the various actual session keys to be derived by both sides.
in enterprise mode, the station goes through 802.1X authentication (various EAP-supported authentication methods are possible), followed by the station and AP proceeding with the 4-way handshake.

2 Answers 2