Continuing to the previous post wherein we discussed some theory about WPA3 and Dragonfly; in this post, I will try to explain WPA3 using packet captures analysis. The WLAN industry is making products easy to use and configure so I guess configuring WPA3 may not be an issue as it is a simple step of selecting WPA3 OR WPA3 Transition mode (WPA3 and WPA2 mixed). A mandatory step in configuring WPA3 is to have 802.11w enabled and it’s optional in transition mode.
Beacon frame main differences between WPA2 and WPA3 PSK based SSID:
The beacon frames should help in identifying the difference between the WPA2 and WPA3 based SSID. The main difference is in RSN information. The Authentication and Key management suite for both WPA2 and WPA3 are different. For WPA3 the AKM type is 8, while for WPA2 it will be 2. Many protocol analyzer like Wireshark can decode these types and list them as PSK or SAE (WPA3).
WPA3-PSK AKM Suite:
WPA2-PSK AKM Suite:
Another main difference is that the WPA3 (SAE) requires 802.11w to be enabled. This is management frame protection. Although we cannot differentiate if the beacon is WPA3 or PSK based purely based on 802.11w as Management Frame Protection (802.11w) can be enabled independently along with WPA2 as well. However, without playing around with 802.11w, the WPA2 PSK beacon frame’s RSN information should show that Management Frame Protection is disabled.
WPA3 RSN Capabilities:
WPA2 RSN Capabilities (Without explicitly enabling 802.11w):
Authentication Walk-through for WPA3 Successful Auth using Wireshark Packet Captures:
- Probe Request: This is sent by the Client to the AP. This happens as soon as we try to connect to the SSID. Probe requests will only be sent if the client supports WPA3; else the security of the SSID will be shown as “unknown”. Usually, this packet will be broadcast unless it is a directed probe:
- Probe Response: This is sent by the AP to the Client. This in response to the Probe request sent earlier. This will be specifically sent to the client.
- Authentication Commit (Client to AP): The client sends an Authentication commit frame to the AP. It includes the value of Scalar which is used to plot a point in the elliptical curve and is represented as a Finite Field element. These (Scalar and Finite Field Element) are then later used to create a PMK. The authentication sequence for this frame is 1. AP and client both need each other’s Scalar and Finite Field values to generate PMK.
- Authentication Commit (AP to Client): The AP sends Authentication Commit frame to Client similarly like in point 3. The AP also populates its Scalar and Finite Field value and sends the same to the Client. Every other field remains the same. The authentication commit is represented with Authentication sequence number 1.
- Authentication Confirm (Client to AP): The client sends a confirm message to the AP after calculating the Scalar and other elements. It generates a confirmation value and sends it across to the AP. It expects a confirmation message from the AP if it has not received one and updates the “Send-Confirm” field to 1. A Confirm Authentication frame for WPA3 has an authentication sequence value of 2.
- Authentication Confirm (AP to Client): The AP sends a confirm Authentication frame to the client similar to point 5. Here the “Send-Confirm” field is set to 0 as the AP has already received the Auth confirm frame from the client.
- Association Request: The client sends an Association Request to the AP only when the above two confirmation messages are correct. If there are any issues, then all the steps mentioned from points 1-6 are repeated.
- Association Response: The AP acknowledges this request and assigns an Association ID to this client. It sends an Association Response to the Client.
- EAPOL 4-Way Handshake: 4-Way handshake takes place between AP and the client using the PMK generated (from steps 1-6). PTK and GTK keys are generated to encrypt Unicast and Multicast/Broadcast traffic respectively.
WPA3 Unsuccessful Auth:
Points from 1-5 in the above Successful Authentication remains the same with Unsuccessful Auth as well. However, when the AP realizes that the Authentication Confirm frame is not correct, it sends a failure message back to the client to re-initiate the complete process.
There are multiple reasons for the unsuccessful failure of which one of the very simple ones being an incorrect password.
WPA3 Transition mode:
In this mode the AP broadcasts single SSID that is capable of supporting WPA2 and WPA3. The SSID beacon contains AKM Suite for both the standards:
The RSN capabilities shows that the 802.11w becomes optional from mandatory. Here the Management Frame Protection required changes to “False OR 0” and the Management Frame Protection Capable changes to “True OR 1”:
WPA3 client behaviour in Transition Mode:
- Probe Request: As usual, as soon as we hit connect in a device that is capable of doing WPA3, a Probe Request is broadcasted.
- Probe Response: The probe response is sent by the AP wherein both the type of authentication methods WPA2 and WPA3 are sent as AKM Suites. Here as seen from the snippet below the Management Frame Protection Required is “False OR 0”.
- Authentication Commit and Confirm: Since this a WPA3 capable client, the Authentication Confirm and Commit happens as described before.
- Association Request: In the Association Request frame we would see the client requesting WPA3 and 802.11w connection.
- Rest of the transactions are as described before for a WPA3 successful authentication.
WPA2 Client behavior in Transition mode:
Here a WPA2 client tries to authenticate to the WPA3-Transition SSID.
- Probe Request: Like mentioned above a similar Probe Request is sent by the client.
- Probe Response: Probe response like above again consists of both the AKM suites.
- Authentication Frame from Client: A normal Open System Authentication Frame is sent by the WPA2 client to the AP.
- Authentication Frame from the AP: The above is responded with an Open System Authentication Frame to the WPA2 client.
- Association Request: In the Association Request the Client specifies that it will be using PSK.
- After the above process a normal WPA2-PSK authentication takes place followed by the 4-way handshake to generated PTK and GTK for Unicast and Multicast Keys.
Arista AP Debug for WPA3:
This part will help to debug WPA3 at the Arista AP level. WPA3 transactions are viewed in hostapd file of the AP debug logs. Below are the logs for commit and confirm phase of WPA3 authentication: