1

I'm studying how WPA-TKIP works. As I understand, there are two parts to authentication.

  1. Using EAP messages the client authenticates itself to the access point or authorization/RADIUS server. I believe this is using EAP-TLS, is that correct?

  2. Using the four way handshake, the client and access point calculate temporal keys and authenticate each other.

Are these steps correct, and is this the correct order? Also why isn't the second step used first to establish a secure connection before authenticating to the RADIUS server?

Improve this question

1 Answer 1

Reset to default
1

It depends on if you're using "Enterprise" or "Pre-Shared Key" (PSK).

If you're using "Enterprise", then one of your options is to use EAP-TLS, but there are other options like PEAP. These are typically the only two you will see in implementation, although there are plenty of others.

With EAP-TLS, check out EAPoL, and this diagram really helps to clear things up.

With PSK, there is the four way handshake that you mentioned.

In summary, you summarized two separate ways of establishing a connection with a WPA-TKIP enabled WAP. Hope this helps.

Improve this answer
2
  • Do you mean that the 4 way handshake does not occur in enterprise mode? Commented Nov 3, 2013 at 17:09
  • In "Enterprise" you use very different steps to authenticate yourself and encrypt your communications. If you want more details, look here - cisco.com/en/US/tech/tk722/tk809/… Commented Nov 3, 2013 at 23:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.