Shared-Key Authentication
In the realm of WLANs, the shared key is one of the more secure methods of authentication; it is based on a challenge-response protocol. The shared-key authentication requires WEP mechanisms and thus depends on a WEP infrastructure.
Note
Shared-key authentication is not a true authentication mechanism per se. Looking at the messages, it is a protocol that merely establishes proof that both parties share the same secret, but it does not prove or authenticate each party's identity.
Protocol Choreography
Shared-key authentication requires a six-step process with four messages, as detailed in Figure 5-3.
Figure 5-3. Shared-Key Authentication
Step 1 is the authentication request to an AP, followed by Step 2, which is the challenge from the AP. In Step 3, the requester encrypts the challenge text as per the WEP algorithm and then responds to the AP in Step 4. If the AP can successfully decrypt the challenge text (Step 5) and all other conditions are satisfied, the authentication will be successful (Step 6).
Note
Generally speaking, the authentication happens between a requester or initiator and a responder. In the case of infrastructure mode, the requestor is normally a laptop or a PDA, and the responder is an AP.
Trust Model and Assumptions
There is an explicit trust model in the shared-key authentication that is based on WEP primitives. The trust model hinges on the key distribution (such as the ability to distribute to and keep the keys in only the intended devices) and the strength of WEP algorithms. Both of these have been under attack (this is discussed in Chapter 6, "Wireless Vulnerabilities") and are now considered fairly vulnerable.
Supporting AAA Infrastructure
Shared key-authentication requires a WEP infrastructure. No other special infrastructure is required except the out-of-band entry of the encryption keys. The APs and the STAs require the keys (such as shared secret) in their configuration tables. The keys need to be entered into the APs and STAs manually. There are no standard, automated ways to enter the keys. However, some wireless network configuration tools (provided by companies such as Wavelink) enable the distribution of configuration profiles, including keys.
Auditing and Accounting
No special auditing and accounting capabilities exist. The auditing and accounting of the open authentication method apply.
Applications, Vulnerabilities, and Countermeasures
The main difficulty is the out-of-band, manual authentication key distribution to all STAs. Because WEP uses symmetric key cryptography, establishing the key-mapping relationships between entities (either you should have a key mapping of an AP to a client for every client-AP combination, or you should have an arbitrarily grouped key mapping between entities) is not scalable.
In fact, the use of multiple keys is painful; therefore, keys tend to be common across multiple APs and clients. Thus, paired sharing of keys becomes a communal sharing of keys. This situation has two weaknesses:
When an employee leaves or a laptop is compromised, reissuance of keys to the group and to the APs can be painful. Thus, this only scales to small numbers.
This mechanism also makes itself vulnerable to implementation or deployment constraints. The configuration of the same key on all the APs (because of the configuration demands) results in the compromise of not just a target AP but of the whole edge infrastructure.
WEP, as detailed in 802.11 (R2003) and if practiced rigorously, has limited usages in small, bounded WLANs in small organizations and home networks where the number of APs and clients is deterministic and small.
Note
There is a well-documented vulnerability with shared-key authentication. The authentication process leaks information about the key stream and is generally regarded as insecure. Many configuration screens on Cisco APs have discouraged the use of shared key.
