Protected Unicast Disasscociation/Deauthentication Decryption and verification in WPA3/WPA2-PMF/OWE

In the earlier posts we have learnt about the Protected Management Frames, and we have also learnt that why is it important to protect the management frames. Please refer the below link to know more about the PMF.

Protected Management Frames

In this post we will discuss how the Unicast Deauthentication/Disassociation request frame will get verified on the client/AP.

Problem Description

1. Here the STA and AP has the valid connection.

2. An attacker sends the Deauthentication/Disassociation notificaiton to the client with the spoofed MAC Addresses.

3. Here the STA assumes that the Deauthentication/DisAssociation came from the valid AP and terminates the session.

This image has an empty alt attribute; its file name is image-27.png
Figure 1 : Attacker sending DeAuthentication/Disassociation to the Client

In the above problem, if we know the MAC Address of the station then it will be easy to disconnect the station.

So, the standard introduced new feature Protected Management Frames (802.11w), so that the client/AP verifies the deauthentication frame and checks if the frame has come from the genuine client/AP. If the verification is failed then the AP/Client simply ignores the deauthentication frames.

This management protection is enabled by default in WPA3.

Here in this post we will take the example for a protected Disassociation frame and then we will check how it gets verified. The verification process will be same for Protected unicast Deauthentication Frame as well.

Verification of Protected Disassociation Frame

Observe the below diagram for the successful disassociation. We will check the wireshark traffic and then we will learn how the station/AP verifies the protected disassociation frame.

Figure 2 : Protected Disassociation Frame Verification

Observe the below Deauthentication Frame captured from wireshark and then we will verify the data.

Figure 3 : Protected Disassociation Frame

In the Deauthentication/Disassociation Frame , There will be 2 Bytes of Encrypted Data. This 2 Bytes is the Reason Code. And 8 Bytes of MIC will be sent in the Deauthenticaion or Disassociation Frame.

we have to properly get the hex data from the wireshark capture. We should have the below input to encrypt the data. Encryption or Decryption Fails if the data is wrong. And it is not an easy task to get the accurate data.

  1. Temporal Key that got generated at the time of 4-way Handshake. Because this is the Unicast key that encrypts the Unicast Disassociation Frame.
    1. Refer my old posts to know how encryption keys gets generated in WPA2 and WPA3.
      1. Keys-Generation for WPA3
      2. Keys-Generation for WPA2
  2. 802.11 Header Data For MIC Generation.
    1. We have to properly take the data , if we take wrong values then the decryption fails.
  3. Packet Number ( we have to read Packet Number from CCMP Header from wireshark capture)
  4. Plain text Data for CCMP (2 Bytes)
    1. Here 2 Bytes is going to be the hex data ( 08 00 ). This two bytes is the data that will get encrypted.
      1. 08 00 is the reason code
    2. This reason code changes based on the reason.

Plain text data is 08 00, because this is the reason code for disassociation. It has been given by the standard. We don’t see this information in the wireshark , because it gets encrypted.

Figure 4 : Reason code 8 For disassociation

The Below diagram shows the Input that we give to the CCMP Program and then the encrypted data and MIC.

Figure 5 : Encrypting the Disassociation Frame

Observe the Figure 5 and Figure 3 , the Encrypted Data matches with the sniffer capture.

In the same way the receiving Station Decrypts the data that has been sent and it knows the data that has been received and verifies the MIC for the received Data and process the request.

So, This way the protected Disassociation Frames gets verified , so that the attacker can’t disassociate the connected stations from the network, because he doesn’t know the TK. The Station/AP ignores the Fake Disassociation/Deauthentication.

Decryption process is going to be the same for WPA2-PMF/WPA3/OWE or any other EAP Authentication if we know the TK.