Skip to main content

Shared Key Authentication

Shared key authentication verifies that an authentication-initiating station has knowledge of a shared secret. This is similar to preshared key authentication for Internet Protocol security (IPSec). The 802.11 standard assumes that the shared secret is delivered to the participating wireless clients by means of a secure channel that is independent of IEEE 802.11, but in practice, the secret is manually typed at the wireless AP and the wireless client. Shared key authentication operates as follows:

  1. The authentication-initiating wireless client sends a frame consisting of an identity assertion and a request for authentication.
  1. The authenticating wireless node responds to the authentication-initiating wireless node with a challenge text.
  1. The authentication-initiating wireless node replies to the authenticating wireless node with the challenge text encrypted using WEP and an encryption key that is derived from the shared key authentication secret.
  1. The authentication result is positive if the authenticating wireless node determines that the decrypted challenge text matches the challenge text originally sent in the second frame. The authenticating wireless node then sends the authentication result. Because the shared key authentication secret must be manually distributed this method of authentication does not scale well in a large infrastructure network. In addition, shared key authentication is not secure, because the shared key is stored in clear text, so its use is not recommended.

Next: Wired Equivalent Privacy (WEP)