1
00:00:00,300 --> 00:00:04,320
So to it's also called robust security.

2
00:00:05,160 --> 00:00:12,630
It is a secure network, which is a type of association used by power stations to establish authentication

3
00:00:12,630 --> 00:00:18,150
or association between them, and it includes the four way handshake.

4
00:00:19,750 --> 00:00:24,760
Now, if you're not familiar with it, we'll briefly discuss the four way handshake, because it's the

5
00:00:24,760 --> 00:00:33,790
process of exchanging four messages between an access point and the client, and that'll generate some

6
00:00:33,790 --> 00:00:40,210
encryption keys, which can be used to encrypt the actual data sent over wireless signals.

7
00:00:41,720 --> 00:00:50,720
The initial authentication process is carried out either by using a pre shared key piece or an extensible

8
00:00:50,720 --> 00:00:53,930
authentication protocol or Hapoel.

9
00:00:54,820 --> 00:01:00,610
That provides an authentication mechanism to devices wishing to attach to a man or a woman.

10
00:01:02,390 --> 00:01:11,630
So after the authentication, a shared secret key is generated called the Pairwise Master Key PMK.

11
00:01:13,470 --> 00:01:22,020
So once the client as the PMK, it and the AP negotiate a new temporary key called the Pairwise Transient

12
00:01:22,020 --> 00:01:23,940
Key, or PAETEC.

13
00:01:25,250 --> 00:01:31,870
So these temporary keys are created dynamically every time the client connects and is changed periodically,

14
00:01:32,590 --> 00:01:39,770
there were a function of the PMK, which is a random number generated by the AP called an instance,

15
00:01:40,430 --> 00:01:47,750
another random number generated by the client that's called an s nonce and the Mac addresses of the

16
00:01:47,750 --> 00:01:49,190
client and the app.

17
00:01:50,230 --> 00:01:57,040
So the reason the keys are created from so many variables basically ensures that they are unique and

18
00:01:57,220 --> 00:01:58,180
non-reporting.

19
00:02:00,510 --> 00:02:07,350
So the four way handshake access point and client are designed to independently prove their acquaintance

20
00:02:07,350 --> 00:02:12,270
with the pesky PMK without disclosing the key.

21
00:02:14,220 --> 00:02:20,940
So instead of disclosing the key, the access point, the AP and the client encrypt messages that can

22
00:02:20,940 --> 00:02:29,160
only be decrypted using PMK and if the messages are decrypted, they will learn about the PMK.

23
00:02:31,860 --> 00:02:37,710
So for way, handshaking is critical for the protection of PMK, for malicious access points.

24
00:02:38,820 --> 00:02:42,380
So the client never has to tell the PMK to the access point.

25
00:02:44,890 --> 00:02:45,910
Within the handshake.

26
00:02:46,860 --> 00:02:54,690
GTK, or the group Temporal Key, is also used to decrypt multicast and broadcast traffic.

27
00:02:56,120 --> 00:03:02,720
So GTK is the key that is shared between all client devices associated with one access point.

28
00:03:03,820 --> 00:03:09,670
So, yeah, for every access point, there will be a different GTK, which will be shared between its

29
00:03:09,670 --> 00:03:10,900
associated devices.

30
00:03:13,060 --> 00:03:22,030
And then finally, the M.S. session is the first key that is generated either from Hapoel or derived

31
00:03:22,030 --> 00:03:24,370
from PDK authentication.

32
00:03:26,020 --> 00:03:32,830
Wow, I know it's a lot, but once we understand the important keys and how they're generated, while

33
00:03:32,830 --> 00:03:36,430
we can then have a look at the actual four way handshake.

34
00:03:37,330 --> 00:03:42,460
With much deeper understanding, all right, so let's work on a visually.

35
00:03:43,850 --> 00:03:51,950
Let's imagine an access point is configured with a tube and the device is trying to connect to it.

36
00:03:53,090 --> 00:03:56,240
So when the user clicks on the access points aside.

37
00:03:57,760 --> 00:04:03,430
So the access point sends an EPA message with an enhanced random number.

38
00:04:04,630 --> 00:04:07,030
To the device to generate the BTK.

39
00:04:08,160 --> 00:04:12,860
The client device knows the Apple Mac address because it's connected to it.

40
00:04:13,950 --> 00:04:18,720
It has PMK assonance and its own Mac address.

41
00:04:20,090 --> 00:04:28,170
So once it receives Arnotts from the access point, it has all the inputs it needs to create the PAETEC.

42
00:04:30,530 --> 00:04:38,450
So once the device is created, it's PAETEC, it sends out essence, which is needed by the access point

43
00:04:38,960 --> 00:04:47,810
to generate the PDK as well as MISI, which is message integrity check to make sure that the access

44
00:04:47,810 --> 00:04:52,190
point can verify whether the message is corrupted or modified.

45
00:04:53,930 --> 00:05:01,370
All right, so once assonance is received by the AP, it, too, can generate PDK for unicast traffic

46
00:05:01,370 --> 00:05:01,970
encryption.

47
00:05:03,520 --> 00:05:08,200
So then the AP verifies message two by checking Amishi.

48
00:05:09,330 --> 00:05:14,970
And Eveillard It constructs and sends the GTK with another MEAC.

49
00:05:16,280 --> 00:05:25,330
The EPA verifies message three by checking that Mesi and if it's valid, yesterday sends a confirmation

50
00:05:25,330 --> 00:05:26,290
to the AP.

51
00:05:27,840 --> 00:05:31,590
All right, so once the four way handshake is completed successfully.

52
00:05:32,750 --> 00:05:39,290
Now, all unicast traffic will be encrypted with PAETEC and all multicast traffic will be encrypted

53
00:05:39,290 --> 00:05:44,330
via GTK, which was created in the four way handshake process.