How WiFi Authorization Works: A Complete Technical Breakdown

Every time you press the connect button on your smartphone or laptop, a complex data exchange takes place, taking just a fraction of a second. This isn't just a simple password exchange, but a full-fledged dialogue between your device and the router, during which both parties decide whether to trust each other. If this process were to occur in the clear, any attacker within a hundred meters could intercept your banking information or chat history.

Modern wireless network security is based on invisible mathematics. Security protocols have evolved from the primitive WEP, which could be cracked in minutes, to the highly complex WPA3 algorithms, which use quantum-resistant encryption methods. Understanding how a router authenticates a client helps not only configure the network correctly but also avoid critical errors when setting up a home or office infrastructure.

In this article, we'll take a detailed look at the mechanics of the four-way handshake, the roles of the access point and client, and explain why even the most complex password can be rendered useless if the equipment is configured incorrectly. You'll learn what happens on the air during the seconds the "Connecting" indicator is lit.

Fundamental principles of identification in wireless networks

The authorization process begins long before you even enter your password. The physical layer of wireless communication means that radio waves propagate in all directions, making them audible to any device. That's why the first step is network discovery and identification through broadcast frames known as Beacon framesThese frames contain the network name (SSID) and information about supported encryption methods.

When your device decides to connect, it sends an association request. At this stage, the router doesn't yet know who you are, but it already begins preparing resources for the session. The key here is the distinction between authentication (verifying who you are) and authorization (determining what you're allowed to do). In home networks, these processes are often merged into one, but technically they are distinct procedures.

A mechanism is used to control access Access Control, which can be based on MAC addresses or certificates. However, in most home scenarios, the PSK (Pre-Shared Key) method is used, where the secret key is known in advance to both parties. This is where the vulnerability lies: if the key is stolen, the system will not be able to distinguish the owner from the attacker.

⚠️ Warning: MAC address filtering is not a reliable security method, as MAC addresses can be easily spoofed using software. Do not rely on this method as your only line of defense.

Modern standards require the use of more stringent protocols, such as 802.1X, which utilizes a separate server (RADIUS) for authentication. This allows for flexible access rights management, temporary key issuance, and detailed connection logging, which is critical for corporate environments.

Evolution of Security Protocols: From WEP to WPA3

The history of WiFi security is an arms race between standards developers and hackers. The first widespread standard was WEP (Wired Equivalent Privacy), which used a static encryption key. This method was vulnerable to a weak implementation of the RC4 algorithm and a short initialization vector (IV), which allowed a sufficient number of packets to be intercepted and the key to be calculated.

He was replaced by WPA (Wi-Fi Protected Access), which served as a temporary solution until the full 802.11i standard was adopted. WPA implemented TKIP (Temporal Key Integrity Protocol), which dynamically changed encryption keys for each data packet. This made life significantly more difficult for hackers, but over time, vulnerabilities were discovered in this approach as well.

The gold standard for many years was WPA2, who finally abandoned TKIP in favor of AES-CCMPThe AES (Advanced Encryption Standard) algorithm is a military encryption standard and is still considered mathematically secure. However, WPA2 also had an Achilles' heel—the KRACK vulnerability, which allowed data to be intercepted during a handshake, although exploitation required physical presence near the victim.

📊 What security protocol does your home network use?
WPA2-PSK (AES)
WPA3
WPA/WPA2 Mixed
I don't know, it's on by default.
WEP (if you have a very old router)

The latest technology is the protocol WPA3It solves the main problem of previous versions—the vulnerability to dictionary attacks. Thanks to the SAE (Simultaneous Authentication of Equals) mechanism, even if an attacker intercepts the handshake, they won't be able to launch an offline brute-force attack. Each login attempt requires interactive communication with the access point.

What is the difference between WPA2-Personal and WPA2-Enterprise?

WPA2-Personal (PSK) uses a single shared password for all devices. If one device is compromised, the entire network is at risk. WPA2-Enterprise requires a username and password for each user individually, using a RADIUS server to verify credentials. This allows for individual blocking of users and password changes without changing the encryption key for the entire network.

The Four-Step Handshake: The Mechanics of the Process

The heart of the connection process is a procedure known as 4-Way Handshake (Four-way handshake). It is during these moments that temporary encryption keys are generated, which will be used to protect traffic during the current session. It's important to understand that the password itself (PSK) is never transmitted over the air.

Instead of a password, the parties use it to calculate PMK (Pairwise Master Key). Based on the PMK and random numbers (nonces) exchanged between devices, temporary keys (PTKs) are generated. This key is unique for each client-access point pair and for each session.

The process looks like this:

  • 📡 The access point sends a random number (ANonce) to the client, allowing the client to calculate the PTK.
  • 💻 The client generates its own random number (SNonce) and sends it to the access point along with a confirmation (MIC), proving that it knows the password.
  • 🔑 The access point calculates the PTK, verifies the MIC, and sends its encryption key (GTK) and confirmation to the client.
  • ✅ The client confirms receipt, and from that moment the exchange of encrypted data begins.

If the MIC checksum (MIC) doesn't match at any stage, the process is aborted. It's at this stage that security auditing programs operate, attempting to intercept handshake packets for subsequent password guessing.

Data Encryption Methods: TKIP vs. AES

After successful authorization, data transfer begins, which must be protected from eavesdropping. This is where the encryption algorithm comes into play. For a long time, there was confusion between security protocols (WPA/WPA2) and encryption methods (TKIP/AES), but the situation has now been clarified.

TKIP (Temporal Key Integrity Protocol) was created as a workaround for older equipment that didn't support AES. It wrapped the old WEP algorithm in a new shell, changing the keys but preserving the vulnerable structure. Modern devices often mark TKIP networks as "Low Security" or refuse to connect altogether.

AES (Advanced Encryption Standard) is a block cipher adopted as a standard by the US government. WiFi uses CCMP mode, which ensures not only confidentiality but also data integrity. Packet tampering in an AES-CCMP stream is immediately detected and blocked.

Characteristic TKIP AES (CCMP)
Speed ​​of work Below (up to 54 Mbps) High (AC/AX speed support)
Security Outdated, vulnerable High, industry standard
Compatibility Older devices (802.11g) All modern devices
Recommendation Do not use Required for use

When setting up your router, always select the mode WPA2/WPA3 Personal with encryption AESMixed modes (TKIP+AES) can reduce the performance of the entire network to the speed of the slowest device.

Corporate authentication and Radius servers

In an office environment, using a single password for all employees is a serious security mistake. If an employee quits or loses a laptop, the password must be changed on all devices in the office. The solution is a security mode. WPA-Enterprise (802.1X).

In this scheme, the router (access point) acts only as an intermediary. It does not store the user database, but forwards credentials to a dedicated authorization server, most often RADIUSThe server checks the login and password (or certificate) in the active directory or another database and issues an "allow" or "deny" command.

The advantages of such a scheme are obvious:

  • 🔐 Individual access: You can deny access to a specific user without affecting others.
  • 📊 Logging: you can see who connected, when, and from what device.
  • 🔄 Dynamic VLANs: Different users can be automatically placed in different virtual networks (guests, employees, IT department).

☑️ WPA-Enterprise Deployment Preparation Checklist

Completed: 0 / 4
⚠️ Warning: Configuring a RADIUS server requires extensive knowledge of network infrastructure. A configuration error can completely block network access for all employees. Testing on an isolated segment is recommended.

Vulnerabilities and attack methods on the connection process

Even the most perfect protocols are vulnerable to human error or implementation errors. The most common attack is the creation of Rogue AP (Fake access point). The attacker creates a network with a name identical to the legitimate one (for example, "Free_WiFi" or a clone of a home network) and waits for the victim's device to connect to it.

Another method is - Deauth attackThe attacker sends deauthorization frames on behalf of the router, forcibly disconnecting the client. The device automatically attempts to reconnect, at which point the hacker intercepts the handshake hashes to brute-force the password.

To protect against such threats, it is necessary:

  • 🛡️ Disable the WPS function, as it has critical vulnerabilities in PIN codes.
  • 👁️ Use hidden SSIDs (although this is weak protection, it reduces the visibility of the network).
  • 🔄 Regularly update your router's firmware to patch any vulnerabilities.

FAQ: Frequently Asked Questions

Is it possible to hack WiFi with WPA3 encryption?

Currently, no direct vulnerabilities in the WPA3 protocol itself have been found that would allow traffic to be easily decrypted. However, attacks are possible through vulnerabilities in the implementation of specific devices or through social engineering. Transitional attacks (like Dragonblood) also exist, but they require complex configuration and close proximity.

Does AES encryption slow down internet speed?

Modern routers and client devices have hardware encryption acceleration, so the impact on speed is minimal (less than 5%).