Authentication Frame
Understanding Wi-Fi Authentication Frames
When your phone connects to a Wi-Fi network, one of the very first exchanges is the Authentication Frame handshake — two management frames that establish the initial security state between your device and the access point. In modern WPA2 networks, this step is a formality. In WPA3 networks, it carries the actual cryptographic proof of identity.
Open System Authentication (WPA2)
In WPA2 networks, the 802.11 authentication exchange is purely ceremonial:
- STA sends Authentication Request (Algorithm: Open System, Sequence: 1).
- AP responds with Authentication Response (Sequence: 2, Status: Success).
No password is verified at this step. The real security happens later, during the EAPOL 4-way handshake after association. Open System Authentication exists for backward compatibility with the 802.11 state machine, which requires authentication before association.
SAE Authentication (WPA3)
WPA3-SAE replaces this empty exchange with a meaningful cryptographic protocol. The authentication frames carry the SAE Commit and Confirm messages, executing a Dragonfly key exchange that proves both sides know the password without revealing it. This combines the authentication and key establishment steps, completing security verification before association.
Key Equations
An Authentication Frame is an IEEE 802.11 management frame exchanged between a Wi-Fi client station (STA) and an Access Point (AP) during the authentication phase...
Key specifications:
802.11 m | 802.11 a | 32.44 dB | 60 km
Throughput: R = Nlayers×B×ηSE×(1−OH)
Comparison
| Aspect | Authentication Frame Spec | Typical Range | Impact | Design Note |
|---|---|---|---|---|
| Primary function | An Authentication Frame is an IEEE 802.1... | Application-dep. | Critical | Verify in sim |
| Operating range | Authentication is the second step in the... | Application-dep. | Critical | Verify in sim |
| Performance | In WPA3-SAE mode, the authentication fra... | Application-dep. | Critical | Verify in sim |
| Integration | In modern WPA2 networks, this step is a... | Application-dep. | Critical | Verify in sim |
| Trade-off | In WPA3 networks, it carries the actual... | Application-dep. | Critical | Verify in sim |
Frequently Asked Questions
What is the legacy Shared Key Authentication?
Shared Key Authentication was the original WEP-era authentication method where the AP sent a challenge text, the STA encrypted it with the shared WEP key and returned it, and the AP verified the encryption. This method is fundamentally insecure — an eavesdropper can capture both the plaintext challenge and the encrypted response, trivially recovering the WEP key. Shared Key Authentication is deprecated and should never be used. All modern networks use Open System Authentication followed by robust WPA2/WPA3 security.
Can authentication frames be spoofed?
Yes, and this is a known vulnerability. Management frames (including Authentication and Deauthentication frames) are not encrypted in WPA2, allowing an attacker to forge deauthentication frames that disconnect clients (deauth attack). 802.11w (Management Frame Protection, mandatory in WPA3) cryptographically protects management frames, preventing spoofing of deauthentication, disassociation, and other critical management frames.
How fast is the authentication exchange?
Open System Authentication completes in two frames — typically 1–5 milliseconds including channel access time. SAE authentication requires 4 frames (Commit and Confirm in each direction) with computationally intensive elliptic curve operations, taking 10–50 milliseconds depending on the processor speed of the STA and AP. In high-density environments with many simultaneous authentications, SAE's computational cost can become a bottleneck for the AP.