The Wi-Fi/802.11 standard introduced two new Information elements to cater to the new WPA/WPA2 encryption scheme. They are the WPA (Wireless Protected Access) and RSN (Robust Security Network) Information Elements.

Any Station containing a WPA/RSN information element in its Association request would need to perform an 802.11i/802.1X security handshake.

The WPA Information Element is shown below

The WPA Element ID is set to 221. The WPA Element ID is same as the vendor specific element ID. Hence, whenever a vendor specific Element ID is received – the OUI needs to be checked by the Station/AP to see if the Information Element is WPA. If it is not WPA – AP/Station can choose to ignore parsing the Information Element

The WPA OUI (Organizationally Unique Identifier) is set to 00-50-f2

The Type or Version of WPA is 1

The Multicast cipher suite and Type (together termed as Multicast/Group Cipher suite selector) indicates the multicast cipher that is supported.

The Unicast Cipher count – indicates the number of unicast cipher suites present

The Unicast Cipher List – is variable based on the number of Unicast cipher count value.

The tabular column indicates some of the different cipher lists that are supported

TKIP is the Default Cipher suite in WPA

NOTE: WEP-40 and WEP-104 can only be used as group cipher suites in the Transition Station network (TSN).

AKM Count – the Authentication Key Management count provides the number of Authentication key management suites that are supported.

AKM List – The number of different authentication mechanisms that is supported. The tabular column indicates some of the cipher suite and Type combination

The Packet capture below indicates the details of a PSK AKM suite selected and TKIP as Multicast/Unicast Cipher suite

RSN Information Element