I'm in the process of writing a research paper I'd like to eventually publish and I was wondering if anyone could explain the math to me behind shared key authentication. I think I need some clarification on some stuff. If an attacker captures a successful authentication from a client then:
Challenge text P
Encrypted challenge C
So if we're going to deduce the key stream, C = P (XOR) keystream we can get the keystream using:
keystream = C (XOR) P
Now if the attacker requests authentication from the access point and is sent the challenge text P2, how could authentication succeed using the keystream he got from the other client? Obviously he'd have the IV for this keystream, but would it not be different from the previous keystream, meaning that the keystream wouldn't be the same? So how could he encrypt this new challenge P2 using the previous keystream and still successfully authenticate? Am I missing something, is the same keystream used for authentication?
How does the IV play in to all this? I know it's concatenated to the shared key to form a seed and then passed through RC4 encryption, so how is it useful to us?
Could someone shed some light for me please?