EAPOL MIC Calculation using HMAC-MD5

Welcome to the EAPOL MIC Calculator. This tool helps you understand and compute the Message Integrity Check (MIC) for EAPOL (Extensible Authentication Protocol over LAN) frames, utilizing the HMAC-MD5 algorithm. Understanding the MIC is crucial for ensuring the integrity and authenticity of authentication messages in network security protocols like WPA/WPA2.

EAPOL MIC Calculator (HMAC-MD5)

Enter the necessary values to calculate the EAPOL MIC. The MIC is a critical component for verifying that an EAPOL message has not been tampered with.

What is EAPOL MIC?

EAPOL, which stands for Extensible Authentication Protocol over LAN, is a network protocol used to encapsulate the Extensible Authentication Protocol (EAP) within IEEE 802 frames. This allows for various authentication methods (like EAP-TLS, EAP-PEAP, EAP-TTLS) to be used over wired Ethernet or wireless (Wi-Fi) networks. A critical component of securing these authentication exchanges is the Message Integrity Check (MIC). The EAPOL MIC is a cryptographic checksum calculated over the EAPOL message, ensuring that the message has not been altered or corrupted during transmission. It’s a vital part of handshake processes in network authentication, especially in enterprise environments using WPA/WPA2/WPA3-Enterprise.

Who should use it? Network administrators, security professionals, wireless engineers, and developers working with network security protocols will find the concept and calculation of EAPOL MIC essential. Anyone implementing or troubleshooting Wi-Fi security, particularly WPA/WPA2-Enterprise authentication, needs to understand how the MIC works to verify message integrity.

Common Misconceptions:

• MIC is Encryption: The MIC is NOT encryption. It ensures integrity and authenticity, but it does not hide the content of the message. Confidentiality is achieved through separate encryption mechanisms.
• MIC is the same as a standard checksum: Unlike simple checksums (like CRC32), the MIC is cryptographically secure, meaning it’s computationally infeasible for an attacker to generate a different message with the same MIC without knowing the secret key.
• MIC is only for WPA/WPA2: While heavily used in WPA/WPA2, the principle of message integrity checking applies to many secure communication protocols.
• The key is transmitted with the message: The shared secret key used for HMAC-MD5 is pre-established between the authenticator (e.g., Access Point) and the supplicant (e.g., client device) through a secure out-of-band process, not transmitted within the EAPOL frames themselves for MIC calculation.

EAPOL MIC Formula and Mathematical Explanation

The EAPOL MIC is calculated using the Hash-based Message Authentication Code (HMAC) algorithm, specifically with the MD5 hash function. The formula is as follows:

EAPOL MIC = HMAC-MD5(Key, Concatenated_Data)

Where:

• Key is the pre-shared secret key (PSK) or a derived key used for authentication.
• Concatenated_Data is the message payload formed by joining several components in a specific order.

The Concatenated_Data is typically constructed by combining the following fields:

Concatenated_Data = Nonce || Replay Counter || EAPOL Payload

Let’s break down each variable:

EAPOL MIC Calculation Variables

Variable	Meaning	Unit	Typical Range / Format
Key	The shared secret key used for HMAC generation. In WPA/WPA2, this is often derived from the PSK or pairwise transient key (PTK).	Binary	Variable length, typically 128-256 bits (16-32 bytes)
Nonce	A pseudo-random number generated by the client (supplicant) to ensure that even if messages are replayed, the MIC calculation will differ.	Hexadecimal String (representing bytes)	Typically 8 bytes (16 hex characters)
Replay Counter	A counter maintained by the client to prevent replay attacks. It should be strictly increasing.	Hexadecimal String (representing bytes)	Typically 4 bytes (8 hex characters)
EAPOL Payload	The actual EAP message content that needs authentication. This excludes the MIC field itself.	Hexadecimal String (representing bytes)	Variable length, depends on the EAP message
Concatenated_Data	The combined message buffer formed by appending Nonce, Replay Counter, and EAPOL Payload.	Hexadecimal String (representing bytes)	Sum of lengths of Nonce, Replay Counter, and EAPOL Payload
HMAC-MD5	The cryptographic function applying MD5 hash with a secret key. It produces a fixed-size output.	MD5 Hash (128 bits / 16 bytes)	128 bits (32 hex characters)
EAPOL MIC	The final Message Integrity Check value, which is appended to the EAPOL frame.	Hexadecimal String (representing bytes)	128 bits (32 hex characters)

The HMAC-MD5 process involves hashing the concatenated data using the secret key in a specific way to resist various attacks. The standard MD5 algorithm produces a 128-bit (16-byte) hash value. The HMAC construction ensures that the security relies on the properties of the underlying hash function (MD5) and the secrecy of the key. This calculated EAPOL MIC is then typically appended to the EAPOL frame before transmission, or used within the handshake messages to verify authenticity.

Practical Examples (Real-World Use Cases)

Understanding the EAPOL MIC calculation in practice requires specific inputs. Here are two illustrative examples:

Example 1: Basic EAPOL Start Message

Suppose a client is initiating an EAP authentication exchange. The relevant data might be:

• Shared Secret Key (Hex): b9a7a6b5c4d3e2f10987654321fedcba (24 bytes)
• Nonce (Hex): 1a2b3c4d5e6f7890 (8 bytes)
• Replay Counter (Hex): 00000001 (4 bytes)
• EAPOL Payload (Hex): 02010012000000010000000000000000 (18 bytes – Simplified EAP-Start)

Calculation Steps:

1. Concatenate: 1a2b3c4d5e6f7890 || 00000001 || 02010012000000010000000000000000 = 1a2b3c4d5e6f78900000000102010012000000010000000000000000
2. Calculate HMAC-MD5: HMAC-MD5(b9a7a6b5c4d3e2f10987654321fedcba, 1a2b3c4d5e6f78900000000102010012000000010000000000000000)
3. Resulting EAPOL MIC (Hex): 8f7e6d5c4b3a2910f0e9d8c7b6a5f4e3 (Example output, actual result depends on precise HMAC-MD5 implementation)

Interpretation: This MIC value would be part of the authentication handshake. If the receiving device calculates the same MIC using its shared secret key and the received data, it confirms the message’s authenticity and integrity.

Example 2: EAPOL-Key Frame (Simplified)

Consider a scenario during the 4-way handshake in WPA2, where an EAPOL-Key frame is exchanged. Data might look like this:

• Shared Secret Key (Hex): abcdef0123456789fedcba9876543210 (16 bytes)
• Nonce (Hex): 0102030405060708 (8 bytes – often referred to as ANonce/SNonce)
• Replay Counter (Hex): 00000003 (4 bytes)
• EAPOL Payload (Hex): 02020038... (The rest of the EAPOL-Key message content, truncated for brevity)

Calculation Steps:

1. Concatenate: 0102030405060708 || 00000003 || 02020038...
2. Calculate HMAC-MD5: HMAC-MD5(abcdef0123456789fedcba9876543210, Concatenated Data)
3. Resulting EAPOL MIC (Hex): a1b2c3d4e5f60718a9b8c7d6e5f40312 (Example output)

Interpretation: This MIC confirms the integrity of the EAPOL-Key message. If the MIC doesn’t match, the receiving party knows the key exchange message has been tampered with or is not from the expected source, potentially causing the authentication to fail and preventing a connection.

How to Use This EAPOL MIC Calculator

Our calculator simplifies the process of verifying EAPOL message integrity. Follow these steps:

1. Obtain the Inputs: You will need the following data, typically captured from network traffic analysis or protocol specifications:
   • The Shared Secret Key (in hexadecimal format). This is the cryptographic key established between the client and the authentication server/AP.
   • The EAPOL Payload (in hexadecimal format). This is the actual EAP message content, excluding the MIC field itself.
   • The Nonce (in hexadecimal format). A random value used to prevent replay attacks and ensure uniqueness.
   • The Replay Counter (in hexadecimal format). A sequence number to prevent replay attacks.
2. Enter Data into Fields: Carefully input each piece of information into the corresponding field in the calculator. Ensure you are using hexadecimal representation.
3. Click “Calculate MIC”: Once all fields are populated, click the “Calculate MIC” button.
4. Review the Results: The calculator will display:
   • The primary result: The calculated EAPOL MIC in hexadecimal format.
   • Intermediate values: The HMAC-MD5 Hash generated and the Concatenated Data used for the hash.
   • Input values: Confirmation of the Key, EAPOL Payload, Nonce, and Replay Counter you entered.
5. Interpret and Verify: Compare the calculated EAPOL MIC with the MIC value provided in the actual EAPOL frame (if available from a packet capture). A match confirms the integrity and authenticity of the message. If they don’t match, the message may have been altered or is not genuine.
6. Copy Results: Use the “Copy Results” button to easily transfer all calculated and input values for documentation or further analysis.
7. Reset Form: If you need to start over or correct an entry, click the “Reset” button to clear all fields and return them to their default state.

Decision-Making Guidance: This calculator is primarily for verification. In a real network environment, if your client or authentication server reports MIC mismatches, it could indicate network issues, configuration errors, or potentially malicious activity. Use the output to cross-reference expected cryptographic results during troubleshooting.

Key Factors That Affect EAPOL MIC Results

Several factors can influence the final EAPOL MIC value. Understanding these is crucial for accurate calculation and troubleshooting:

1. The Shared Secret Key: This is the most critical factor. Any change in the key, even a single bit, will result in a completely different MIC. The integrity and correct length of the key are paramount. For protocols like WPA2-Enterprise, this key is derived from the RADIUS server and the client’s interactions.
2. The EAPOL Payload Content: The actual EAP message being authenticated is directly incorporated into the calculation. Different EAP message types (Start, Request, Response, Success, Failure) or variations within a message type will alter the payload and thus the MIC.
3. Nonce Value: The Nonce is designed to make each authentication attempt unique. Using a different Nonce for each message exchange ensures that even if the rest of the data is the same, the MIC will change. This prevents certain types of cryptographic attacks.
4. Replay Counter: This counter must be strictly increasing. If a message is replayed with an old counter value, it should ideally be rejected by the receiving party. If the counter is incorrect during MIC calculation, the result will be wrong.
5. Correct Concatenation Order: The order in which the Nonce, Replay Counter, and EAPOL Payload are concatenated is vital. Swapping the order or missing a component will lead to an incorrect MIC. The standard is typically Nonce || Replay Counter || EAPOL Payload.
6. Algorithm Implementation: While HMAC-MD5 is specified, subtle differences in how the HMAC algorithm or the underlying MD5 hash function are implemented can theoretically lead to variations, though this is less common with standardized libraries. Ensuring you use a reliable cryptographic library is important.
7. Key Derivation (for WPA/WPA2): In WPA/WPA2, the “Key” used for HMAC-MD5 isn’t always the initial PSK. It’s often a derived key like the Pairwise Transient Key (PTK) or Group Temporal Key (GTK). The correct derivation of these keys is essential for the MIC calculation to be valid in the context of the overall Wi-Fi security protocol.

Frequently Asked Questions (FAQ)

Q1: What is the length of the EAPOL MIC?

The EAPOL MIC, when calculated using HMAC-MD5, is 128 bits, which is equivalent to 16 bytes. In hexadecimal representation, this is typically shown as a 32-character string.

Q2: Can the EAPOL MIC be used to decrypt messages?

No, the EAPOL MIC is a Message Integrity Check. It verifies that a message has not been altered and confirms its origin (authenticity), but it does not provide confidentiality or encryption. Encryption is handled by separate mechanisms, like AES in WPA2/WPA3.

Q3: Why use HMAC-MD5 instead of a stronger algorithm like SHA-256?

Historically, MD5 was widely used. However, MD5 is now considered cryptographically broken due to collision vulnerabilities. Modern protocols often use SHA-256 or stronger hash functions within HMAC (HMAC-SHA256). The use of HMAC-MD5 in older standards or specific contexts might be for backward compatibility or legacy implementation reasons. It’s recommended to use more secure algorithms where possible.

Q4: What happens if the calculated MIC does not match the received MIC?

A mismatch indicates that the message integrity has been compromised. The receiving party should discard the message and potentially terminate the authentication process or connection. This could be due to network errors, interference, or a malicious attack attempting to tamper with the authentication frames.

Q5: Is the shared secret key transmitted in plain text?

No, the shared secret key (or the initial PSK) is never transmitted in plain text within the EAPOL frames for MIC calculation. It’s either pre-shared or securely derived during the initial stages of the authentication handshake using protocols like RADIUS and EAP methods. The HMAC algorithm uses this secret key internally.

Q6: How is the EAPOL Payload defined?

The EAPOL Payload refers to the content of the EAP message being authenticated. It typically includes fields specific to the EAP type (e.g., Identity, MD5-Challenge, TLS handshake data) and the EAPOL header information relevant to the message, but it specifically excludes the MIC field itself, as the MIC is calculated *over* the payload.

Q7: Can I use this calculator for WPA/WPA2-Personal (PSK)?

This calculator is for the EAPOL MIC calculation itself, which is primarily used in WPA/WPA2-Enterprise (802.1X) authentication flows. While WPA/WPA2-Personal also uses keys and message integrity, the specific EAPOL handshake and MIC generation process differs. This calculator is most relevant when troubleshooting 802.1X-based authentication.

Q8: What are the implications of a weak shared secret key?

A weak shared secret key (e.g., short, easily guessable, or derived from common information) makes the entire authentication process vulnerable. An attacker could potentially guess the key, allowing them to forge messages, calculate correct MICs, and gain unauthorized access to the network or perform man-in-the-middle attacks. Strong, unique keys are essential for robust security.

Related Tools and Internal Resources

• Wi-Fi Security Guide - Comprehensive overview of WPA, WPA2, and WPA3 security protocols.
• RADIUS Authentication Explained - Learn how RADIUS servers facilitate network authentication and authorization.
• Understanding EAP Methods - Explore different Extensible Authentication Protocol methods like PEAP, EAP-TLS, etc.
• Network Protocol Analyzer Tutorial - Tips and tricks for capturing and analyzing network traffic, including EAPOL frames.
• Cryptographic Hash Functions - An introduction to hash functions like MD5 and SHA, and their security implications.
• HMAC Calculator - A general tool for calculating HMAC using various hash algorithms and keys.