A Handshake is a term in information technology and telecommunications that refers to the automated process of negotiation that dynamically sets the parameters (such as information transfer rate, coding alphabet, parity, and interrupt procedure) of a communications channel that has been established between two devices.
The process of handshaking occurs after the physical establishment of the channel, and takes place before the start of normal communication over the channel.
Through handshaking, human intervention becomes unnecessary for setting parameters in the connection of relatively heterogeneous systems or equipment over a communication channel.
Handshaking is often used in modems, where the negotiation of parameters enables optimal information transfer over the established channel.
After a connection is established, a "squealing" noise is emitted by some modems with speaker output. This noise is actually produced by both modems in a connection that are undergoing a handshaking procedure.
Another important example of handshaking is the Four-Way Handshake, developed for the IEEE 802.11i-2004 standard as a more secure replacement for the IEEE 802.11 standard’s previous security specification, Wired Equivalent Privacy (WEP).
The Four-Way Handshake is used to establish the Pairwise Transient Key (PTK) and yield the Group Temporal Key (GTK). The PTK is generated by connecting the following attributes: PMK, AP nonce (ANonce), client station (STA) nonce (SNonce),
AP MAC address and STA MAC address. A cryptogenic hash function then yields the PTK. The standard then makes use of a Group Key Handshake to keep the GTK updated in case of the expiry of a preset timer, and to prevent a device from receiving anymore multicast or broadcast messages from the AP.
The Challenge-Handshake Authentication Protocol (CHAP) is another process that involves handshaking. The protocol was defined in the Request for Comments (RFC) 1994.
CHAP is used by Point to Point Protocol (PPP) servers to periodically verify the identity of and authenticate a user or network host to an authenticating entity, such as an Internet access provider, through the use of a three-way handshake.
Once the link establishment phase is completed, a "challenge message" is sent to the peer by the authenticating entity. The peer sends back a value calculated using a one-way hash function, like the MD5 checksum hash.
The response is checked by the authenticating entity against its own calculation of the expected hash value. Authentication is acknowledged if the values match. If they do not match, the connection is terminated. The process repeats at random intervals.
A shared secret, such as the client user’s password, becomes the basis for verification, and CHAP requires that both the client and the server know the plaintext of the secret. By using an incrementally changing identifier and a variable challenge-value, CHAP is able to provide protection against playback attack by the peer.