Journal of Networks, Vol 6, No 3 (2011), 470-481, Mar 2011
doi:10.4304/jnw.6.3.470-481

Security Analysis and Improvements on WLANs

Li Wang, Bala Srinivasan, Nandita Bhattacharjee

Abstract


IEEE 802.11i standard defines the security specifications of IEEE 802.11 series Wireless Local Area Network (WLAN). It is the replacement of the old security standard named Wired Equivalent Privacy (WEP), and it aims to eliminate all known attacks against WEP. It well defines the solutions to the confidentiality, mutual authentication and integrity aspects of the WLAN security except the availability aspect. Many researchers have shown that IEEE 802.11i standard cannot prevent various Denial of Service (DoS) attacks including de-authentication, disassociation and memory/CPU DoS attacks. Besides, IEEE 802.11i reserved the PSK mode of WEP for flexibility and backward compatibility. However, the PSK mode in IEEE 802.11i standard fails to provide sufficient security to prevent offline dictionary attacks and internal attacks. In this paper, we present our solutions which can effectively improve IEEE 802.11i. For memory/CPU DoS attack against 4-way Handshake protocol, we propose an alternative Enhanced 3-way Handshake protocol which can effectively prevent this attack and can save computation cost compared to the original one. For the vulnerability in PSK mode, we proposed a novel ECDH protocol to prevent the offline dictionary attacks and internal attacks. The formal proofs of above two proposed protocols are also provided using Protocol Composition Logic (PCL).


Keywords


IEEE 802.11i; DoS attack; offline dictionary attack; inside attack; PSK; WLAN; 4-way Handshake

References


[1] IEEE, "IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements," IEEE, Piscataway, USA2004.

[2] D. B. Faria and D. R. Cheriton, "Dos and authentication in wireless public access networks " in Proceedings of the 1st ACM workshop on Wireless security, Altanta, USA, 2002, pp. 47 - 56.

[3] J. Bellardo and S. Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions," in Proceedings of the 12th USENIX Security Symposium, Washington, US, 2003, pp. 15 - 27.

[4] P. Nobles and P. A. Horrocks, "Vulnerability of IEEE802.11 WLANs to MAC laver DoS attacks," in 2nd Secure Mobile Communications Forum: Exploring the Technical Challenges in Secure GSM and WLAN, 2004, pp. 14/1 - 14/5.

[5] A. Lockhart. (2005, 20 May, 2009). Deauthentication Frame DoS. Available: http://www.wirelessve.org/entries/show/WVE-2005-0045

[6] C. Liu and J. Yu, "A Solution to WLAN Authentication and Association DoS Attacks," International Journal of Computer Science, vol. 34, pp. 31 - 36, Sept 2007.

[7] B. Aslam, et al., "802.11 disassociation DoS attack simulation using Verilog," WSEAS Transactions on Communications, vol. 7, pp. 198 - 206, 2008.

[8] C. He and J. C. Mitchell, "Analysis of the 802.11i 4-Way Handshake," in Proceedings of the 3rd ACM workshop on Wireless security, Philadelphia, PA, USA, 2004, pp. 43 - 50.

[9] R. Moskowits. (2003, May 20, 2009). Weakness in Passphrase Choice in WPA Interface. Available: http://wifinetnews.com/archives/2003/11/weakness_in_passphrase_choice_in_wpa_interface.html

[10] H. Berghel and J. Uecker, "WiFi Attack Vectors," Communications of the ACM, vol. 48, pp. 21-28, 2005.
doi:10.1145/1076211.1076229

[11] J. L. MacMichael, "Auditing wi-fi protected access (WPA) pre-shared key mode," Linux Journal, vol. 2005, p. 2, Sep 2005.

[12] A. Mishra and W. A. Arbaugh, "An Initial Security Analysis of the IEEE 802.1X Standard," UM Computer Science Department2002.

[13] K.-H. Baek, et al., "A Survey of WPA and 802.11i RSN Authentication Protocols," Dartmouth Computer Science Technical Report2004.

[14] H. Hwang, et al., "A Study on MITM (Man in the Middle) Vulnerability in Wireless Network Using 802.1X and EAP," in Proceedings of the 2008 International Conference on Information Science and Security Washington, DC, USA, 2008, pp. 164 - 170.
doi:10.1109/ICISS.2008.10

[15] IEEE, "IEEE Ratifies 802.11w, WLAN Specification to Enhance Signaling Security Mechanisms," ed. USA: IEEE, 2009.

[16] C. He and J. C. Mitchell, "Security analysis and improvements for IEEE 802.11i," in Proceedings of 12th Annual Network and Distributed System Security Symposium, 2005, pp. 90-100.

[17] F. D. Rango, et al., "Static and dynamic 4-way handshake solutions to avoid denial of service attack in Wi-Fi protected access and IEEE 802.11i," EURASIP Journal on Wireless Communications and Networking vol. 2006, pp. 1-19, April 2006.
doi:10.1155/WCN/2006/47453

[18] L. Wang and B. Srinivasan, "Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard," in Second International Conference on Networks Security, Wireless Communications and Trusted Computing Wuhan, Hubei, China 2010, pp. 109 - 113.
doi:10.1109/NSWCTC.2010.251

[19] C. D. Mano and A. Striegel "Resolving WPA limitations in SOHO and open public wireless networks," in Proceedings of Wireless open public wireless networks, 2006, pp. 617 - 622.

[20] X. Xing, et al., "Security Analysis and Authentication Improvement for IEEE 802.11i Specification," in IEEE GLOBECOM 2008 Global Telecommunications Conference, 2008, pp. 1 - 5.

[21] N. Koblitz, "Elliptic curve cryptosystems," Mathematics of Computation, vol. 48, pp. 203 - 209, 1987.
doi:10.1090/S0025-5718-1987-0866109-5

[22] V. S. Miller, "Use of elliptic curves in cryptography," in 218 on Advances in cryptology---CRYPTO 85, Santa Barbara, California, United States, 1985, pp. 417 - 426.

[23] S. A. Vanstone, "Next generation security for wireless: elliptic curve cryptography," Computers and security, vol. 22, pp. 412 - 415, 2003.
doi:10.1016/S0167-4048(03)00507-8

[24] N. Durgin, et al., "A compositional logic for proving security properties of protocols," Journal of Computer Security vol. 11, pp. 677 - 721, July 2003.

[25] A. Datta, et al., "A derivation system and compositional logic for security protocols," Journal of Computer Security, vol. 13, pp. 423 - 482, May 2005.

[26] A. Datta, et al., "Protocol Composition Logic (PCL)," Electronic Notes in Theoretical Computer Science, vol. 172, pp. 311 - 358, April 2007.
doi:10.1016/j.entcs.2007.02.012

[27] C. He, et al., "A Modular Correctness Proof of IEEE 802.11i and TLS," in Proceedings of the 12th ACM conference on Computer and communications security, Alexandria, VA, USA, 2005, pp. 2 - 15.


Full Text: PDF


Journal of Networks (JNW, ISSN 1796-2056)

Copyright @ 2006-2013 by ACADEMY PUBLISHER – All rights reserved.