Professional Documents
Culture Documents
Wpa2 4ways 10 Ho
Wpa2 4ways 10 Ho
net/publication/221593201
CITATIONS READS
3 914
2 authors, including:
Y.L. Ho
Multimedia University
8 PUBLICATIONS 40 CITATIONS
SEE PROFILE
All content following this page was uploaded by Y.L. Ho on 29 September 2017.
ABSTRACT Key (PSK) for home and SOHO users and WPA Extensible
Authentication Protocol (EAP), which is mainly for
802.11i is the latest security standard for wireless LAN enterprise users [4]. WPA maintained its reputation as
(WLAN). It provides data confidentiality and integrity. The secure protocol for quite some time until vulnerabilities
802.11i 4-way handshake and key management remains were found inside the 4-way handshake protocol. It is
secure against any attack which could compromise the key. possible for an attacker to obtain a passphrase by capturing
However, availability protection is still an issue as 802.11i the 4-way handshake messages and performing a dictionary
is subjected to denial of service attacks. Since Message 1 in attack on the captured packets [6, 4, 5]. After the discovery
the 4-way handshake is not protected by any mechanism, of this vulnerability, 802.11i was initiated to resolve the
forging these messages is possible. This paper presents a problem, and Wi-Fi Protected Access 2 (WPA2), which
light and simple implementation to deter DoS attacks implements the technology and standards from 802.11i [12]
against the 4-way handshake protocol. was born. A major improvement introduced by WPA2 is
the deployment of Counter Mode with Cipher Block
Categories and Subject Descriptors Chaining Message Authentication Code Protocol (CCMP)
[21], which utilizes the Advanced Encryption Standard
C.2.2 [Computer-Communication Networks]: (AES) [14].
Network Protocols
Although 802.11i is able to protect the key or passphrase
General Terms from being compromised, it is not completely secure.
Despite the evolution of WLAN security protocols from
Security WEP to WPA2, WLAN is still vulnerable to various denial
of service (DoS) attacks such as radio frequency jamming,
Keywords disassociation and deauthentication attacks [1], and
flooding [11, 8]. Specifically, the 802.11i 4-way handshake
802.11i, 4-way handshake protocol, ANonce, WLAN is vulnerable to certain denial of service attacks including
Security, DoS attack the 1 Message DoS attack and the reflection attack [7].
These particular attacks will cause failure or an incomplete
1. INTRODUCTION 4-way handshake. Hence, the client station will be unable
to authenticate itself to the access point under the
Wireless LAN (WLAN) has becoming more popular circumstances. Clearly, a new mechanism is needed to
among home users and enterprise users because of its counter these attacks and to ensure continuous availability
mobility, wide availability of hardware and affordable of data and network connectivity.
price. 802.11 is one of the standards of WLAN set by the
IEEE. The 802.11 [13] has undergone various amendments This paper focuses on addressing the problem of DoS
to improve its bandwidth, range, functionalities and attacks against the 4-way handshake protocol in deterring
security. the 1 Message DoS attack. It explores previously conducted
studies and research of proposed solutions [11, 8]. This
The earliest form of security adopted in the early stages of paper introduces a new proposed solution by encrypting
WLAN is the Wired Equivalent Privacy (WEP) protocol Message 1 to maintain its confidentiality. The main
[4]. After a few years, it was shown to be insecure and contribution of this paper is the design of the proposed
replaced with the Wi-Fi Protected Access (WPA) protocol. solution and the analysis of the results obtained from the
There are two types of WPA applications: WPA Pre-shared implementation of the proposed solution.
Permission to make digital or hard copies of all or part of this work for This paper is segmented according to the following
personal or classroom use is granted without fee provided that copies are arrangement. Section 2 explains the overview of 802.11i 4-
not made or distributed for profit or commercial advantage and that way handshake protocol. Section 3 summarizes the related
copies bear this notice and the full citation on the first page. To copy works which have previously been done by others to
otherwise, or republish, to post on servers or to redistribute to lists, protect 802.11i 4-way handshake protocol from denial of
requires prior specific permission and/or a fee. service attacks. Section 4 describes our proposed solution
MoMM2009, December 14–16, 2009, Kuala Lumpur, Malaysia.
in detail, the results analysis and future improvements to
Copyright 2009 ACM 78-1-60558-659-5/09/0012...$5.00.
strengthen it. Section 5 concludes the paper.
2. IEEE 802.11i PTK contains 4 temporal keys; key encryption key (KEK)
1
to protect the confidentiality of the handshake, key
The IEEE 802.11i introduces the standard of CCMP [21] confirmation key (KCK) for integrity of the handshake,
based on a well known strong block cipher, the Advanced temporal key (TK) for data encryption and temporal MIC
Encryption Standard (AES) [12,14]. This eliminates the use key (TMK) for data authentication [6, 4].
of the weak RC4 stream cipher key [9] in WPA and
increases the strength of the key in IEEE 802.11i with the The supplicant will then generate its own random number,
AES algorithm. SNonce and compute the Message Integrity Code (MIC)
[2,9] using KCK. The purpose of the MIC is to ensure the
2.1 The 4-way Handshake Protocol integrity of Message 2 [2,6,9]. Prior to receiving Message 2
from the supplicant, the authenticator will first extract the
SNonce, compute the PTK and derive temporal keys. The
KCK is used to verify the MIC in Message 2. If the
verification succeeds, the authenticator proceeds to send
Message 3 (consisting of Group Transient Key (GTK)
which is encrypted with KEK plus the MIC) [6].
PTK = PRF-X (PMK, Pairwise key expansion, Figure 2. One message denial of service attack
Min(Authenticator_MAC, Supplicant_MAC) || (Situation 1) [3, 7, 8]
Max(Aauthenticator_MAC, Supplicant_ MAC) ||
Min(ANonce, SNonce) || Max(ANonce, SNonce)) Figure 2 shows an example of the 1 Message DoS attack on
the supplicant. In this situation, the attacker sends a forged
Message 1 which contains a new ANonce value to the
1 supplicant before the supplicant has a chance to send
Counter Mode CBC Message Authentication Code
Protocol Message 2 to the authenticator. This causes the supplicant
2 to re-generate a new SNonce value and derive a new PTK
Password-Based Key Derivation Function from RSA
Public Key Cryptography Standards value based on the ANonce received from the attacker [8].
Assume that these new values are SNonce’, PTK’ and
ANonce’. When the client sends Message 2 to the
authenticator, the MIC verification will fail because PTK ≠
PTK’ [3, 8]. Therefore, the handshake is incomplete.