research-article

Link-layer protection in 802.11i WLANS with dummy authentication

Authors:

Dong XuanAuthors Info & Claims

WiSec '09: Proceedings of the second ACM conference on Wireless network security

Pages 131 - 138

https://doi.org/10.1145/1514274.1514294

Published: 16 March 2009 Publication History

Get Access

Abstract

The current 802.11i standard can provide data confidentiality, integrity and mutual authentication in enterprise Wireless Local Area Networks (WLANs). However, secure communication can only be provided after successful authentication and a robust security network association is established. In general, the wireless link layer is not protected by the current standard in WLANs, which leads to many possible attacks, especially in public open-access wireless networks. We argue that regardless of the type of network under consideration, link-layer protection and data confidentiality are of great importance in wireless applications. In this paper, we first identify and analyze the security issues ignored by the current 802.11 security standard. Then we propose our solution to patch the current 802.11i standard and address all those issues with a new dummy authentication key-establishment algorithm. Dummy means no real authentication for a user. In dummy authentication, we apply public-key cryptography's key-establishment technique to the 802.11 MAC protocol. Our solution can provide link-layer data encryption in open-access wireless networks, separate session encryption keys for different users, and protection for important frames such as management and null data frames as well as Extensible Authentication Protocol (EAP) messages.

References

[1]

http://searchnetworking.techtarget.com/generic/0,295582,sid7 gci1173698 tax303099,00.html.

Google Scholar

[2]

http://technet.microsoft.com/en-us/library/bb878131.aspx.

Google Scholar

[3]

http://www.antsight.com/zsl/rainbowcrack/.

Google Scholar

[4]

D. Akin. 802.11w -- Management Frame Protection. http://www.cwnp.com/community/index2.php?option=com content&do pdf=1&id=54.

Google Scholar

[5]

J. Bellardo and S. Savage. 802.11 Denial of Service Attacks: Real Vulnerabilities and Practical Solutions. In 12th USENIX Security Symposium, Aug. 2003.

Digital Library

Google Scholar

[6]

J.-C. Chen, M.-C. Jiang, and Y. wen Liu. Wireless LAN Security and IEEE 802.11i. IEEE Wireless Communications, 12(1):27--36, Feb. 2005.

Digital Library

Google Scholar

[7]

D. B. Faria and D. R. Cheriton. DoS and Authentication in Wireless Public Access Networks. In ACM Workshop on Wireless Security (WiSe '02),Sept. 2002.

Digital Library

Google Scholar

[8]

W. Gu, Z. Yang, C. Que, D. Xuan, and W. Jia. On Security Vulnerabilities of Null Data Frames in IEEE 802.11-based WLANs. In IEEE International Conference on Distributed Computing Systems (ICDCS), June 2008.

Digital Library

Google Scholar

[9]

C. He and J. C. Mitchell. Analysis of the 802.11 4-way Handshake. In ACM Workshop on Wireless Security (WiSe '04), pp. 43--50, October 2004.

Digital Library

Google Scholar

[10]

C. He and J. C. Mitchell. Security Analysis and Improvements for IEEE 802.11i. In 12th Annual Network and Distributed System Security Symposium (NDSS '05), pp. 90--110, Feb. 2005 .

Google Scholar

[11]

C. He, M. Sundararajan, A. Datta, A. Derek, and J. C. Mitchell. A Modular Correctness Proof of IEEE 802.11i and TLS. In 12th ACM Conference on Computer and Communications Security (CCS '05), Nov. 2005.

Digital Library

Google Scholar

[12]

J. S. Park and D. Dicoi. WLAN Security: Current and Future. IEEE Internet Computing, 7(5):60--65, Sept.-Oct. 2003.

Digital Library

Google Scholar

[13]

F. D. Rango, D. C. Lentini, and S. Marano. Static and Dynamic 4-way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i. EURASIP Journal of Wireless Communication Networks, 2:73, Apr. 2006.

Digital Library

Google Scholar

[14]

E. Tews, R.-P. Weinmann, and A. Pyshki. Breaking 104-bit WEP in Less Than 60 Seconds. Cryptology ePrint Archive: Report 2007/120, available at http://eprint.iacr.org/2007/120, 2007.

Google Scholar

Cited By

View all

Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Kumar APaul P(2018)A Secure Three-Way Handshake Authentication Process in IEEE 802.11iProceeding of the Second International Conference on Microelectronics, Computing & Communication Systems (MCCS 2017)10.1007/978-981-10-8234-4_58(725-737)Online publication date: 31-Jul-2018
https://doi.org/10.1007/978-981-10-8234-4_58
Zhu XXu FNovak ETan CLi QChen G(2017)Using Wireless Link Dynamics to Extract a Secret Key in Vehicular ScenariosIEEE Transactions on Mobile Computing10.1109/TMC.2016.255778416:7(2065-2078)Online publication date: 1-Jul-2017
https://doi.org/10.1109/TMC.2016.2557784
Show More Cited By

Index Terms

Link-layer protection in 802.11i WLANS with dummy authentication
1. Networks
  1. Network protocols

Recommendations

Providing Service Guarantees in 802.11e EDCA WLANs with Legacy Stations

Although the EDCA access mechanism of the 802.11e standard supports legacy DCF stations, the presence of DCF stations in the WLAN jeopardizes the provisioning of the service guarantees committed to the EDCA stations. The reason is that DCF stations ...
Lightweight, ECC based RFID Authentication Scheme for WLAN

Wireless local area networks WLANs, like IEEE 802.11, are right now very common in numerous outdoor or indoor environments for providing wireless communication among WiFi-enabled devices by accessing an Access Point infrastructure mode or through peer ...
The security of a strong proxy signature scheme with proxy signer privacy protection

In 1996, Mambo et al. first introduced the concept of a proxy signature scheme, and discussed the delegation of the signing capability to a proxy signer. In 2001, Lee et al. constructed a strong non-designated proxy signature scheme. In 2002, Shum and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

WiSec '09: Proceedings of the second ACM conference on Wireless network security

March 2009

280 pages

ISBN:9781605584607

DOI:10.1145/1514274

General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '09

Sponsor:

WISEC '09: Second ACM Conference on Wireless Network Security

March 16 - 19, 2009

Zurich, Switzerland

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
705
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Kumar APaul P(2018)A Secure Three-Way Handshake Authentication Process in IEEE 802.11iProceeding of the Second International Conference on Microelectronics, Computing & Communication Systems (MCCS 2017)10.1007/978-981-10-8234-4_58(725-737)Online publication date: 31-Jul-2018
https://doi.org/10.1007/978-981-10-8234-4_58
Zhu XXu FNovak ETan CLi QChen G(2017)Using Wireless Link Dynamics to Extract a Secret Key in Vehicular ScenariosIEEE Transactions on Mobile Computing10.1109/TMC.2016.255778416:7(2065-2078)Online publication date: 1-Jul-2017
https://doi.org/10.1109/TMC.2016.2557784
Robyns PBonné BQuax PLamotte WAcs GMartin AMartinovic ICastelluccia CTraynor P(2014)Short paperProceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks10.1145/2627393.2627411(189-194)Online publication date: 23-Jul-2014
https://dl.acm.org/doi/10.1145/2627393.2627411
Singh RSharma T(2014)On the IEEE 802.11i security: a denial‐of‐service perspectiveSecurity and Communication Networks10.1002/sec.10798:7(1378-1407)Online publication date: 21-Aug-2014
https://doi.org/10.1002/sec.1079
Zhu XXu FNovak ETan CLi QChen G(2013)Extracting secret key from wireless link dynamics in vehicular environments2013 Proceedings IEEE INFOCOM10.1109/INFCOM.2013.6567032(2283-2291)Online publication date: Apr-2013
https://doi.org/10.1109/INFCOM.2013.6567032
Taha SShen X(2012)A link-layer authentication and key agreement scheme for mobile public hotspots in NEMO based VANET2012 IEEE Global Communications Conference (GLOBECOM)10.1109/GLOCOM.2012.6503244(1004-1009)Online publication date: Dec-2012
https://doi.org/10.1109/GLOCOM.2012.6503244
Ryu EKim HYoo K(2012)KCI-resilient anonymous wireless link-layer authentication protocolsMathematical and Computer Modelling10.1016/j.mcm.2012.01.01855:11-12(2107-2116)Online publication date: Jun-2012
https://doi.org/10.1016/j.mcm.2012.01.018
Choi JChang SKo DHu Y(2011)Secure MAC-Layer Protocol for Captive Portals in Wireless Hotspots2011 IEEE International Conference on Communications (ICC)10.1109/icc.2011.5963508(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/icc.2011.5963508
Choi BShen X(2011)DSA: Distributed Semi-Asynchronous Sleep Scheduling Protocol for Mobile Wireless Networks2011 IEEE International Conference on Communications (ICC)10.1109/icc.2011.5962781(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/icc.2011.5962781
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Providing Service Guarantees in 802.11e EDCA WLANs with Legacy Stations

Lightweight, ECC based RFID Authentication Scheme for WLAN

The security of a strong proxy signature scheme with proxy signer privacy protection