Um Mecanismo de Autenticação Baseado em ECDH para Redes IEEE 802.11
Abstract
In networks that use the protocols WPA, WPA2 or IEEE 802.11i and these protocols enhanced by the amendment IEEE 802.11w, the keys that compose the PTK (Pairwise Transient Key) allow network devices to exchange messages with proper encryption and integrity check. Because of its importance, the PTK should be kept in secret by the protocol. However, in all of aforementioned protocols, the 4-Way Handshake is flawed when the personal authentication method is used, allowing malicious entities that possess the PSK (Pre-Shared Key) of the network to reproduce the process of deriving the PTK key of all authenticated clients. In this paper, we propose and evaluate a new handshake protocol, which is based on the ECDH (Elliptic Curve Diffie-Hellman) protocol and solves the problem of undue PTK derivation. We also present a solution to provide automatic authentication on open networks, allowing encrypted traffic information to be exchanged without the need of providing keys by the users.References
Ahmad, T., Hu, J., and Han, S. (2009). An Efficient Mobile Voting System Security Scheme Based on Elliptic Curve Cryptography. In Proceedings of Third International Conference on Network and System Security, pages 474–479, Australia.
Diffie, W. and Hellman, M. E. (1976). New Directions in Cryptography.
Fogie, S. (2005). Cracking Wi-Fi Protected Access (WPA), Part 2. http://www.fermentas.com/techinfo/nucleicacids/maplambda.htm.
Gupta, V., Gupta, S., and Chang, S. (2002). Performance Analysis of Elliptic Curve Cryptography for SSL. In Proceedings of Workshop on Wireless Security 2002, pages 87–94.
Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer Verlag.
IEEE 802.1X (2004). IEEE Standard for Local and Metropolitan Area Networks – Port- Based Network Access Control.
IEEE Standard 802.11 (1999). IEEE Standards for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Network – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
IEEE Standard 802.11i (2004). IEEE Standard for Information Technology – Telecommunications and Information Exchange between System – Local and Metropolitan Area Networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications – Amendment 6: Medium Access Control (MAC) Security Enhancements Interpretation.
IEEE Standard 802.11w (2009). IEEE Standard for Information technology – Telecommunications and Information Exchange between System – Local and Metropolitan area networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 4: Protected Management Frames.
Lederer, C., Mader, R., Koschuch, M., Groszschaedl, J., Szekely, A., and Tillich, S. (2009). Energy-Efficient Implementation of ECDH Key Exchange forWireless Sensor Networks. In Proceedings of Workshop on Information Security Theory and Practices, pages 112–127.
Lehembre, G. (2005). Wi-Fi security – WEP, WPA and WPA2. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking.
Malinen, J. and contributors (2010). Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant. http://hostap.epitest.fi/.
Mano, C. D. and Striegel, A. (2006). Resolving WPA Limitations in SOHO and Open Public Wireless Networks. In Proceedings of IEEE Wireless Communications and Networking Conference 2006, Las Vegas.
Moskowitz, R. (2003). Weakness in Passphrase Choice in WPA Interface. [link].
National Institute of Standards and Technology (2009). FIPS PUB 186-3. In Digital Signature Standard.
OpenSSL (2010). The OpenSSL Project. http://www.openssl.org/.
Souza, E. F. and Gonçalves, P. A. S. (2009). Um Mecanismo de Proteção de Nonces para a Melhoria da Segurança de Redes IEEE 802.11i. In Proceedings of WTICG/SBSeg, pages 291–300, Campinas.
Tate, J. T. (1973). The Arithmetic of Elliptic Curves. In Inventiones Mathematicae, volume 23, pages 179–206.
Tews, E. (2007). Attacks on the WEP Protocol. Cryptology ePrint Archive, Report 2007/471.
Vanstone, S. A. (2003). Next Generation Security for Wireless: Elliptic Curve Cryptography. In Computers and Security, volume 22.
Wi-Fi Alliance (2003). Wi-Fi Protected Access: Strong, Standards-based, Interoperable Security for Today’s Wi-Fi Networks.
Diffie, W. and Hellman, M. E. (1976). New Directions in Cryptography.
Fogie, S. (2005). Cracking Wi-Fi Protected Access (WPA), Part 2. http://www.fermentas.com/techinfo/nucleicacids/maplambda.htm.
Gupta, V., Gupta, S., and Chang, S. (2002). Performance Analysis of Elliptic Curve Cryptography for SSL. In Proceedings of Workshop on Wireless Security 2002, pages 87–94.
Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer Verlag.
IEEE 802.1X (2004). IEEE Standard for Local and Metropolitan Area Networks – Port- Based Network Access Control.
IEEE Standard 802.11 (1999). IEEE Standards for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Network – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
IEEE Standard 802.11i (2004). IEEE Standard for Information Technology – Telecommunications and Information Exchange between System – Local and Metropolitan Area Networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications – Amendment 6: Medium Access Control (MAC) Security Enhancements Interpretation.
IEEE Standard 802.11w (2009). IEEE Standard for Information technology – Telecommunications and Information Exchange between System – Local and Metropolitan area networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 4: Protected Management Frames.
Lederer, C., Mader, R., Koschuch, M., Groszschaedl, J., Szekely, A., and Tillich, S. (2009). Energy-Efficient Implementation of ECDH Key Exchange forWireless Sensor Networks. In Proceedings of Workshop on Information Security Theory and Practices, pages 112–127.
Lehembre, G. (2005). Wi-Fi security – WEP, WPA and WPA2. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking.
Malinen, J. and contributors (2010). Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant. http://hostap.epitest.fi/.
Mano, C. D. and Striegel, A. (2006). Resolving WPA Limitations in SOHO and Open Public Wireless Networks. In Proceedings of IEEE Wireless Communications and Networking Conference 2006, Las Vegas.
Moskowitz, R. (2003). Weakness in Passphrase Choice in WPA Interface. [link].
National Institute of Standards and Technology (2009). FIPS PUB 186-3. In Digital Signature Standard.
OpenSSL (2010). The OpenSSL Project. http://www.openssl.org/.
Souza, E. F. and Gonçalves, P. A. S. (2009). Um Mecanismo de Proteção de Nonces para a Melhoria da Segurança de Redes IEEE 802.11i. In Proceedings of WTICG/SBSeg, pages 291–300, Campinas.
Tate, J. T. (1973). The Arithmetic of Elliptic Curves. In Inventiones Mathematicae, volume 23, pages 179–206.
Tews, E. (2007). Attacks on the WEP Protocol. Cryptology ePrint Archive, Report 2007/471.
Vanstone, S. A. (2003). Next Generation Security for Wireless: Elliptic Curve Cryptography. In Computers and Security, volume 22.
Wi-Fi Alliance (2003). Wi-Fi Protected Access: Strong, Standards-based, Interoperable Security for Today’s Wi-Fi Networks.
Published
2010-10-11
How to Cite
SOUZA, Eduardo Ferreira de; GONÇALVES, Paulo André da S..
Um Mecanismo de Autenticação Baseado em ECDH para Redes IEEE 802.11. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 10. , 2010, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2010
.
p. 119-131.
DOI: https://doi.org/10.5753/sbseg.2010.20582.
