Elliptic Curve Cryptography Based Mechanism for Secure Wi-Fi Connectivity

The connection establishment and client handover mechanism for Wi-Fi Protected Access (WPA/WPA2) Pre-Shared Key (PSK) networks described by the IEEE 802.11 standard are vulnerable to various attacks. The existing security protocols WPA/WPA2 use symmetric key cryptography to provide confidentiality and data authenticity. An attacker listening to the channel can eavesdrop on the four-way key handshaking and can also derive the encryption key. The well-known attacks are key recovery, man-in-middle, Hole 196, and de-authentication attack. Another key problem with the PSK mode is that all stations use the same key for authentication. In this paper, we propose an alternative to the existing mechanism for authentication and re-authentication during connection establishment and client handover, respectively that use Elliptic Curve Cryptography, a public key encryption technique. Our proposed mechanism uses a lesser number of frames during (re)-authentication and is immune to the existing vulnerabilities of WPA2 PSK.

[1]  K. Lauter,et al.  The advantages of elliptic curve cryptography for wireless security , 2004, IEEE Wireless Communications.

[2]  Zurina Mohd Hanapi,et al.  Comparison of ECC and RSA Algorithm in Resource Constrained Devices , 2013, 2013 International Conference on IT Convergence and Security (ICITCS).

[3]  William A. Arbaugh,et al.  An empirical analysis of the IEEE 802.11 MAC layer handoff process , 2003, CCRV.

[4]  Santosh Biswas,et al.  Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted Wi-Fi Networks , 2015, IEEE Communications Letters.

[5]  Jeehyeong Kim,et al.  Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography , 2016, 2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia).

[6]  Seong-Moo Yoo,et al.  The Insecurity of Wireless Networks , 2012, IEEE Security & Privacy.

[7]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[8]  Frank Piessens,et al.  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , 2017, CCS.

[9]  G. Dimitrakopoulos,et al.  Intelligent Transportation Systems , 2010, IEEE Vehicular Technology Magazine.

[10]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[11]  V. Kumar,et al.  Detection of stealth Man-in-the-Middle attack in wireless LAN , 2012, 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing.

[12]  A. Velmurugan,et al.  High Speed VLSI Design CCMP AES Cipher for WLAN (IEEE 802.11i) , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[13]  Cliff Changchun Zou,et al.  Parallel active dictionary attack on WPA2-PSK Wi-Fi networks , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[14]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[15]  Sunghyun Cho,et al.  Secure Authentication and Four-Way Handshake Scheme for Protected Individual Communication in Public Wi-Fi Networks , 2018, IEEE Access.

[16]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[17]  Andrei V. Gurtov,et al.  Lightweight authentication and key management on 802.11 with Elliptic Curve Cryptography , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).