Improved Nonce Construction Scheme for AES CCMP to Evade Initial Counter Prediction

IEEE 802.11i standard offers arguably uncompromised confidentiality and integrity services by utilizing advance encryption standard in counter with cipher block chaining message authentication code protocol (AES CCMP). However the Nonce construction mechanism employed in the standard is weak, leading to Initial Counter prediction. Resultantly, the effective Key Length used for encryption is reduced from 128 to 85 bits and Time Memory Trade Off (TMTO) attack becomes a possibility. In this paper, an improved Nonce construction scheme is proposed for the AES CCMP to effectively prevent Initial Counter Prediction and the possibility of a subsequent TMTO attack. The proposed technique involves randomization of the Nonce value to make it unpredictable. The devised technique can be easily employed as a software upgrade in the existing 802.11i based Wireless Local Area Network (WLAN) devices, without any requirement of hardware up gradation.

[1]  D. Whiting IEEE P802.11 Wireless LANs, AES Encryption & Authentication Using CTR Mode & CBC-MAC , 2000 .

[2]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[3]  John C. Mitchell,et al.  Security Analysis and Improvements for IEEE 802.11i , 2005, NDSS.

[4]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Morris Dworkin,et al.  Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2003 .

[6]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[7]  R. Jueneman,et al.  Message authentication , 1985, IEEE Communications Magazine.

[8]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[9]  Morris J. Dworkin SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2004 .

[10]  David McGrew Counter Mode Security: Analysis and Recommendations , 2002 .

[11]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[12]  Palash Sarkar,et al.  Rediscovery of Time Memory Tradeoffs , 2005, IACR Cryptol. ePrint Arch..

[13]  Muhammad Junaid,et al.  Vulnerabilities of IEEE 802.11i Wireless LAN CCMP Protocol , 2007 .

[14]  Jesse Walker,et al.  Unsafe at any key size; An analysis of the WEP encapsulation , 2000 .

[15]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[16]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .