Security improvements of IEEE 802.11i 4-way handshake scheme

One of the key components of IEEE 802.11i authentication protocol to defend against various malicious attacks is its 4-way handshake scheme. However, since Message 1 in the handshake scheme has not been protected by the Message Integrity Code (MIC), the original 4-way handshake scheme specified by the IEEE standard is vulnerable to the Denial of Service (DoS) attacks and DoS flooding attacks. Several countermeasures have been proposed in the literatures to prevent these attacks. However, they have ignored the feasibility of the solutions and the performance of them against the DoS flooding attacks. Motivated by these, in this paper, two security schemes, namely Message 1 Authentication and Supplicant Active Protection are proposed to protect wireless LAN networks free from the DoS attacks. Based on the analysis and formal verification by Colored Petri Nets (CPN), our proposed schemes could provide stronger secure functionality and outperform the existing schemes in the scenario under the Message 1 flooding attacks.

[1]  N. Manivannan,et al.  Alternative Pair-wise Key Exchange Protocols (IEEE 802.11i) in Wireless LANs , 2006, 2006 International Conference on Wireless and Mobile Communications (ICWMC'06).

[2]  John C. Mitchell,et al.  Security Analysis and Improvements for IEEE 802.11i , 2005, NDSS.

[3]  Jun Li,et al.  Security Verification of 802.11i 4-Way Handshake Protocol , 2008, 2008 IEEE International Conference on Communications.

[4]  Lars Michael Kristensen,et al.  Introduction to Modelling and Validation , 2009 .

[5]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[6]  Floriano De Rango,et al.  Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i , 2006, EURASIP J. Wirel. Commun. Netw..

[7]  John C. Mitchell,et al.  Analysis of the 802.11i 4-way handshake , 2004, WiSe '04.

[8]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[9]  Kurt Jensen Coloured Petri Nets , 1992, EATCS Monographs in Theoretical Computer Science.