Information Technology Reference
In-Depth Information
1 Standardization Efforts and Mutual Authorization
IEEE 801.11i is the defined standard for the IAC layer security of the wireless net-
works. We dedicate this section to discuss the IEEE 801.11i standard. The section
begins with the explaination of the security methods used for the services of authori-
zation and security in the IEEE 801.11i standard. Subsequently, we expose the vul-
nerabilities in IEEE 801.11i that render the standard prone to security attacks. These
weaknesses lead to attacks including: pre-computation and partial matching attacks;
session hijacking attacks; man-in-the-middle attacks exploiting vulnerabilities in IEEE
801.1X; and DoS attack exploiting vulnerabilities in four-way handshake. We also
briefly discuss the proposed prevention mechanisms for these attacks.
After successful distribution of the encryption key (PMK) and authorization of
supplicant using 801.1X, the supplicant (mobile device) and the authenticator (peer
mobile device) mutually authenticate each other. This process is based on the four-way
handshake. The four-way handshake is initiated when the two nodes intend to exchange
data. Although an encyption key PMK is available to both the supplicant and the au-
thenticator, this key is meant to last the entire session and should be exposed as little as
possible. The purpose of four-way handshake is to use the PMK and establish two more
keys called the Encryption Temporal Key (ETK) and Session Temporal Key (STK).
The first information of the four-way handshake is transmitted by the authenticator
to the supplicant which consists of ANonce. The supplicant uses this ANonce and
readily available fields: Supplicant nonce (SNonce); Authenticator IAC address; and
Supplicant IAC address, to generate the ETK using cryptographic hash function. The
second information of the handshake is transmitted by the supplicant to the authenti-
cator consisting of SNonce and Information Integrity Code (IIC), which is encrypted
using ETK. The authenticator is then able to generate the ETK and STK. The attached
IIC is decrypted using the generated ETK. If the IIC is successfully decrypted, then the
authenticator and the supplicant have successfully authenticated each other (Mutual
Authorization). This is because the authenticator's generated ETK will only match the
ETK transmitted by the supplicant if the two share the same PMK. Third information is
transmitted by the authenticator consisting of STK and IIC. The Last information of
fourway handshake is the acknowledgement transmitted by the supplicant. The two
nodes can exchange the data after successful four-way handshake.
ETK is used to generate Temporal Key (TK), which is used to encrypt unicast in-
formations, while the STK is used to encrypt broadcast and multicast informations. The
four-way handshake involves generation and distribution of these keys between sup-
plicant and authenticator and also leads to the mutual authorization of the two.
2 Vulnerabilities in IEEE 801.11i and Security Attacks
A number of security vulnerabilities have been identified in the IEEE 801.11i standard.
This section details these vulnerabilities, the attacks launched by exploiting the vul-
nerabilities and the available prevention mechanisms.
2.1 IEEE 801.1X Vulnerabilities
IEEE 801.1X[6] is used for key distribution and authorization in IEEE 801.11i. The
process of authorization involves three entities: Authenticator, Authorization Server
Search WWH ::
Custom Search