DoS and authentication in wireless public access networks
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
WLAN Security: Current and Future
IEEE Internet Computing
Analysis of the 802.11i 4-way handshake
Proceedings of the 3rd ACM workshop on Wireless security
A modular correctness proof of IEEE 802.11i and TLS
Proceedings of the 12th ACM conference on Computer and communications security
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
EURASIP Journal on Wireless Communications and Networking
On Security Vulnerabilities of Null Data Frames in IEEE 802.11 Based WLANs
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Wireless LAN security and IEEE 802.11i
IEEE Wireless Communications
Hi-index | 0.00 |
The current 802.11i standard can provide data confidentiality, integrity and mutual authentication in enterprise Wireless Local Area Networks (WLANs). However, secure communication can only be provided after successful authentication and a robust security network association is established. In general, the wireless link layer is not protected by the current standard in WLANs, which leads to many possible attacks, especially in public open-access wireless networks. We argue that regardless of the type of network under consideration, link-layer protection and data confidentiality are of great importance in wireless applications. In this paper, we first identify and analyze the security issues ignored by the current 802.11 security standard. Then we propose our solution to patch the current 802.11i standard and address all those issues with a new dummy authentication key-establishment algorithm. Dummy means no real authentication for a user. In dummy authentication, we apply public-key cryptography's key-establishment technique to the 802.11 MAC protocol. Our solution can provide link-layer data encryption in open-access wireless networks, separate session encryption keys for different users, and protection for important frames such as management and null data frames as well as Extensible Authentication Protocol (EAP) messages.