Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Why security standards sometimes fail
Communications of the ACM
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Your 80211 wireless network has no clothes
IEEE Wireless Communications
A note on the fragility of the "Michael" message integrity code
IEEE Transactions on Wireless Communications
Detecting spoofing attacks in mobile wireless environments
SECON'09 Proceedings of the 6th Annual IEEE communications society conference on Sensor, Mesh and Ad Hoc Communications and Networks
Improved key management scheme for IEEE 802.11
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Hi-index | 0.00 |
The IEEE 802.11 Wireless LAN standard has been designed with very limited key management capabilities, using up to 4 static, hong term, keys, shared by all the stations on the LAN. This design makes it quite difficult to fully revoke access from previously-authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt traffic generated by other hosts on the wireless LAN.This paper proposes WEP*, a lightweight solution to the host-revocation problem. The key management in WEP* is in the style of pay-TV systems: The Access Point periodically generates new keys, and these keys are transferred to the hosts at authentication time. The fact that the keys are only valid for one re-key period makes host revocation possible, and scalable: A revoked host will simply not receive the new keys.Clearly, WEP* is not an ideal solution, and does not address all the security problems that IEEE 802.11 suffers from. However, what makes WEP* worthwhile is that it is 100% compatible with the existing standard. And, unlike other solutions, WEP* does not rely on external authentication servers. Therefore, WEP* is suitable for use even in the most basic IEEE 802.11 LAN configurations, such as those deployed in small or home offices. A WEP* prototype has been partially implemented using free, open-source tools.