Lightweight key management for IEEE 802.11 wireless LANs with key refresh and host revocation

Authors:
Avishai Wool
Affiliations:
Dept. Electrical Engineering Systems, Tel Aviv University, Ramat Aviv, Israel
Venue:
Wireless Networks
Year:
2005

Citing 7
Cited 2

Intercepting mobile communications: the insecurity of 802.11

Proceedings of the 7th annual international conference on Mobile computing and networking
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Why security standards sometimes fail

Communications of the ACM
Keying Hash Functions for Message Authentication

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Networking: configuring a freeBSD access point for your wireless network

Sys Admin
Your 80211 wireless network has no clothes

IEEE Wireless Communications
A note on the fragility of the "Michael" message integrity code

IEEE Transactions on Wireless Communications

Detecting spoofing attacks in mobile wireless environments

SECON'09 Proceedings of the 6th Annual IEEE communications society conference on Sensor, Mesh and Ad Hoc Communications and Networks
Improved key management scheme for IEEE 802.11

ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers

Quantified Score

Hi-index	0.00

Visualization

Abstract

The IEEE 802.11 Wireless LAN standard has been designed with very limited key management capabilities, using up to 4 static, hong term, keys, shared by all the stations on the LAN. This design makes it quite difficult to fully revoke access from previously-authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt traffic generated by other hosts on the wireless LAN.This paper proposes WEP*, a lightweight solution to the host-revocation problem. The key management in WEP* is in the style of pay-TV systems: The Access Point periodically generates new keys, and these keys are transferred to the hosts at authentication time. The fact that the keys are only valid for one re-key period makes host revocation possible, and scalable: A revoked host will simply not receive the new keys.Clearly, WEP* is not an ideal solution, and does not address all the security problems that IEEE 802.11 suffers from. However, what makes WEP* worthwhile is that it is 100% compatible with the existing standard. And, unlike other solutions, WEP* does not rely on external authentication servers. Therefore, WEP* is suitable for use even in the most basic IEEE 802.11 LAN configurations, such as those deployed in small or home offices. A WEP* prototype has been partially implemented using free, open-source tools.