Per Packet Authentication for IEEE 802.11 wireless LAN

Abstract

Wireless Networks call for enhanced confidentiality, integrity and authenticaton services because of their inherent weakness of ubiquitous signals. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) has been recently employed to provide security to IEEE 802.11 Wireless LANs. It has been shown in our earlier published work that CCMP is vulnerable to Time Memory Trade off (TMTO) attack. To overcome the said vulnerability, this paper presents a design and description of strengthening the security of WLAN packets using Per-Packet security mechanism. The architecture of Per-Packet security mechanism involves introduction of Per-Packet Authentication and Secret Nonce. The proposed Per-Packet Authentication protocol is a continuous challenge response process operating throughout the session. The Per-Packet authentication promptly secures the connection against unauthorized access by immediately discarding the packet if Per-Packet Authentication fails. We have proposed to derive the Nonce from the session key and keep it secret. Since the nonce is unique and secret, it provides freshness and unpredictability. The freshness provides protection against replay attacks, the unpredictability of Nonce prevents pre-computation attack. Same Nonce is used as a challenge-text from authenticator to supplicant. Per packet Security mechanism strengthens the security of authentication mechanism and counter mode operation irrespective of the security of causal encryption algorithm.