IEEE 802.11无线局域网的逐包认证

Muhammad Junaid, M. Akbar, M. Mufti
{"title":"IEEE 802.11无线局域网的逐包认证","authors":"Muhammad Junaid, M. Akbar, M. Mufti","doi":"10.1109/INMIC.2008.4777737","DOIUrl":null,"url":null,"abstract":"Wireless Networks call for enhanced confidentiality, integrity and authenticaton services because of their inherent weakness of ubiquitous signals. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) has been recently employed to provide security to IEEE 802.11 Wireless LANs. It has been shown in our earlier published work that CCMP is vulnerable to Time Memory Trade off (TMTO) attack. To overcome the said vulnerability, this paper presents a design and description of strengthening the security of WLAN packets using Per-Packet security mechanism. The architecture of Per-Packet security mechanism involves introduction of Per-Packet Authentication and Secret Nonce. The proposed Per-Packet Authentication protocol is a continuous challenge response process operating throughout the session. The Per-Packet authentication promptly secures the connection against unauthorized access by immediately discarding the packet if Per-Packet Authentication fails. We have proposed to derive the Nonce from the session key and keep it secret. Since the nonce is unique and secret, it provides freshness and unpredictability. The freshness provides protection against replay attacks, the unpredictability of Nonce prevents pre-computation attack. Same Nonce is used as a challenge-text from authenticator to supplicant. Per packet Security mechanism strengthens the security of authentication mechanism and counter mode operation irrespective of the security of causal encryption algorithm.","PeriodicalId":112530,"journal":{"name":"2008 IEEE International Multitopic Conference","volume":"30 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Per Packet Authentication for IEEE 802.11 wireless LAN\",\"authors\":\"Muhammad Junaid, M. Akbar, M. Mufti\",\"doi\":\"10.1109/INMIC.2008.4777737\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Wireless Networks call for enhanced confidentiality, integrity and authenticaton services because of their inherent weakness of ubiquitous signals. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) has been recently employed to provide security to IEEE 802.11 Wireless LANs. It has been shown in our earlier published work that CCMP is vulnerable to Time Memory Trade off (TMTO) attack. To overcome the said vulnerability, this paper presents a design and description of strengthening the security of WLAN packets using Per-Packet security mechanism. The architecture of Per-Packet security mechanism involves introduction of Per-Packet Authentication and Secret Nonce. The proposed Per-Packet Authentication protocol is a continuous challenge response process operating throughout the session. The Per-Packet authentication promptly secures the connection against unauthorized access by immediately discarding the packet if Per-Packet Authentication fails. We have proposed to derive the Nonce from the session key and keep it secret. Since the nonce is unique and secret, it provides freshness and unpredictability. The freshness provides protection against replay attacks, the unpredictability of Nonce prevents pre-computation attack. Same Nonce is used as a challenge-text from authenticator to supplicant. Per packet Security mechanism strengthens the security of authentication mechanism and counter mode operation irrespective of the security of causal encryption algorithm.\",\"PeriodicalId\":112530,\"journal\":{\"name\":\"2008 IEEE International Multitopic Conference\",\"volume\":\"30 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE International Multitopic Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INMIC.2008.4777737\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE International Multitopic Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INMIC.2008.4777737","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

无线网络要求增强保密性、完整性和认证服务,因为其固有的弱点无处不在的信号。计数器模式密码块链消息认证码协议(CCMP)最近被用于为IEEE 802.11无线局域网提供安全性。我们之前发表的研究表明,CCMP容易受到时间记忆交换(TMTO)攻击。为了克服上述漏洞,本文提出了一种利用逐包安全机制加强无线局域网数据包安全性的设计和描述。逐包安全机制的体系结构包括引入逐包认证和秘密密码。提出的逐包认证协议是一个在整个会话中持续运行的质询响应过程。如果Per-Packet authentication失败,则立即丢弃报文,以确保连接不被非法访问。我们建议从会话密钥派生Nonce并对其保密。由于nonce是独特而神秘的,它提供了新鲜感和不可预测性。新鲜度提供了对重放攻击的保护,Nonce的不可预测性防止了预计算攻击。相同的Nonce用作验证者向请求者发送的质询文本。单包安全机制不考虑因果加密算法的安全性,加强了认证机制和反模式操作的安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Per Packet Authentication for IEEE 802.11 wireless LAN
Wireless Networks call for enhanced confidentiality, integrity and authenticaton services because of their inherent weakness of ubiquitous signals. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) has been recently employed to provide security to IEEE 802.11 Wireless LANs. It has been shown in our earlier published work that CCMP is vulnerable to Time Memory Trade off (TMTO) attack. To overcome the said vulnerability, this paper presents a design and description of strengthening the security of WLAN packets using Per-Packet security mechanism. The architecture of Per-Packet security mechanism involves introduction of Per-Packet Authentication and Secret Nonce. The proposed Per-Packet Authentication protocol is a continuous challenge response process operating throughout the session. The Per-Packet authentication promptly secures the connection against unauthorized access by immediately discarding the packet if Per-Packet Authentication fails. We have proposed to derive the Nonce from the session key and keep it secret. Since the nonce is unique and secret, it provides freshness and unpredictability. The freshness provides protection against replay attacks, the unpredictability of Nonce prevents pre-computation attack. Same Nonce is used as a challenge-text from authenticator to supplicant. Per packet Security mechanism strengthens the security of authentication mechanism and counter mode operation irrespective of the security of causal encryption algorithm.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信