Security Analysis and Improvements on WLANs

IEEE 802.11i standard defines the security specifications of IEEE 802.11 series Wireless Local Area Network (WLAN). It is the replacement of the old security standard named Wired Equivalent Privacy (WEP), and it aims to eliminate all known attacks against WEP. It certainly provides solutions to the confidentiality, mutual authentication and integrity aspects of the WLAN security but not the availability aspect. Many researchers have shown that IEEE 802.11i standard cannot prevent various Denial of Service (DoS) attacks including de-authentication, disassociation and memory/CPU DoS attacks. Besides, IEEE 802.11i has reserved the pre-shared key (PSK) mode of WEP for flexibility and backward compatibility. However, the PSK mode in IEEE 802.11i standard fails to provide sufficient security to prevent offline dictionary attacks and internal attacks. In this paper, we present our solutions that can effectively improve the security of IEEE 802.11i. For memory/CPU DoS attack against 4-way Handshake protocol, we propose an alternative Enhanced 3-way Handshake protocol which can effectively prevent this attack and can save computation cost compared to the original one. For the vulnerability in PSK mode, we proposed a novel Elliptic curve Diffie–Hellman (ECDH) protocol to prevent the offline dictionary attacks and internal attacks. The formal proofs of above two proposed protocols are also provided using Protocol Composition