Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Secure WPA-PSK Protocol Resistant to Dictionary Attack on Smartphone Communication Using Wi-Fi Channel

Wi-Fi를 이용한 스마트폰에서 사전 공격에 안전한 WPA-PSK 프로토콜

  • 박근덕 (호서대학교 컴퓨터공학부) ;
  • 박정수 (호서대학교 정보보호학과) ;
  • 하재철 (호서대학교 정보보호학과)
  • Received : 2012.01.25
  • Accepted : 2012.04.12
  • Published : 2012.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, smartphone communications using Wi-Fi channel are increasing rapidly to provide diverse internet services. The WPA security protocol was used for data protection between user and wireless AP. However, WPA-PSK protocol was known to be weak to the dictionary attack. In this paper, we proposed a secure WPA-PSK protocol to resist the dictionary attack. Since the proposed method was designed to generate a strong encryption key which is combined the Diffie-Hellman key agreement scheme with secrecy property of PSK(Pre-Shared Key), we can protect the Wi-Fi channel from Man-In-The-Middle attack and Rogue AP impersonation attack.

최근 스마트폰에서는 Wi-Fi 통신 기술을 이용한 인터넷 서비스가 활성화 되어 있으며 스마트폰 사용자와 무선 AP(Access Point)간의 전송 데이터 보호를 위해 WPA 보안 프로토콜을 사용하고 있다. 하지만 WPA-PSK 프로토콜의 경우 사전 공격(dictionary attack)에 매우 취약한 특성을 보이고 있다. 따라서 본 논문에서는 WPA-PSK에서 발생하는 사전 공격을 방어할 수 있는 안전한 WPA-PSK 프로토콜을 제안하고자 한다. 제안 프로토콜에서는 Diffie-Hellman 키 합의 기술과 PSK(Pre-Shared Key)의 비밀 속성을 접목하여 암호화키를 생성하도록 설계하였기 때문에 사전 공격은 물론 외부자의 의한 중간자 공격(Man-In-The-Middle attack) 그리고 Rogue AP 위장 공격도 방어할 수 있다.

Keywords

References

  1. Wi-Fi Alliance, "The State of $Wi-Fi^{(R)}$ Security Wi-Fi $CERTIFIED^{TM}$ $WPA2^{TM}$ Delivers Advanced Security to Homes, Enterprises and Mobile Devices", pp. 1-15, Wi-Fi Alliance, 2009.
  2. H. Berghel, "Wireless Infidelity I:War Driving", Comm. of the ACM, vol. 47, no. 9, pp. 21-26, 2004. https://doi.org/10.1145/1015864.1015879
  3. IEEE Computer Society, "IEEE Std 802.11b-1999", pp. 1-90, IEEE, 1999.
  4. S. R. Fluhrer, I. Mantin, and A. Shamir, "Weaknesses in the key scheduling algorithm of RC4" Proceeding of SAC '01: Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography. London, UK: Springer-Verlag, pp. 1-24, 2001.
  5. A. Stubblefield, J. Ioannidis, and A. D. Rubin, "A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)", ACM Transactions on Information and System Security, vol. 7, no. 2, pp. 319-332, 2004. https://doi.org/10.1145/996943.996948
  6. IEEE Computer Society, "IEEE Std 802.11i-2004", pp. 1-1233, IEEE, 2004.
  7. G. Lehembre, "Wi-Fi security - WEP, WPA and WPA2", pp. 1-14, hakin9, 2005.
  8. D. Welch, S. Lathrop, "Wireless Security Threat Taxonomy", Information Assurance Workshop 2003. IEEE Systems. Man and Cybernetics Society, pp. 76-83, 2003.
  9. W. Diffie and M. E. Hellman, "New directions in cryptography", IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, 1976.
  10. C. D. Mano and A. Striegel, "Resolving WPA Limitations in SOHO and Open Public Wireless Networks", Wireless Communications and Networking Conference, WCNC 2006, pp. 617-622, 2006.
  11. J. F. Raymond, A. Stiglic, "Security Issues in the Diffie-Hellman Key Agreement Protocol", IEEE Trans. on Information Theory, pp. 1-27, 2000.
  12. I. Martinovic, F. A. Zdarsky, A. Bachorek, C. Jung, J. B. Schmitt, "Phishing in the Wireless : Implementation and Analysis", IFIP International Federation for Information Processing, vol. 232, pp. 145-156, 2007. https://doi.org/10.1007/978-0-387-72367-9_13
  13. F. M. Halvorsen, O. Haugen, "Cryptanalysis of IEEE 802.11i TKIP", Norwegian University of Science and Technology, June, 2009. Available at http://hirte.aircrack-ng.org/tkip_master.pdf
  14. Y. S. Kang, K. H. Oh, B. H. Chung, K. I. Chung, "Wireless LAN Security Standard IEEE 802.11i", TTA Journal No 99, pp.124-129, June 2005.
  15. Korea Internet and Security Agency, "Wireless LAN Security Guidebook", 2010.