Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.2.417

Efficient Wi-Fi Security Protocol Using Dual Tokens  

Lee, Byoungcheon (Department of Information Security, Joongbu University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.2, 2019 , pp. 417-429 More about this Journal
Abstract
WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.
Keywords
Wi-Fi security; WPA2; WPA3; randomized token authentication; dual tokens;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Kevin Benton, The Evolution of 802.11 Wireless Security, UNLV Informatics, Spring 2010. https://benton.pub/research/benton_wireless.pdf
2 Wi-Fi Protected Access II (WPA2), IEEE 802.11i-2004.
3 Michael B. Jones and Dick Hardt, "The OAuth 2.0 authorization framework: bearer token usage," RFC 6750, Oct. 2012.
4 Michael B. Jones, John Bradley, and Nat Sakimura, "JSON web token (JWT)," RFC 7519, May 2015.
5 Justin Richer, William Mills, Hannes Tschofenig, and Phil Hunt, "OAuth 2.0 message authentication code (MAC) tokens," Internet-Draft, Jan. 15, 2014. https://tools.ietf.org/id/draft-ietf-oauth-v2-http-mac-05.html
6 Eric Rescorla, "HTTP over TLS," RFC 2818, May 2000.
7 Byoungcheon Lee, "Strengthening of token authentication using time-based randomization," Journal of Security Engineering, 14(2), pp. 103-114, Apr. 2017.   DOI
8 Dan Harkins, Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008), pp. 839-844, Aug. 2008.
9 Dan Harkins and Warren Kumari, Opportunistic Wireless Encryption, RFC 8110, Mar. 2017.
10 Mathy Vanhoef and Frank Piessens, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1313-1328, Nov. 2017.
11 Byoungcheon Lee, "Stateless randomized token authentication for performance improvement of OAuth 2.0 MAC token authentication", Journal of The Korea Institute of Information Security & Cryptology, 28(6), pp. 1343-1354, Dec. 2018.   DOI
12 WPA3, https://www.wi-fi.org/
13 Scott Fluhrer, Itsik Mantin, and Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4", Selected Areas of Cryptography: SAC 2001, Lecture Notes in Computer Science 2259, pp. 1-24, Mar. 2001.