Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography

@article{Noh2016SecureKE,
  title={Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography},
  author={Jaewon Noh and Jeehyeong Kim and Giwon Kwon and Sunghyun Cho},
  journal={2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia)},
  year={2016},
  pages={1-4}
}
This paper proposes authentication and key exchange scheme to communicate between users securely in small scale Wi-Fi networks. [] Key Method Using public key system, a station and an access point exchange a secondary key which user selects. This key is used for pairwise key generation. Through the proposed scheme, the network can protect users from several attacks in the same Wi-Fi network.

Figures from this paper

Secure Authentication and Four-Way Handshake Scheme for Protected Individual Communication in Public Wi-Fi Networks
TLDR
An elliptic curve public key cryptography concept is applied to the proposed scheme to keep the key safe and provides more security level, 192 bits or 256 bits, compared with the conventional WPA2-PSK-based public Wi-Fi networks.
Elliptic Curve Cryptography Based Mechanism for Secure Wi-Fi Connectivity
TLDR
This paper proposes an alternative to the existing mechanism for authentication and re-authentication during connection establishment and client handover, respectively that use Elliptic Curve Cryptography, a public key encryption technique and is immune to theexisting vulnerabilities of WPA2 PSK.
Enhanced WPA2/PSK for Preventing Authentication Cracking
  • Chin-ling Chen, Supaporn Punya
  • Computer Science
    Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
  • 2020
TLDR
The weakness of 4-way handshake procedure in Wi-Fi Protected Access 2/Pre-Shared Key (WPA2/PSK) is discussed and an enhance WPA2 /PSK by adding timestamp parameter to prevent authentication cracking is proposed.
A Software-defined Networking-based Detection and Mitigation Approach against KRACK
TLDR
A software-defined networking (SDN)-based detection and mitigation framework to defend against KRACK that leverages the characteristic of an SDN controller, a global view of a network, to monitor and manage a Wi-Fi network traffic.
An Integrated Two-Stage Medical Pre-Checkup and Subsequent Validation Key Agreement Authentication Mechanism
TLDR
This work integrates lightweight Exclusive-OR operations, fuzzy extractor biometric personal passwords, and a fixed-length hash operation accords with post-quantum operations to solve the problem of two-stage medical pre-checkup and subsequent validation key agreement authentication.
Hierarchical Security Paradigm for IoT Multiaccess Edge Computing
TLDR
A software-defined perimeter (SDP) framework to supplement MEC and provide added security is proposed, capable of protecting the cloud from the edge by only authorizing authenticated users at the edge to access services in the cloud.
Edge Computing Security: State of the Art and Challenges
TLDR
This paper provides a comprehensive survey on the most influential and basic attacks as well as the corresponding defense mechanisms that have edge computing specific characteristics and can be practically applied to real-world edge computing systems.
Authentication Method for WiFi Connection of Devices Based on Channel State Information
TLDR
An Authentication method for WiFi connection of device based on Channel State Information (CSI) is proposed, which can effectively prevent illegal users from connecting WiFi outside the legal area and the accuracy of correct authentication can reach about 95%.
Analysis of Control Channel Cybersecurity of the Consumer-Grade UAV by the Example of DJI Tello
TLDR
A security strategy that provides the maximum possible protection (based on the technical characteristics of the drone) and comprises not only passive protection in the form of setting a tough password, but also active actions –deploying a system to monitor the injections of deauthentication/dissociation frames and/or the creation of duplicate wireless networks.
Five-Layers SDP-Based Hierarchical Security Paradigm for Multi-access Edge Computing
TLDR
A Software-Defined Perimeter (SDP) framework to supplement MEC and provide added security is proposed, capable of protecting the cloud from the edge by only authorizing authenticated users at the edge to access services in the cloud.
...
...

References

SHOWING 1-9 OF 9 REFERENCES
Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol
  • M. Ghanem, Deepthi N. Ratnayake
  • Computer Science
    2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)
  • 2016
TLDR
This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re- Authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances.
Secure Hotspot a novel approach to secure public Wi-Fi hotspot
  • Laiju K Raju, Reena Nair
  • Computer Science
    2015 International Conference on Control Communication & Computing India (ICCC)
  • 2015
TLDR
Existing WPA2-PSK protocol is modified to generate an Instantaneous Session Key (ISK) between the client and the Access Point through secured Diffie Hellman key exchange thereby eliminating the dependency on a pre-shared key.
On the security of public key protocols
  • D. Dolev, A. Yao
  • Computer Science
    22nd Annual Symposium on Foundations of Computer Science (sfcs 1981)
  • 1981
TLDR
Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted Wi-Fi Networks
TLDR
A novel insider attack-Advanced Stealth Man-in-The-Middle (ASMiTM) that combines Stealth Man in the Middle (SMiTM) and Wireless Denial of Service (WDoS) attacks, both of which occur due to the Hole 196 vulnerability.
Security Analysis and Improvements for IEEE 802.11i
TLDR
Under the threat model, 802.11i appears to provide effective data confidentiality and integrity when CCMP is used, and may provide satisfactory mutual authentication and key management, although there are some potential implementation oversights that may cause severe problems.
Defense of WPA/WPA2-PSK Brute Forcer
  • Liu Yong-lei
  • Computer Science
    2015 2nd International Conference on Information Science and Control Engineering
  • 2015
TLDR
A series of defence schemes are proposed, including defence schemes for passive and active brute forcers, which adopt active jammer and wireless packet injection.
Defense of WPA/WPA2-PSK Brute Forcer
TLDR
A series of defence schemes are proposed, including defence schemes for passive and active brute forcers, which adopt active jammer and wireless packet injection.
An Experimental Study Analysis of Security Attacks at IEEE 802.11 Wireless Local Area Network
TLDR
The analysis and finding from this paper proved that the complexity of attacks had increased by time and the Wifi technology are becoming more dangerous to the end users and business environment.
Detection of De-Authentication DoS Attacks in Wi-Fi Networks: A Machine Learning Approach
TLDR
Experiments performed on in-house test bed shows that the proposed ML based IDS detects Deauth-DoS attack with precision (accuracy) and recall (detection rate) exceeding 96% mark.