SECURE AND EFFICIENT KEY EXCHANGE MECHANISM IN IEEE 802.11

Abstract

Since the IEEE 802.11 standard was released in its first version in 1997, IEEE 802.11 based wireless LANs (also called WLANs) quickly evolved to the most commonly used technology to wirelessly connect devices to an IP network. However, due to lack of security mechanisms, major security amendments have been done in the draft of IEEE 802.11i in 2004. In IEEE 802.1 1i for authentication purpose, Extensible Authentication Protocol (EAP) and for key exchange, 4-way handshake protocol is used. Authentication gives the ability to authenticator and supplicant to check and prove each other's identity. Key exchange provides the facility to exchange shared secret between authenticator and supplicant which is used for encrypting the data or we can say for transmitting the data with confidentiality. The key exchange mechanism provided in IEEE 802.11 i is not secure because of its Message I or 1 Sf message sent from authenticator to supplicant. The Message 1 of 4-way handshake protocol does not have any type of encryption and can be forged.: This makes it vulnerable to Denial of Service (DoS) attack and Dictionary attack. Due to the existing design flaws, 4-way handshake is incapable in providing the required security and performance. We propose a new technique for key exchange which is able to provide an enhance security in comparison with 4-way handshake protocol. This enhanced 3--way handshake mechanism is able to provide security against DoS attacks, dictionary attacks and passive attacks. In 3-Way handshake mechanism, three messages are exchanged for generating the pairwise transient key (PTK). The messages which are transmitted in. the proposed mechanism are encrypted using New Encryption Key (NEK). This NEK is generated with the help of Pairwise Master Key (PMK) and second Pre-Shared Key (SPK). The proposed model has been verified analytically and simulated using CPN Tool and results show that in addition with enhanced security, our mechanism performs better and can reduce the communication and computation overheads.