Song Yubo,Aiqun, H.,Kaizhi, C.

DOI: https://doi.org/10.1109/atc.2009.5349356

2009-01-01

Abstract:The WAI (WLAN authentication infrastructure), is the authentication protocol in the Chinese Wireless LAN standard. This protocol, similar as 802.11i, adopts port-based access control and involves three entities in the authentication process. The three entities named in Chinese standard are ASUE (wireless device), AE (access point) and ASE (authentication server). The WAI is composed of a mutual public key certificates authentication and a key-exchange agreement. We analyze the certificate authentication of WAI protocol using a finite-state verification tool and find that the authentication protocol can't resist the denial of service attack. Attackers can forge the messages to produce inconsistent keys in peers. Several amendments are discussed in this papers.

Han LIU,Da-wu GU,Qing-zu SHI

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.029

2005-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:The wireless local area network (WLAN) security standard made by China (WAPI)——uses public key certificates mechanism to implement two-way authentication and private communication. It provides good security solution for large-scale WLAN. However, the system based on WAPI is complex and has security flaws. The identity-based cryptosystem was adopted in WLAN to implement key agreement and two-way authentication. This scheme simplifies the system architecture and is more feasible in small-scale or middle-scale WLAN. It also overcomes the security flaws in WAPI. By the performance analysis, security analysis and contrast to WAPI, the new scheme is proved to be more suitable for small-scale or middle-scale WLAN.

Haojin Zhu

2006-01-01

Abstract:WAPI is the WLAN national standard designed by China.Based on the thorough researches on authentication process of WAPI,this paper analyzes and verifies this process with BAN logic.The result of formal analysis indicates that the authentication process of WAPI can achieve the goal of identification,data integrity and confidentiality.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Tao Xiao

2004-01-01

Abstract:With the more deployment and understanding of wireless LAN, significant problems have been exposed. A number of security concerns have been raised. Several organizations have implemented solutions that provide extra security. The 802.11 TGi group is working on new ways to produce a series of IEEE 802.1x and IEEE 802.11i. This paper analyzes security protocol of IEEE 802.1x and Chinese WAPI. The secure characters of wireless LAN are presented and discussed in detail. At the same time, the virtues of 802.1x and WAPI on WLAN are introduced.

邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

Fan Sun,Hong Wen,Yanxu Zhu,Xinchen Xu

DOI: https://doi.org/10.1109/CCPQT56151.2022.00035

2022-01-01

Abstract:Due to wireless LAN is closed to our daily life and our terminals, the malicious attack actions are easily to be launched to the open wireless broadcast channel. WAPI (Wireless LAN Authentication and Privacy Infrastructure) is one of influential standards for wireless LAN. To understand and strengthen WAPI protocol, this paper studies the security performance of WAPI protocol, analyzes the defects of WAPI protocol and the possible security threats and losses caused by the defects. A security performance evaluation strategy based on CVSS standard is also proposed, and quantitatively evaluates the security performance of WAPI protocol. According to our quantitative evaluation, it is possible to know which part of the WAPI is the security weak part, and improvement and enhanced measurement should be paid more attention in the future.

LI Yong-li,ZHAO Yu,LI Yan-wen,LIU Yan-heng

DOI: https://doi.org/10.3321/j.issn:1000-1832.2006.03.010

2006-01-01

Abstract:With the widely utilize of wireless network,the security becomes a very important issue in wireless LAN technclogy.The paper analyses wireless security technologies:encryption,authentication,key management strategies,and intrusion detection.In encryption,authentication,and key management strategies more attentions are pained to 802.11i and our country's wireless LAN protocols standard WAPI.In intrusion avoidance field,some famous attacks against wireless LAN are introduced.Last,an intrusion detection architecture for wireless LAN is put forward.

Liling Cao,Wancheng Ge

DOI: https://doi.org/10.4028/www.scientific.net/amm.401-403.1864

2013-01-01

Applied Mechanics and Materials

Abstract:The existing Extensible Authentication Protocol (EAP) based handover authentication schemes have show robust security features especially the Qi Jing et al.'s design, which not only meets the essential security requirements in handover authentication but also achieves privacy preservation. However, it still suffers pitfalls in the process of authentication. The main idea of this paper is to extend the work by Qi Jing et al. and particularly focus on the formal analysis using extending BAN logic which is more concise yet practical to use on PKI-based protocols.

Yubo Song,Chen Xi,Hu Aiqun

DOI: https://doi.org/10.1109/MINES.2009.209

2009-01-01

Abstract:The WAI (WLAN Authentication Infrastructure), which is composed of mutual certificate authentication and key agreement, is the authentication protocol in the Chinese Wireless LAN standard. In this paper, we analyze the WAI protocol using a finite-state verification tool Mur¿ and find that the authentication protocol can't resist the denial of service attack. Attackers can forge the messages to produce inconsistent keys in peers. Three Denial-of-Service attacks are discussed in this paper. Two of those attacks are occurred in the mutual certificate authentication phase and one is found in the key agreement phase. Furthermore, several amendments are discussed in this paper.

Xian-Shi Zhang,Ge-Wen Kang,Xin-Heng Wang

2009-01-01

Abstract:An analysis of WLAN security mechanisms of wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) discovers that the current literature is not totally creditable in its judgment on the security value of WEP and WPA. Based on the respective performances of WEP and WPA under certain typical attacks, this paper substantiates the judgment that WEP has quite a few vulnerabilities concerning confidentiality and integrity, but at the same time challenges the judgment on WPA with that WPA is robust enough to confront potential typical attacks and is not so unreliable as the current literature believes, although it has some vulnerabilities in its message integrity code (MIC).

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

WANG NAN,HUANG JIE,XIE CHAO

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.09.063

2007-01-01

Abstract:Public Wireless Local Area Network(PWLAN),as a new access service of public mobile data,provides a convenient wireless network service for the public.But for the opening of data transferring in the physical link layer,it results in more serious hidden security troubles than that in wire network.The paper discusses the Extensible Authentication Protocol(EAP) and its implementation technology based on IEEE802.1 x protocols.Then it presents the design and implementation of the client and authenticator peer in the EAP authentication of the PWLAN.The test results verify that the authentication system can improve the performance of the security in PWLAN effectively.

吴越,史小红,曹秀英,毕光国

DOI: https://doi.org/10.3969/j.issn.0255-8297.2003.02.018

2003-01-01

Journal of Applied Sciences

Abstract:This paper describes the vulnerability of the wired equivalent privacy(WEP) protocol in current IEEE802. 11 WLAN standard, such as key sequence reuse, key management and refreshment, message authentication and integrity, etc. It also presents a security solution for WLAN based on IP Security (IPSec) and discusses the fundamental principles of data origin authentication, integrity protection, anti-replay protection and key exchange, Finally it describes their software implementations, makes a security analysis of the solution and looks into the future research.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Daoshun Wang

2006-01-01

Abstract:Firstly a comprehensive analysis on the current security and authentication technology used in WLAN is introduced.Based on all related problems,an enforced Access Point(AP)design scheme is proposed.The design and implementation of a prototype AP system,its security and authentication architecture is briefly discussed according to 802.11i framework,AES and EAP-TTLS.

Yb Song,Aq Hu

DOI: https://doi.org/10.1109/ICNNSP.2003.1281203

2003-01-01

Abstract:Wireless connectivity ability in, 'hot spots' is becoming increasingly important now. Public wireless local area network (PWLAN) provides convenient high-speed access based on IEEE 802.11 standard to the Internet. The authentication scheme provided by IEEE802.11 standard was too weak to afford a practical authentication. Many solutions such as 802.11i standard draft have proposed to resolve these security problems in WLAN environment. But they are not practicable in PWLAN, because these solutions didn't consider how to authenticate in the scene that an access controller was deployed to provide an Internet gateway between the wireless access network and the Internet. This paper proposes a new authentication scheme, which is suitable for this scene and also is compatible with 802.11i. From the security analysis, we can conclude that the scheme can offer an immediate and strong security solution for public environment.

Xiong Li,Jieyao Peng,Saru Kumari,Fan Wu,Marimuthu Karuppiah,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.compeleceng.2017.02.011

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:•We point out the security weaknesses of Liu et al.’s lightweight authentication protocol for wireless body area networks.•We propose an enhanced 1-round authentication protocol for wireless body area networks with user anonymity.•We evaluate the security features of the proposed protocol using formal analysis based on BAN logic and informal analysis.•The comparison results show that our protocol improves the security with equivalent cost.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Yue Wu,Jindan Zhu,Shaojie Kong,Ping Yi

DOI: https://doi.org/10.1109/iccit.2009.40

2009-01-01

Abstract:The emerging Wireless Mesh Networks (WMN) is a broadband access technology. However, the introduction of multi-hop and self-organization properties of WMN disables the adoption of IEEE 802.11i security scheme which is widely used in WLAN networks. This paper mainly focuses on the studies of secure authentication protocols of Mesh Security Association (MSA) architecture proposed by IEEE 802.11s task group for WLAN-based mesh networks. It first presents the security challenges of WMN, then describes the rationale of the proposed MSA mechanism especially initial MSA authentication protocol, later it gives an implementation of a Peer Link Management (PLM) protocol exchange and designs an approach to incorporate into the net80211 stack of Madwifi driver, which can cooperate with 802.11i user-space clients achieving user authentication of mesh points (MP) and the key management functionality. Finally, the experiment result shows that the PLM protocol implementation will make no significant effect on overall network performance in a single hop test case compared with IEEE802.11i authentication scheme, and concludes that MSA architecture is well suited for security solutions of WLAN based mesh networks