Professional Documents
Culture Documents
Abstract
Due to the lack of security in IEEE 802.11b, 1EEE
802.I I i that can provide strung secun.9 is proposed.
However, most users use WLAN (Wireless Local Area
Networks) to do web-sutjing so that 1EEE 802. I I i has
needless de1u.w and computational overheads. And
eveti though the rtode authentication is performed in
wireless domain between !jtatiun (STA) ami Access
Poirit (AP) in IEEE 802.1 I, rhe nialicious iiode can
masquerade itself as if the authenticated STA, and then
it can transmit puckers to the AP. Although TKiP
(Temporul Key Integrity Protocol) and CCMP (CTR
with CBC-MAC Protocol) w e used in IEEE 802.lli,
they huve treedless features for device with limited
abilip. Therefi)re, iu this paper, she Lightweight
Packet Authenticdm (LIPA) is proposed arid whose
pelformance is compared with those of TKIP und
CCMP.
1. Introduction
Even though IEEE 802.lIb [I] is a popular
technology and have been studied since wireless
networks are developed, it has still some security
vulnerabilities [2] so that IEEE 802.1 l i [3] is proposed
to provide higher security for WLAN (Wireless Local
Area Network). IEEE 802.1 l i can provide higher
security, but it has a lot of delays and computational
overheads for do that. So it is not suitable for mobile
equipments which have limited battery and computing
power. Most users use WLAN simply to do websurfing with short time delay [4], while the Internet
banking needs higher security.
in wireless environments including IEEE 802.1 1,
the first-hop [5] of between Station (STA) and Access
Point (AP)is implemented by the wireless equipments
as shown in Figure I ; therefore, anyone can attach to
AP without any special physical line. The node
authentication is needed to check whether
authenticated users or not, but an opponent can pretend
[a
268
flA
<
~p
Router
Intcrnct
Router
Destination
TA
M+LA+Mh+
First-hap
End-bEnd security
>
FrugmenMlsl
MIC key
MSDU + MIC
security is
269
MPW
Kcyld
F2
Plaintex1
x,
= (TK)Z
0
i= 1
CCMP
huwlcr
L*/2,z'
I
:Authenticah
3.2.
field.
Sending packet
= original packet 11
AStreamSeqrrcnceNumber
Equation (1)
On receiving the packet, the receiver checks the
packet authentication by the packet authentication
verification.
Generally, iEEE 802.11 does not support the
reordering mechanism of the unicast packet. The
receiver checks out the Sequence Number of the
receiving packet, and the packet is discarded if it is
270
4. Performance Analysis
i
Fram
Cimtrol
Duration A d d m
nD
1
Addrcw
Addm
Sequence
Control
AE3
m
Add-
Pxket
"S
27 1
. X ^
~"
,,
,,
,.
,.
.,
.,
..............................................................
~~
Stream
(a) S k e y d
lRZbhwk
-,--
Authmtication
__L1_(
[77 ..*1 -
&byte
...
I
Stream
(b) SkeySIOI
Overhead of LIPA
Because CCMP encrypts message itself and key
using AES operation, it has larger overheads for the
packet authentication and longer delays, so that it has
slower speed, especially when the message is very long
and many messages. On the other hand, LIPA encrypts
only SKey by AES and uses simple shifting operation
so that it has much less overheads and higher packet
authentication than CCMP.
Figure 8 shows the cumulative delay as the
transmitted number of packets in a session. As the
number of transmitting packets is getting larger, LIPA
has less delay. The message length is assumed to be
260 bytes.
The delay per the number of transmitting packet in
a session is shown in Figure 9. LIPA has less delay
than CCMP because CCMP, has longer operation
delays than LIPA. LIPA needs once AES operation per
a message.
272
6. References
[ I ] "Networks-specific Requirements-part I I: Wireless Lan
Medium Access Control (MAC) And Physical Layer (PHY)
Specifications, " IEEE STD 8UZ.lI-1997,Nov. 18, 1997, pp.
i-445.
[2] N. Cam-Winget, R. Housley, D.Wagner, and J. Walker,
"Wirelcss networking security: Security flaws in 802.1 I data
link protocols, '' Communicutions of tlir ACM, May 2003,
vol. 46, no. 5, pp. 35-39.
[3] "IEEE Standard for Infomation technologyTelecommunications and information exchange between
systems- Local and metropolitan area networks- Specific
requirements Part 1 I: Wireless LAN Medium Access
Control (MAC) and Physical Layer (PHY) specifications
Amendment 6: Medium Access Control (MAC) Security
Enhancements, " IEEE Std 802.I I i-ZOW, 2004, pp. 0-1- 175.
[4] Korea Internet Information Center, "The end of 2003
state of informal report (Summary)," M i n i s f q ufInfurnzirriun
and cvmrnunication republic uf Korea, site ut:
hrrp://www.mic.go.kr/noticr/ind~.~-view.j~p
?idx=3400&puge
-no= I&node=&FetOption= &kevword=.
5. Conclusion
[7]
273