Professional Documents
Culture Documents
net/publication/344016431
CITATIONS READS
6 871
5 authors, including:
All content following this page was uploaded by Shamim Ahmed on 01 September 2020.
© 2012. A.K.M. Nazmus Sakib, Shamim Ahmed, Samiur Rahman, Ishtiaque Mahmud & Md. Habibullah Belali. This is a research/review
paper, distributed under the terms of the Creative Commons Attribution-Noncommercial 3.0 Unported License
http://creativecommons.org/licenses/by-nc/3.0/), permitting all non-commercial use, distribution, and reproduction inany medium,
provided the original work is properly cited.
WPA 2 (Wi-Fi Protected Access 2) Security
Enhancement: Analysis & Improvement
A.K.M. Nazmus Sakib α, Shamim Ahmed σ, Samiur Rahman ρ , Ishtiaque Mahmud Ѡ & Md. Habibullah
Belali¥
Abstract - WPA and WPA2 (Wi-Fi Protected Access) is a The main two problems that have been faced
certification program developed by the Wi-Fi Alliance to by the wireless network are security and signal
March 2012
indicate compliance with the security protocol created by the interference. The problem with security can never be
WiFi Alliance to secure wireless networks. The Alliance defined
solved fully but it can be minimized. Since 1990, many
the protocol in response to several weaknesses researchers
had found in the previous system: Wired Equivalent Privacy wireless security protocols have been designed and
(WEP). Many sophisticated authentication and encryption implemented, but none proved to be convincing with the
techniques have been embedded into WPA2 but it still facing a security threats that come every day with new dangers
lot of challenging situations. In this paper we discuss the to our systems and information. So, depending on the 83
benefit of WPA2, its vulnerability & weakness .This paper also business needs and requirements it is very much
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
present solutions or suggestions which will improve Wi-Fi important to address wireless network security more
Protected Access 2 (WPA2) protocol. efficiently. Through the last two decades wireless
Keywords : WPA 2, Key, Authentication, Hash Function, network researchers have come with 3 main Security
DH Algorithm,PRNG. protocols: WEP, WPA and WPA2 (Paul Arana, INFS 612
– Fall 2006). Wireless Equivalent Privacy) (WEP) was the
first default encryption protocol introduced in the first
W
ireless network has been an excellent invantion IEEE 802.11 standard, received a great deal of coverage
at the end of 20th century in inter-network due to various technical failures in the protocol. WiFi
communication. WiFi (wireless fidelity) is one of protected access (WPA) came with the purpose of
today’s leading wireless technologies (Paul Arana, INFS solving the problems in the WEP cryptography method.
612 – Fall 2006) (by George Ou. June 2 2005). WiFi First WEP, then WPA are used to secure wireless
networks based on IEEE 802.11 standard are being communications were found inadequate due to many
widely deployed in different environment due to proven vulnerabilities so a new protocol was
standardization and ease to use. It allows an Internet implemented, WiFi protected access 2 (WPA2) protocol
connection to be broadcast through radio waves. The (Paul Arana, INFS 612 – Fall 2006)( Microsoft TechNet.
waves can be picked up by WiFi receivers which is The Cable Guy. July 29 2005). WPA2 also known as
attached to computers, personal digital assistants or cell IEEE 802.11i standard is an amendment to the 802.11
phones. As the businesses expanded wireless demands standard which specifying security mechanisms for
increased and have become necessity as the day wireless networks.
passed. The networking world suffers from many
problems with networks the wireless too are also more
prone to problems. Though the problems related to The WiFi security protocol (WPA2) has not yet
wireless networks is been on constant track to be addressed many security vulnerabilities in its process of
removed but the solutions are not always perfect. authentication. The 4 process that the WPA2 has at
present are given below.
Author α : Lecturer, Department of CSE, Dhaka International University
(DIU), Dhaka, Completed B.Sc from CUET major in C.S.E.
Telephone: +8801730079790 E-mail : sakib425@gmail.com Client Authenticator
Authentication
server
Author σ : Lecturer, Department of Computer Science and Engineering
(CSE), Dhaka International University (DIU), Dhaka,
Bangladesh. Telephone: +8801672917779 Security policy agreement
E-mail : shamim.6feb@gmail.com
Author ρ : Completed B.Sc Engineering from Chittangong University of 802.1X authentication
Engineering & Technology, Bangladesh (Dept. of CSE).
E-mail : sami_mania@ymail.com Key derivation and distribution MK distribution by RADIUS
Author Ѡ : Lecturer, Department of Computer Science & Engineering,
Dhaka International University. Telephone: +8801913583238
E-mail : ishty_ju@yahoo.com RSNA data confidentiality and integrity
transmitted on air in plain text, so any attacker Authentication in the WPA2 Personal mode,
through any software can capture what a station is which does not require an authentication server and is
sending through signals in air. performed between the client and the AP generating a
x At the 3rd step also the various keys like 256-bit PSK from a plain-text pass phrase (from 8 to 63
PTK,GTK,KEK,KCK are transmitted in plain text that characters) (Paul Arana, INFS 612 – Fall 2006). The PSK
84
can be captured and used by the attacker (Paul in conjunction with the Service Set Identifier and SSID
Arana, INFS 612 – Fall 2006)( Lehembre, Guillaume, length form the mathematical basis for the Pair-wise
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
Radius access
Radius identity
March 2012
EAP messages specific to the chosen method
MK derivation MK derivation
Radius accept
85
802.1X/EAP success
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
Fig: 2. 802.1x authentication [6]
Step3 : Client calculates the message digest of
the string by applying hash algorithm and sends the
Request for
communication & send
AP
out a string
Client challenging string value and its ISSI number to A.P.
Step4 : A.P also calculates the message digest
for the corresponding string & send to the Client. Only
Send out a string as a
challenge to M.S
the legitimate A.P & Client knows the hash algorithm.
But the evil M.S is not able to produce correct value for
AP Client
the given string.
Calculate
A.P & Client compare the corresponding
Calculate
the string the string message digest value. If it match then continue further
communication ,Otherwise, ceases the communication
immediately..
Hash Hash
Message
Function Function
Message
digest
f) WPA2 Key Generation
digest
Key generation is accomplished by means of
Send message digest
two handshakes: a 4-Way Handshake for PTK (Pair wise
AP Client
Transient Key) and GTK (Group Transient Key)
Send message digest
derivation and a Group Key Handshake for GTK
renewal. The 4-Way Handshake is accomplished by four
If different ceases If different ceases
EAPoL-Key messages between the client and the AP, is
communication If same, then continue communication initiated by the access point and performs the following
Check
communication
Check tasks:
x Confirm the client’s knowledge of the PMK. The
PMK derivation, required to generate the PTK, is rely
Fig: 3. Authentication in secure way
on the authentication method used. In WPA2
Personal mode the PMK is derived from the
e) Secure Authentication process by using Hash authentication PSK and for WPA2 Enterprise mode
function the PMK is derived from the authentication MK (Paul
The security steps are as follows: Arana, INFS 612 – Fall 2006) (key hierarchy in Fig.
Step1: Client request for communication & send 6).
out a string as a challenge to A.P. x Derive a fresh PTK, which is comprised of three
Step2 : A.P also sends out a string as a types of keys: KCK (Key Confirmation Key – 128
challenge to Client. bits) used to check the integrity of EAPoL-Key
frames, Key Encryption Key(KEK – 128 bits) used to
known as prime number 'P' and 'G', 'G' is a primitive root Blum Blum Shub, Fortuna and Mersenne twister.
of P. ‘a’ is the private key of Client, and ‘b’ is the private
a Blum Blum Shub (B.B.S.) is a pseudorandom
key of A.P. Client’s public key is PK = G mod P and
Client number generator proposed in 1986 by Lenore Blum,
b
A.P's public key is PK = G Manuel Blum and Michael Shub (Blum et al., 1986).
AP
86 The DH key exchange protocol is described as Blum Blum Shub takes the form:
follows where both A.P and Client exchange keys.
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
Acquire
No. P & G where M=pq is the product of two large
primes p and q. At each step of the algorithm,
some output is derived from xn+1; the output is
commonly either the bit parity of xn+1 or one or more
Client
AP Taken
private value of the least significant bits of xn+1.
a&b
The seed x0 should be an integer that's not
a
b 1 or co-prime to M (ie. p and q are not factors of x0).
The two primes, p and q, should both be
Compute
Compute congruent to 3 (mod 4) (this guarantees that each
Public Key
Public Key
Y=G^b mod quadratic residue has one square root which is also
X=G^a mod
P
P
a quadratic residue) and gcd(φ(p-1), φ(q-1)) should
be small (this makes the cycle length large).
An interesting characteristic of the Blum
Send public key Y Blum Shub generator is the possibility to calculate
Receive Client’s
Receive A.P’s
Public key Y any xi value directly (via Euler's Theorem):
Public key Y
Ka=(PKA.P)^a Ka=(PKClient)^b
a) Mersenne Twister
Encryption by key
Encryption by key The Mersenne twister is a pseudorandom
Kb
Ka
number generator developed in 1997 by Makoto
Matsumoto and Takuji Nishimura that is based on a
Fig: 4. Symmetric Key generation matrix linear recurrence over a finite binary field F2. It
provides for fast generation of very high-quality
pseudorandom numbers, having been designed
specifically to rectify many of the flaws found in older
algorithms.
A pseudorandom number generator (PRNG) is Its name derives from the fact that period length
an algorithm for generating a sequence of numbers that is chosen to be a Mersenne prime. There are at least
approximates the properties of random numbers. The two common variants of the algorithm, differing only in
sequence is not truly random in that it is completely the size of the Mersenne primes used. The newer and
© 2012 Global Journals Inc. (US)
more commonly used one is the Mersenne Twister
MT19937, with 32-bit word length. There is also a variant
with 64-bit word length, MT19937-64, which generates a In order to achieve the 2nw − r − 1 theoretical
different sequence. upper limit of the period in a TGFSR, φB(t) must be a
For a k-bit word length, the Mersenne Twister primitive polynomial, φB(t) being the characteristic
generates numbers with an almost uniform distribution polynomial of
in the range [0,2k − 1].
March 2012
TGFSR) of rational normal form (TGFSR(R)), with state
bit reflection and tempering. It is characterized by the
following quantities:
x w: word size (in number of bits)
x n: degree of recurrence 87
x m: middle word, or the number of parallel
sequences, 1 ≤ m ≤ n
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
x r: separation point of one word, or the number of The twist transformation improves the classical
bits of the lower bitmask, 0 ≤ r ≤ w - 1 GFSR with the following key properties:
x a: coefficients of the rational normal form twist
matrix x Period reaches the theoretical upper limit 2nw − r − 1
x b, c: TGFSR(R) tempering bitmasks (except if initialized with 0)
x s, t: TGFSR(R) tempering bit shifts x Equidistribution in n dimensions (e.g. linear
x u, l: additional Mersenne Twister tempering bit shifts congruential generators can at best manage
with the restriction that 2nw − r − 1 is a Mersenne reasonable distribution in 5 dimensions)
prime. This choice simplifies the primitivity test and As like TGFSR(R), the Mersenne Twister is
k-distribution test that are needed in the parameter cascaded with a tempering transform to compensate for
search. the reduced dimensionality of equidistribution (because
For a word x with w bit width, it is expressed as of the choice of A being in the rational normal form),
the recurrence relation which is equivalent to the transformation A = R →
A = T−1RT, T invertible. The tempering is defined in the
case of Mersenne Twister as
x Sn = Sn − 1 + Sn − 2
the first "random" number is repeated and the
x Hence, the new term is the sum of the last two
sequence restarts).
terms in the sequence. This can be generalized to
x It is required that at least one of the first k values
the sequence:
chosen to initialize the generator be odd.
x x It has been suggested that good ratios between j
88 x In which case, the new term is some combination of and k are approximately the golden ratio
any two previous terms. m is usually a power of 2
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
March 2012
<http://www.informationweek.com/story/showArticle Secrecy”- A.K.M. NAZMUS SAKIB1 , Global Journal
. jhtml?articleID=177105338> of Computer Science & Technology, Volume 11
9. "Extensible Authentication Protocol." Wikipedia, Free Issue 16 Version 1.0 August/September 2011.
Encyclopedia. Nov. 26 2006, 15:39 UTC. Wikimedia 22. “Secure Authentication & Key Exchange Technique
Foundation,Inc. Nov27 2006 <http:// en.wikipedia. for IEEE 802.16e by using Cryptographic
org/w/index.php?title=Extensible_Authentication_Pr Properties”, A.K.M. Nazmus Sakib1, International 89
otocol&oldid =90231401>. Journal of Engineering Research and Applications,
Global Journal of Computer Science and Technology Volume XII Issue VI Version I
10. Gupta Ashok and Buthmann, Theresa. “The Bell Vol 1 Issue 3, 2011
Labs Security Framework: Making the case for End-
to-End Wi-Fi Security”. LucentTechnologies Sep. 11
2006 (15). <http://www.lucent.com/livelink/
09009403800aa8c9_White _paper.pdf>
11. Epstein Joe. “802.11w fills wireless security holes”.
Network World Apr. 3 2006 <http:// www.network
world.com /news/tech/2006/040306-80211w-
wireless-security.html>
12. Wright Joshua. “How 802.11w will improve wireless
security”. Network World May 29 2006
<http://www.net workworldcom/columnists/2006/
052906-wireless security.html>
13. Wright Joshua. “802.11w security won’t block DoS
attacks”. Tech World Jun. 14 2006
<http://www.techworld.com/security/features/index.
cfm?featureID=2599&pagetype=samecatsamchan
>
14. Sood Kapil and Eszenyi Mathew. “Secure
Management of IEEE 802.11 Wireless LANs”. Intel
Software Network <http://www3.intel.com/cd/ ids/
developer/asmona/eng/dc/mobile/287462.htm>
15. Strand Lars. “802.1X Port-Based Authentication
HOWTO”. The Linux Documentation Project Oct. 18
2004.<http://tldp.org/HOWTO/html_single/8021XH
OWTO>
16. Bellardo John and Savage Stefan. “802.11 Denial-
of-Service Attacks: Real Vulnerabilities and Practical
Solutions” USENIX 2003 Nov. 7
17. “IEEE 802.16e Security Vulnerability: Analysis &
Solution”,A.K.M. Nazmus Sakib, Dr. Muhammad
Ibrahim Khan, Mir Md. Saki Kowsar, GJCST,
October 2010, Volume 10, Issue 13, Version 1
18. “Security Enhancement & Solution for Authentication
Frame work in IEEE 802.16”- A.K.M. NAZMUS
SAKIB1, Academic & Industrial Colleboration Centre
[International Journal of Computer Science &
Information Technology] Vol2, No 6, 2010.
90
Global Journal of Computer Science and Technology Volume XII Issue VI Version I