资料下载
×
802.11i pdf
消耗积分:10 |
格式:rar |
大小:333 |
2008-07-12
王涛
分享资料个
This paper analyzes the IEEE 802.11i wireless
networking standard with respect to data confidentiality,
integrity, mutual authentication, and availability. Under
our threat model, 802.11i appears to provide effective
data confidentiality and integrity when CCMP is used.
Furthermore, 802.11i may provide satisfactory mutual
authentication and key management, although there are
some potential implementation oversights that may cause
severe problems. Since the 802.11i design does not
emphasize availability, several DoS attacks are possible.
We review the known DoS attacks on unprotected
management frames and EAP frames, and discuss ways of
mitigating them in 802.11i. The practicality of a DoS
attack against Michael MIC Failure countermeasure is
discussed and improvements are proposed. Two new DoS
attacks and possible repairs are identified: RSN IE
Poisoning and 4-Way Handshake Blocking. Finally some
tradeoffs in failure-recovery strategies are discussed and
an improved variant of 802.11i is proposed to address all
the discussed vulnerabilities.As Wireless Local Area Networks (WLANs) become
more widely deployed, wireless security has become a
serious concern for an increasing number of organizations
[15, 38]. A summary of relevant literature on wireless
security research appears in the Appendix, including
review of standard definitions and acronyms. Generally,
the security requirements for a WLAN include data
confidentiality, integrity, mutual authentication, and
availability.
IEEE 802.11i [21], an IEEE standard ratified June 24,
2004, is designed to provide enhanced security in the
Medium Access Control (MAC) layer for 802.11
networks. The 802.11i specification defines two classes of
security algorithms: Robust Security Network Association
(RSNA), and Pre-RSNA. Pre-RSNA security consists of
Wired Equivalent Privacy (WEP) and 802.11 entityauthentication. RSNA provides two data confidentiality
protocols, called the Temporal Key Integrity Protocol
(TKIP) and the Counter-mode/CBC-MAC Protocol
(CCMP), and the RSNA establishment procedure,
including 802.1X authentication and key management
protocols.
networking standard with respect to data confidentiality,
integrity, mutual authentication, and availability. Under
our threat model, 802.11i appears to provide effective
data confidentiality and integrity when CCMP is used.
Furthermore, 802.11i may provide satisfactory mutual
authentication and key management, although there are
some potential implementation oversights that may cause
severe problems. Since the 802.11i design does not
emphasize availability, several DoS attacks are possible.
We review the known DoS attacks on unprotected
management frames and EAP frames, and discuss ways of
mitigating them in 802.11i. The practicality of a DoS
attack against Michael MIC Failure countermeasure is
discussed and improvements are proposed. Two new DoS
attacks and possible repairs are identified: RSN IE
Poisoning and 4-Way Handshake Blocking. Finally some
tradeoffs in failure-recovery strategies are discussed and
an improved variant of 802.11i is proposed to address all
the discussed vulnerabilities.As Wireless Local Area Networks (WLANs) become
more widely deployed, wireless security has become a
serious concern for an increasing number of organizations
[15, 38]. A summary of relevant literature on wireless
security research appears in the Appendix, including
review of standard definitions and acronyms. Generally,
the security requirements for a WLAN include data
confidentiality, integrity, mutual authentication, and
availability.
IEEE 802.11i [21], an IEEE standard ratified June 24,
2004, is designed to provide enhanced security in the
Medium Access Control (MAC) layer for 802.11
networks. The 802.11i specification defines two classes of
security algorithms: Robust Security Network Association
(RSNA), and Pre-RSNA. Pre-RSNA security consists of
Wired Equivalent Privacy (WEP) and 802.11 entityauthentication. RSNA provides two data confidentiality
protocols, called the Temporal Key Integrity Protocol
(TKIP) and the Counter-mode/CBC-MAC Protocol
(CCMP), and the RSNA establishment procedure,
including 802.1X authentication and key management
protocols.
声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。 举报投诉
评论(0)
发评论
- 相关下载
- 相关文章
