Abstract
Authentication is the basis of the security of IEEE 802.11i standard. The authentication process in 802.11i involves two important protocols: a 4-way handshake and a group key handshake. A formal analysis of authentication in 802.11i is given via a belief multisets formalism. The analysis shows that the 4-way handshake and the group key handshake may provide satisfactory mutual authentication, key management, and issue of a new group temporal key from an access point to a user device, under the guarantee of mutual possession of a confidential pairwise master key. The analysis also shows that there exists a denial of service attack in the 4-way handshake and some seeming redundancies are useful in the protocol implementation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
ANSI/IEEE Std 802.11, Wireless LAN medium access control (MAC) and physical layer (PHY) specifications [S].
Brown B. 802.11: The security differences between b and i [J]. IEEE Potentials, 2003, 22(4): 23–27.
IEEE Std 802.11i-2004, Wireless LAN medium access control (MAC) and physical layer (PHY) specifications: medium access control (MAC) security enhancements [S].
Furqan Z, Muhammad S, Guha R K. Formal verification of 802.11i using strand space formalism [C]//IEEE Proc ICNICONSMCL’2006. [s.l.]: IEEE Press, 2006: 140–146.
Sithirasenan E, Zafar S, Muthukkumarasamy V. Formal verification of the IEEE 802.11i WLAN security protocol [C]//IEEE Proc ASWEC’2006. Australia: IEEE Press, 2006: 1–10.
IEEE Std 802.1X, Port-based network access control [S].
IEEE Std EAP-2004, Extensible authentication protocol (EAP) [S].
Dong L, Chen K, Lai X, et al. Extensible belief multisets for wireless security analysis [C]//China Crypt’ 07. ChengDu: SWJTU Press, 2007: 206–216.
Dong L, Chen K, Lai X. Belief multisets for cryptographic protocol analysis [J]. Journal of Software (accepted).
Canetti1 R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels [C]//EUROCRYPT’01, LNCS 2045. Heidelberg: Springer-Verlag, 2001: 453–474.
IETF RFC 4763, Extensible authentication protocol method for shared-secret authentication and key establishment (EAP-SAKE) [S].
He C, Mitchell J C. Analysis of the 802.11i 4-way handshake [C]//ACM Proc WiSe’04. [s.l.]: ACM Press, 2004: 43–50.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National High Technology Research and Development Program (863) of China (No. 2006AA01Z422) and the National Natural Science Foundation of China (Nos. 60573030, 90704004)
Rights and permissions
About this article
Cite this article
Dong, L., Chen, Kf. & Lai, Xj. Formal analysis of authentication in 802.11i. J. Shanghai Jiaotong Univ. (Sci.) 14, 122–128 (2009). https://doi.org/10.1007/s12204-009-0122-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-009-0122-3