Skip to main content
SpringerLink
Log in

Wireless LAN Security: 802.11 and Wi-Fi

  • Chapter
  • First Online:
Computer Security and the Internet

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

This chapter considers wireless local area network (WLAN) security. The focus is WLANs based on the IEEE 802.11 standard, and related subsets marketed under the Wi-Fi brand by an industry association to facilitate product interoperability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 69.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. RFC 3748: Extensible Authentication Protocol (EAP), June 2004. IETF Proposed Standard; obsoletes RFC 2284, updated by RFC 5247.

    Google Scholar 

  2. B. Aboba and P. Calhoun. RFC 3579: RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP), Sept. 2003. Informational RFC; updates RFC 2869.

    Google Scholar 

  3. B. Aboba, D. Simon, and P. Eronen. RFC 5247: Extensible Authentication Protocol (EAP) Key Management Framework, Aug. 2008. IETF Proposed Standard; updates RFC 3748.

    Google Scholar 

  4. J. Bellardo and S. Savage. 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In USENIX Security, pages 15-27, 2003.

    Google Scholar 

  5. F. Bersani and H. Tschofenig. RFC 4764: The EAP-PSK Protocol—A Pre-Shared Key Extensible Authentication Protocol (EAP) Method, Jan. 2007. Experimental RFC.

    Google Scholar 

  6. A. Bittau, M. Handley, and J. Lackey. The final nail in WEP's coffin. In IEEE Symp. Security and Privacy, pages 386-400, 2006.

    Google Scholar 

  7. N. Borisov, I. Goldberg, and D. A. Wagner. Intercepting mobile communications: The insecurity of 802.11. In ACM MobiCom, pages 180-188, 2001.

    Google Scholar 

  8. N. Cam-Winget, D. McGrew, J. Salowey, and H. Zhou. RFC 4851: Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST), May 2007. Informational RFC.

    Google Scholar 

  9. C. Cremers, B. Kiesl, and N. Mediner. A formal analysis of IEEE 802.11's WPA2: Countering the KRACKs caused by cracking the counters. In USENIX Security, 2020.

    Google Scholar 

  10. E. Dawson andL. Nielsen. Automated cryptanalysis of XOR plaintext strings. Cryptologia, 20(2):165- 181, 1996.

    Google Scholar 

  11. J. Edney and W. A. Arbaugh. Real 802.11 Security: Wi-Fi Protected Access and 802.11i. Addison- Wesley, 2003.

    Google Scholar 

  12. V. Fajardo, J. Arkko, J. Loughney, and G. Zorn. RFC 6733: Diameter Base Protocol, Oct. 2012. IETF Proposed Standard; updated by RFCs 7075 and 8553, obsoletes RFCs 3588 and 5719.

    Google Scholar 

  13. S. R. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the key scheduling algorithm of RC4. In Workshop on Selected Areas in Cryptography (SAC), pages 1-24, 2001.

    Google Scholar 

  14. P. Funk and S. Blake-Wilson. RFC 5281: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0), Aug. 2008. Informational RFC.

    Google Scholar 

  15. D. Harkins. Simultaneous Authentication of Equals: A secure, password-based key exchange for mesh networks. In Sensor Tech. and Applications (SensorComm), pages 839-844, 2008. See warning in [19].

    Google Scholar 

  16. D. Harkins. RFC 7664: Dragonfly Key Exchange, Nov. 2015. Informational RFC.

    Google Scholar 

  17. D. Harkins. RFC 8146: Adding Support for Salted Password Databases to EAP-pwd, Apr. 2017. Informational RFC; updates RFC 5931. Note: EAP-pwd is based on the Dragonfly key exchange.

    Google Scholar 

  18. D. Harkins and W. Kumari. RFC 8110: Opportunistic Wireless Encryption, Mar. 2017. Informational.

    Google Scholar 

  19. D. Harkins and G. Zorn. RFC 5931: Extensible Authentication Protocol (EAP) Authentication Using Only a Password, Aug. 2010. Informational; updated by RFC 8146 [17]. RFC 5931's official Errata notes that the EAP-pwd key exchange (Dragonfly) of RFC 7664 [16] addresses a side-channel attack on the method in 5931, and that consequently the method in 7664 should be used instead.

    Google Scholar 

  20. R. Housley and B. Aboba. RFC 4962: Guidance for Authentication, Authorization, and Accounting (AAA) Key Management, July 2007. IETF Best Current Practice.

    Google Scholar 

  21. IEEE Computer Society. IEEE Std 802.11-2007, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. June 2007 (1184 pages), incorporating the 8 amendments since 802.11-1999; superseded by 802.11-2012 (2695 pages) and 802.11-2016. The IEEE 802 group addresses Local and Metropolitan Area Networks (LANs and MANs).

    Google Scholar 

  22. IEEE Computer Society. IEEE Std 802.11i-2004, Amendment 6: Medium Access Control (MAC) Security Enhancements, Jul 2004. 175 pages. Provides security enhancements for 802.11-1999 [21].

    Google Scholar 

  23. IEEE Computer Society. IEEE Std 802.1X-2010: Port-Based Network Access Control, Feb 2010. 205 pages. Revises 802.1X-2004; superseded by 802.1X-2020. The IEEE 802 group addresses Local and Metropolitan Area Networks (LANs and MANs).

    Google Scholar 

  24. G. Lehembre. Wi-Fi security—WEP, WPA and WPA2. Hakin9 (magazine), pages 2-15, Jun 2005. https://hakin9.org/.

  25. B. Lloyd and W. Simpson. RFC 1334: PPP Authentication Protocols, Oct. 1992. IETF Proposed Standard; obsoleted by RFC 1994 (PPP CHAP [45]).

    Google Scholar 

  26. E. N. Lorente, C. Meijer, and R. Verdult. Scrutinizing WPA2 password generating algorithms in wireless routers. In USENIX Workshop on Offensive Technologies (WOOT), 2015.

    Google Scholar 

  27. I. Mantin. A practical attack on the fixed RC4 in the WEP mode. In ASIACRYPT, pages 395-411, 2005.

    Google Scholar 

  28. J. Mason, K. Watkins, J. Eisner, and A. Stubblefield. A natural language approach to automated crypt- analysis of two-time pads. In ACM Comp. & Comm. Security (CCS), pages 235-244, 2006.

    Google Scholar 

  29. R. McEliece. Finite Fields for Computer Scientists and Engineers. Kluwer, 1987.

    Google Scholar 

  30. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. Openly available, http://cacr.uwaterloo.ca/hac/.

  31. A. Mishra, N. L. Petroni Jr., W. A. Arbaugh, and T. Fraser. Security issues in IEEE 802.11 wireless local area networks: A survey. Wireless Communications and Mobile Computing, 4(8):821-833, 2004.

    Google Scholar 

  32. R. Moskowitz. Weakness in passphrase choice in WPA interface. WNN Wi-Fi Net News. 4 Nov 2003.

    Google Scholar 

  33. D. Nelson and A. DeKok. RFC 5080: Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes, Dec. 2007. IETF Proposed Standard; updates RFCs 2865, 2866, 2869, 3579.

    Google Scholar 

  34. NIST. Special Pub 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. U.S. Dept. of Commerce, Feb 2007.

    Google Scholar 

  35. NIST. Special Pub 800-121 r2: Guide to Bluetooth Security. U.S. Dept. of Commerce, May 2017.

    Google Scholar 

  36. NIST. (Draft) Special Pub 800-124 r2: Guidelines for Managing the Security of Mobile Devices in the Enterprise. U.S. Dept. of Commerce, Mar 2020.

    Google Scholar 

  37. A. Palekar, D. Simon, J. Salowey, H. Zhou, G. Zorn, and S. Josefsson. Protected EAP Protocol (PEAP) Version 2. Internet-Draft (Category: Informational, EAP Working Group), 15 October 2004, draft-josefsson-pppext-eap-tls-eap-10.txt. See also Chapter 9 in [11].

    Google Scholar 

  38. C. Rigney, W. Willats, and P. Calhoun. RFC 2869: RADIUS Extensions, June 2000. Informational RFC; updated by RFC 3579, see also RFC 5080.

    Google Scholar 

  39. C. Rigney, S. Willens, A. Rubens, and W. Simpson. RFC 2865: Remote Authentication Dial In User Service (RADIUS), June 2000. IETF Draft Standard. Obsoletes RFC 2138, which obsoleted 2058; updated by RFCs 2868, 3575, 5080, 6929, and 8044. See also RFC 5176.

    Google Scholar 

  40. B. Schneier, Mudge, and D. A. Wagner. Cryptanalysis of Microsoft's PPTP authentication extensions (MS-CHAPv2). In Secure Networking—CQRE (Secure), pages 192-203. Springer LNCS 1740, 1999.

    Google Scholar 

  41. P. Sepehrdad, P. Susil, S. Vaudenay, and M. Vuagnoux. Smashing WEP in a passive attack. In Fast Software Encryption, pages 155-178, 2013. Extended version (2015, 65 pages): "Tornado attack on RC4 with applications to WEP and WPA".

    Google Scholar 

  42. Y. Sheffer, G. Zorn, H. Tschofenig, and S. Fluhrer. RFC 6124: An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol, Feb. 2011. Informational RFC.

    Google Scholar 

  43. D. Simon, B. Aboba, and R. Hurst. RFC 5216: The EAP-TLS Authentication Protocol, Mar. 2008. IETF Proposed Standard; obsoletes RFC 2716.

    Google Scholar 

  44. W. Simpson. RFC 1661: The Point-to-Point Protocol (PPP), July 1994. IETF Internet Standard.

    Google Scholar 

  45. W. Simpson. RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP), Aug. 1996. IETF Draft Standard; obsoletes RFC 1334.

    Google Scholar 

  46. E. Skoudis and T. Liston. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd edition). Prentice Hall, 2006 (first edition: 2001).

    Google Scholar 

  47. S. G. Stubblebine and V. D. Gligor. On message integrity in cryptographic protocols. In IEEE Symp. Security and Privacy, pages 85-104, 1992.

    Google Scholar 

  48. A. Stubblefield, J. Ioannidis, and A. D. Rubin. Key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Trans. Inf. Systems and Security, 7(2):319-332, 2004. Extends NDSS 2002 paper.

    Google Scholar 

  49. E. Tews and M. Beck. Practical attacks against WEP and WPA. In ACM WiSec, pages 79-86, 2009.

    Google Scholar 

  50. E. Tews, R. Weinmann, and A. Pyshkin. Breaking 104 bit WEP in less than 60 seconds. In Workshop on Information Security Applications (WISA), pages 188-202, 2007.

    Google Scholar 

  51. M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens. Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms. In AsiaCCS, pages 413-424, 2016.

    Google Scholar 

  52. M. Vanhoef and F. Piessens. Key reinstallation attacks: Forcing nonce reuse in WPA2. In ACM Comp. & Comm. Security (CCS), pages 1313-1328, 2017. See also https://www.krackattacks.com/, and the authors' CCS 2018 follow-up, "Release the Kraken: New KRACKs in the 802.11 standard".

  53. M. Vanhoef and E. Ronen. Dragonblood: A security analysis of WPA3's SAE handshake. In IEEE Symp. Security and Privacy, 2020.

    Google Scholar 

  54. S. Viehbock. Brute forcing Wi-Fi Protected Setup. Technical report, 26 Dec 2011 (version 3).

    Google Scholar 

  55. D. Whiting, R. Housley, and N. Ferguson. RFC 3610: Counter with CBC-MAC (CCM), Sept. 2003. Informational RFC.

    Google Scholar 

  56. Wi-Fi Alliance. Wi-Fi Easy Connect Specification (Version 2.0). 14 Dec 2020 (revises: Version 1.0, Device Provisioning Protocol Specification, 9 Apr 2018), https://www.wi-fi.org.

  57. Wi-Fi Alliance. WPA3 Specification (Version 2.0). 20 Dec 2019, https://www.wi-fi.org.

  58. K. Wierenga and L. Florio. Eduroam: past, present and future. Computational Methods in Science and Technology, 11(2):169-173, 2005. See also: https://www.eduroam.org.

  59. H. Y. Youm. Extensible Authentication Protocol overview and its applications. IEICE Trans. Inf. Syst., 92-D(5):766-776, 2009.

    Google Scholar 

  60. G. Zorn. RFC 2759: Microsoft PPP CHAP Extensions, Version 2, Jan. 2000. Informational RFC; improves on MS-CHAPv1 (RFC 2433).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Carleton University, Ottawa, ON, Canada

    Paul C. van Oorschot

Authors
  1. Paul C. van Oorschot
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s)

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

van Oorschot, P.C. (2021). Wireless LAN Security: 802.11 and Wi-Fi. In: Computer Security and the Internet. Information Security and Cryptography. Springer, Cham. https://doi.org/10.1007/978-3-030-83411-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-83411-1_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-83410-4

  • Online ISBN: 978-3-030-83411-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation