access icon free Achieving secure and convenient WLAN sharing in personal

© The Institution of Engineering and Technology
Received 07/03/2020, Accepted 13/07/2020, Revised 12/06/2020, Published 14/07/2020

The authors analyse the security threats caused by personal wireless local area network (WLAN) sharing, propose schemes under two different conditions, and evaluate the performance of their schemes. WLAN is a widely used low-cost wireless networking technology. Most personal WLANs use the Wi-Fi-protected access II (WPA2)-personal to ensure robust security. Exposing the passphrase of WLAN is the only way to share it. Passphrase exposure can cause three threats, i.e. eavesdropping, evil twin attack, and resource abuse. This study addresses these threats by proposing two schemes under different device upgrade difficulties. For devices that are difficult to upgrade, their scheme only upgrades wireless routers. All WPA2-personal certified user devices can address these threats without any changes. For easy-upgrade and new devices, their scheme uses the attribute-based key exchange to address threats and provide ease of use, anonymity, and fine-grained access control. To solve the problem practically, they propose a mutual authentication method based on trust-on-first-use and a convenient attribute assignment method based on the existence of social information. The attribute authority already has numerous social information to provide services and cannot obtain more private information from participants in their scheme. The analysis shows that these proposed schemes are secure and practical.

Inspec keywords: cryptographic protocols; computer network security; telecommunication security; wireless LAN; authorisation

Other keywords: convenient WLAN sharing; robust security; personal wireless local area network sharing; fine-grained access control; secure WLAN sharing; Wi-Fi-protected access II-personal; WPA2-personal certified user devices; different device upgrade difficulties; networking technology; wireless routers; attribute authority; convenient attribute assignment method; attribute-based key exchange; passphrase exposure; security threats; personal WLANs

Subjects: Radio links and equipment; Local area networks; Protocols; Data security; Computer communications; Cryptography

References

    1. 1)
      • 38. Cassola, A., Robertson, W.K., Kirda, E., et al: ‘A practical, targeted, and stealthy attack against WPA enterprise authentication’. NDSS, San Diego, California, USA., 2013.
    2. 2)
      • 39. Yu, S., Wang, C., Ren, K., et al: ‘Achieving secure, scalable, and fine-grained data access control in cloud computing’. 2010 Proc. IEEE INFOCOM, San Diego, CA, USA., 2010, pp. 19.
    3. 3)
      • 40. Bonneau, J., Bursztein, E., Caron, I., et al: ‘Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at Google’. Proc. 24th int. Conf. on World Wide Web, Florence, Italy, 2015, pp. 141150.
    4. 4)
      • 13. Malinen, J.: ‘Hostapd configuration file’, 2020. Available at https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf (accessed 23 February 2020).
    5. 5)
      • 27. Pisa, C., Dargahi, T., Caponi, A., et al: ‘On the feasibility of attribute-based encryption for WLAN access control’. 2017 IEEE 13th Int. Conf. on Wireless and Mobile Computing, Networking and Communications (WiMob), Rome, Italy, 2017, pp. 18.
    6. 6)
      • 34. Gorbunov, S., Vaikuntanathan, V., Wee, H.: ‘Predicate encryption for circuits from LWE’. Annual Cryptology Conf., Santa Barbara, California, USA., 2015, pp. 503523.
    7. 7)
      • 7. Wang, D., Zhang, Z., Wang, P., et al: ‘Targeted online password guessing: an underestimated threat’. Proc. 2016 ACM SIGSAC Conf. on Computer and Communications Security, Vienna, Austria, 2016, pp. 12421254.
    8. 8)
      • 9. Wi-Fi Alliance: ‘Opportunistic wireless encryption’, 2017.
    9. 9)
      • 28. IEEE: ‘Part 11: wireless LAN medium access control (MAC) and physical layer (PHY) specifications’, 2016.
    10. 10)
      • 36. Kolesnikov, V., Krawczyk, H., Lindell, Y., et al: ‘Attribute-based key exchange with general policies’. Proc. 2016 ACM SIGSAC Conf. on Computer and Communications Security, Vienna, Austria, 2016, pp. 14511463.
    11. 11)
      • 37. Birkett, J., Stebila, D.: ‘Predicate-based key exchange’. Australasian Conf. on Information Security and Privacy, Sydney, Australia, 2010, pp. 282299.
    12. 12)
      • 42. Schechter, S., Egelman, S., Reeder, R.W.: ‘It's not what you know, but who you know: a social approach to last-resort authentication’. Proc. Sigchi Conf. on Human Factors in Computing Systems, Boston, MA, USA., 2009, pp. 19831992.
    13. 13)
      • 3. Vanhoef, M., Piessens, F.: ‘Key reinstallation attacks: forcing nonce reuse in WPA2’. Proc. 2017 ACM SIGSAC Conf. on Computer and Communications Security, Dallas, Texas, USA., 2017, pp. 13131328.
    14. 14)
      • 35. Gorantla, M.C., Boyd, C., Nieto, J.M.G.: ‘Attribute-based authenticated key exchange’. Australasian Conf. on Information Security and Privacy, Sydney, Australia, 2010, pp. 300317.
    15. 15)
      • 45. Bellare, M., Hoang, V.T., Keelveedhi, S., et al: ‘Efficient garbling from a fixed-key blockcipher’. 2013 IEEE Symp. on Security and Privacy, 2013, pp. 478492.
    16. 16)
      • 16. Zhang, J., Wang, Z., Yang, Z., et al: ‘Proximity based IoT device authentication’. IEEE INFOCOM 2017-IEEE Conf. on Computer Communications, Atlanta, GA, USA., 2017, pp. 19.
    17. 17)
      • 41. Kim, H., Tang, J., Anderson, R.: ‘Social authentication: harder than it looks’. Int. Conf. on Financial Cryptography and Data Security, Kralendijk, Bonaire, 2012, pp. 115.
    18. 18)
      • 1. Wi.Fi: ‘Wi-Fi global economic value reaches $1.96 trillion in 2018’, 2018. Available at https://www.wi-fi.org/news-events/newsroom/wi-fi-global-economic-value-reaches-196-trillion-in-2018 (accessed 10 June 2019).
    19. 19)
      • 8. Vanhoef, M., Ronen, E.: ‘Dragonblood: analyzing the dragonfly handshake of WPA3 and EAP-PWD’. IEEE Symp. on Security & Privacy (SP), San Francisco, California, USA., 2020.
    20. 20)
      • 19. Li, X., Bao, F., Li, S., et al: ‘Flap: an efficient WLAN initial access authentication protocol’, IEEE Trans. Parallel Distrib. Syst., 2013, 25, (2), pp. 488497.
    21. 21)
      • 29. Kostiainen, K., Asokan, N., Afanasyeva, A.: ‘Towards user-friendly credential transfer on open credential platforms’. Int. Conf. on Applied Cryptography and Network Security, Nerja, Spain, 2011, pp. 395412.
    22. 22)
      • 44. Cisco: ‘802.11ac: the fifth generation of Wi-Fi technical white paper’, 2018.
    23. 23)
      • 43. Malinen, J.: ‘Hostapd: IEEE 802.11 AP, IEEE 802.1 X/WPA/WPA2/EAP/radius authenticator’, Hostapd: IEEE 80211 AP, IEEE 8021 X/WPA/WPA2/EAP/RADIUS Authenticator, 2013.
    24. 24)
      • 10. Wi-Fi Alliance: ‘Device provisioning protocol specification’, 2018.
    25. 25)
      • 12. Wi-Fi Alliance: ‘WPA3 specification addendum for WPA3 R3’, 2020.
    26. 26)
      • 26. Wi-Fi Alliance: ‘Wi-Fi CERTIFIED passpoint: an essential and strategic solution for service provider Wi-Fi deployments’, 2014.
    27. 27)
      • 32. Jawurek, M., Kerschbaum, F., Orlandi, C.: ‘Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently’. Proc. 2013 ACM SIGSAC Conf. on Computer & Communications Security, Berlin, Germany, 2013, pp. 955966.
    28. 28)
      • 21. Bauer, K., Gonzales, H., McCoy, D.: ‘Mitigating evil twin attacks in 802.11’. 2008 IEEE Int. Performance, Computing and Communications Conf., Austin, TX, USA., 2008, pp. 513516.
    29. 29)
      • 11. Cisco: ‘Configure multiple ssids on a network’, 2018. Available at https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5652-configure-multiple-ssids-on-a-network.html (accessed 23 February 2020).
    30. 30)
      • 20. Zhang, L., Ma, M.: ‘FKR: an efficient authentication scheme for IEEE 802.11 ah networks’, Comput. Secur., 2020, 88, p. 101633.
    31. 31)
      • 17. Li, C., Cai, Q., Li, J., et al: ‘Passwords in the air: harvesting Wi-Fi credentials from SmartCfg provisioning’. Proc. 11th ACM Conf. on Security & Privacy in Wireless and Mobile Networks, Stockholm, Sweden, 2018, pp. 111.
    32. 32)
      • 5. Damsgaard, J., Parikh, M.A., Rao, B.: ‘Wireless commons perils in the common good’, Commun. ACM, 2006, 49, (2), pp. 104109.
    33. 33)
      • 24. Jana, S., Kasera, S.K.: ‘On fast and accurate detection of unauthorized wireless access points using clock skews’, IEEE Trans. Mob. Comput., 2009, 9, (3), pp. 449462.
    34. 34)
      • 22. Han, H., Sheng, B., Tan, C.C., et al: ‘A measurement based rogue AP detection scheme’. IEEE INFOCOM 2009, Rio de Janeiro, Brazil, 2009, pp. 15931601.
    35. 35)
      • 30. Boneh, D., Franklin, M.: ‘Identity-based encryption from the Weil pairing’. Annual Int. Cryptology Conf., Santa Barbara, California, USA., 2001, pp. 213229.
    36. 36)
      • 31. Bellare, M., Hoang, V.T., Rogaway, P.: ‘Foundations of garbled circuits’. Proc. 2012 ACM Conf. on Computer and Communications Security, Raleigh, NC, USA., 2012, pp. 784796.
    37. 37)
      • 25. Lanze, F., Panchenko, A., Braatz, B., et al: ‘Letting the puss in boots sweat: detecting fake access points using dependency of clock skews on temperature’. Proc. 9th ACM Symp. on Information, Computer and Communications Security, Kyoto, Japan, 2014, pp. 314.
    38. 38)
      • 15. Chen, D., Zhang, N., Qin, Z., et al: ‘S2M: a lightweight acoustic fingerprints-based wireless device authentication protocol’, IEEE Internet Things J., 2016, 4, (1), pp. 88100.
    39. 39)
      • 33. Garg, S., Gentry, C., Halevi, S., et al: ‘Attribute-based encryption for circuits from multilinear maps’. Annual Cryptology Conf., Santa Barbara, California, USA., 2013, pp. 479499.
    40. 40)
      • 4. Lanze, F., Panchenko, A., Ponce-Alcaide, I., et al: ‘Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11’. Proc. 10th ACM Symp. on QoS and Security for Wireless and Mobile Networks, Montreal, QC, Canada, 2014, pp. 8794.
    41. 41)
      • 14. Roeschlin, M., Martinovic, I., Rasmussen, K.B.: ‘Device pairing at the touch of an electrode’. Proc. 2018 Network and Distributed System Security Symp. (NDSS), San Diego, California, USA., 2018, pp. 115.
    42. 42)
      • 18. Singh, R., Sharma, T.P.: ‘A key hiding communication scheme for enhancing the wireless LAN security’, Wirel. Pers. Commun., 2014, 77, (2), pp. 11451165.
    43. 43)
      • 2. Brenza, S., Pawlowski, A., Pöpper, C.: ‘A practical investigation of identity theft vulnerabilities in eduroam’. Proc. 8th ACM Conf. on Security & Privacy in Wireless and Mobile Networks, New York, NY, USA., 2015, pp. 111.
    44. 44)
      • 23. Song, Y., Yang, C., Gu, G.: ‘Who is peeping at your passwords at starbucks? – to catch an evil twin access point’. 2010 IEEE/IFIP Int. Conf. on Dependable Systems & Networks (DSN), Chicago, IL, USA., 2010, pp. 323332.
    45. 45)
      • 6. Vanhoef, M., Piessens, F.: ‘Advanced Wi-Fi attacks using commodity hardware’. Proc. 30th Annual Computer Security Applications Conf., New Orleans, Louisiana, USA., 2014, pp. 256265.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2020.0134
Loading

Related content

content/journals/10.1049/iet-ifs.2020.0134
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading