Analysis of the 802.11i 4-Way Handshake
0
0 votes
Overview
802.11i is an IEEE standard designed to provide enhanced MAC security in wireless networks. The authentication process involves three entities: the supplicant, the authenticator, and the authentication server. A 4-Way Handshake must be executed between the supplicant and the authenticator to derive a fresh pairwise key and/or group key for subsequent data transmissions. The paper analyzes the 4-Way Handshake protocol using a finite-state verification tool and finds a Denial-of-Service attack. The attack involves forging initial messages from the authenticator to the supplicant to produce inconsistent keys in peers. Three repairs are proposed; based on various considerations, the third one appears to be the best.
Related whitepapers
- Attrition Defenses for a Peer-to-Peer Digital Preservation System
- DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection
- ACACIA: A Certificate-Based Access-Controlled Internet Architecture
- Hawaii Safeguards Schools Statewide Using Intrusion Protection Systems From TippingPoint
- Southern California University Turns Back Denial of Service Attacks With TippingPoint Intrusion Prevention Systems
- Plugging the Leaks: Proven Approaches for Securing Corporate Email
- Webcast: If it Ain't Broke, Break Into It: Best Practices for Penetration Testing and Remediation
- Don't Dread that Network Audit - Compliance with Government Regulation and Industry Standards
- There's a Hole in Your Network - Vulnerability Management Is No Mystery
- Email Security Doesn't need to be a gamble
|
|
- ZDNet.com |
- ZDNet Japan |
- ZDNet.de |
- CNET UK |
- CNET.de |
- Tech Republic |
- BNET |
- MP3.com |
- activeTechPros |
- ZDNet UK |
- ZDNet Korea |
- ZDNet France |
- CNET Australia |
- CNET France |
- Download.com |
- Builder |
- GameSpot
- ZDNet Australia |
- ZDNet Taiwan |
- CNET |
- CNET Taiwan |
- News.com |
- Silicon.com |
- TV.com |
- GameSpot Korea
News |
Insight |
Reviews |
TechGuides |
Jobs |
Blogs |
Videos |
Community |
Downloads |
IT Library |
Copyright © 2008 CNET Networks, Inc., a CBS Company. All rights reserved. Privacy Policy.
