| As Wireless Local Area Networks (WLANs) become more widely deployed, the security of Wlans has become a serious concern for an increasing number of organizations. Generally, the security requirements for a WLAN include data confidentiality, integrity, mutual authentication, and availability. IEEE 802.11i, an IEEE standard ratified on June 24, 2004, is designed to provide an enhanced security mechanism in the Medium Access Control (MAC) layer for 802.11 networks. The 802. 11i specification defines the Robust Security Network Association (RSNA). RSNA provides two data confidentiality protocols, called the Temporal Key Integrity Protocol (TKIP) and the Counter-mode/CBC-MAC Protocol (CCMP), and the RSNA establishment procedure, including 802. 1X authentication and key management protocols.The article analyzes the whole security protocol in the 802.11i specification, considering data confidentiality, integrity, mutual authentication, and availability. After researching, we find that 802.11i can provide an effective data confidentiality and integrity when CCMP is used. In addition, an authentication process, combining the 802.1X authentication and key management procedures, is performed to mutually authenticate the devices and generate a fresh session key for data transmissions. Therefor, an implementation of 802.11i protocols in a WLAN enhanced the security in the Wlans.Unfortunately, as the 802.11i does not emphasize availability, there are several DoS attacks. The article reviews the known DoS attacks on unprotected management frames and EAP frames, and discusses the method to reduce the attacks in 802.11i. Two new DoS attacks and possible repairs are identified: the vulnerability in RSN IE and 4-Way Handshake. Finally some tradeoffs in failure-recovery strategies are discussed and an improved scheme of 802.11i is proposed to address all the discussed vulnerabilities. |
PDF Full Text Request