| As its flexibility and convenience, Wireless Local Networks (WLANs) are widely used in corporations, offices, airports, hospitals, and in home, or some special environments for dealing with emergency events. However, opening wireless transmission brings some security vulnerabilities into WLAN, such as data is easily eavesdropped, intercepted and modified, as well as Denial of Services and masquerading attacks.Upon analyzing the network features and security need of WLAN, vulnerabilities are summarized and classified. From four principal security requirements for a WLAN, IEEE 802.11i, the major security standard in WLANs, is analyzed systematically and thoroughly, and vulnerabilities and shortcomings of which are pointed out. These vulnerabilities include: if the configuration is not implemented appropriately, the mutual authentication property will lost; and an adversary is able to perform a DoS attacks.Based on one-time signature and the concept of hard-core predicate, a novel scheme is given, named self-updating hash chain (SUHC), to construct token for fast authentication. During the working of a SUHC, the bit message of verification anchor of the next hash chain is securely taken to the verifier. The smooth hash chain updating is achieved, in other words, SUHCs can be linked to construct an infinite length hash chain. The scheme resolves the length limitation of hash chain. Upon analysis of IEEE 802.11i standard and using SUHC, an efficient WLAN authentication infrastructure (EWAI) is given, which includes initial authentication protocol (IAKN) to achieve fast authentication. In IAKN, protocols construct the authentication token without need of signature algorithm. AS authenticates STAs in the foremost time by using less handshakes and less messages in protocol flows. Meanwhile, the mutual authentication between STA, AP and AS and initial key negotiation are completed. Compared with 802.11i, the infrastructure EWAI has better security properties (muli-factors entities authentication and defending against DoS effectively) and efficiency. The proposed IAKN protocol is reasoned using BAN logic and its correctness is proved. |
PDF Full Text Request