Research And Improvement On Security Of WPA2 Authentication Protocol

As the usage of wireless mobile devices is increasing,the attack methods of wireless networks are also increasing year by year.Since the key reinstallation attack vulnerability was disclosed in 2017,the security of the WLAN identity authentication protocol has once again attracted extensive attention of security researchers.The security problems such as forward secrecy and downgrade attacks in the WLAN authentication protocol are gradually raised by researchers.This paper mainly analyzes and improves three problems existing in the WPA2 authentication protocol.One is that the session key that generated by Wi-Fi password,two random number,and the MAC address does not have forward secrecy feature;The second problem is that the RSNE field in the beacon frame is easy to cause downgrade attack;The third problem is the WLAN authentication process is transmitted with plaintext.So sensitive message is easy to be sniffed by attackers,which is not conducive to Wi-Fi password security.The main work of this paper is as follows:(1)To solve the problem that the WPA2 authentication protocol does not have forward secrecy feature when the wireless access point and the client use the session key generated by Wi-Fi password,bilateral random number,and MAC address,a method that aims to improve the security of this authentication protocol based on elliptic curve discrete logarithm theory is proposed.The improved protocol requires the client and AP to generate the private key and the public key respectively,send the public key to each other as two parameters of the negotiated pair of master keys,and generate the session key from the pair of master keys.Once the Wi-Fi password is compromised,the past session key is not compromised.Since the calculation of the session key is related to the private key generated temporarily by the client and AP in key negotiation,and it is difficult to solve the private key,which is a difficult problem to solve the discrete logarithm of the elliptic curve,the improved protocol has forward secrecy.(2)For the problem of the RSNE field in the beacon frame is easy to cause downgrade attack in the WPA2 authentication protocol,a solution is proposed that put a pseudo synchronous sequence into the beacon frame,association request frame,and the association response frame.Meanwhile,the solution also added the RSNE value to the first and the second-way handshake frame.During this process,pseudo synchronization sequences are generated using the RSNE value,Wi-Fi passwords,timestamps,and AP MAC addresses.The RSNE value is encrypted using the paired master key AES CTR algorithm.The formal analysis with BAN logic proves that the RSNE value transmitted in the improved protocol is reliable.(3)Aiming at the problem that the sensitive message is easy to be sniffed by attackers in the frame of the authentication process.This paper proposes to encrypt six frames which are the frames in the association stage and the four-way handshake stage.In the improved protocol,the algorithm AES CTR is used for encryption,and Wi-Fi password and paired master keys are respectively used as encryption keys according to the key negotiation process.An attacker cannot guess the Wi-Fi password by sniffing the random number parameters ANonce,SNonce,and key verification values in the authentication process.Experiments show that the Wi-Fi password of the improved protocol cannot be cracked by the cracking tools such as beini and Aircrack-ng,etc.(4)The improved protocol is proved by the BAN logic theory and implemented in the project.The experiments show that the improved protocol can realize client and wireless access point identity authentication,and the security has the forward secrecy feature,resistive to downgrade attack,and enhances the security of the Wi-Fi password.Besides,compared to the original protocol,the improved protocol authentication time only increased by 0.11%,which is negligible.