**3. Frame authentication**

*Computer and Network Security*

*Communication overheads*

*\*Not Applicable in the scheme. \*\*Considered per participating node.*

For per frame authentication

*Memory requirements\*\**

**WLAN access control—Security mechanisms**

Storing key and IV

IV (128 bits) per frame

For key refreshing N.A.\* 4 data

Storing Master Key, Refreshed key

Implicitly by MIC

frames

*Performance comparison of WLAN access control security mechanisms [16].*

SWAS requires 2 frames whereas it is handled implicitly in KHC. In [11], the average authentication delays of the EAP-TLS and FLAP are evaluated as 260.253 and 13.884 ms, respectively. In [13], the total time for SWAS authentication is found to be of the order of 26.46 ms (including time for DoS protection). In [16] Key refreshing timings of 802.11i and KHC are shown as 13.5 ms and 7.5 ms,

**Overheads WEP 802.11i [1] FLAP [11] SWAS[13] KHC[16]**

Storing Master Key, Refreshed key and counter

Implicitly by MIC

4 data frames Storing delegation key, public key pairs, Symmetric keys: MK, PMK, MSK, PTK, two counters, one sequence number. (Also pool of random numbers

Implicitly by MIC/ authentication information

2 data frames implicit

Storing Master Key, Refreshed key, IV and two counters

256 bits per frame

at AP)

The security comparison shown in **Table 3** clearly indicates that SWAS and KHC scheme provides almost equivalent and better security. 802.11i is prone to DoS attacks whereas FLAP is prone to replay and man-in-middle attacks. Obviously,

In most of the WLAN access control mechanisms (except KHC), authenticity to the data frame is usually provided by MIC. The MIC based per frame authentication may lead to computation DoS. Hence, lightweight per frame authentication solution

**Attacks WEP 802.11i [1] FLAP [11] SWAS[13] KHC [16]**

Man-in-middle attack Yes No Yes No No Replay attack Yes No Yes No No Reduce DoS attacks No No No Yes Yes

Yes No No No No

No No N.A.\* No

security of FLAP is least and hence it is not much used presently.

N.A. as authentication is implicit

*Comparison of WLAN access control security mechanisms under attacks [16].*

**58**

**Table 3.**

respectively.

**Table 2.**

is required. It is discussed next.

Possibility of frame contents overwritten by

Possibility of modification of authentication bits

*\*Not applicable in this mechanism.*

attacker

In WLANs, a two layer redundant security exists. One at the Medium Access Control (MAC) layer while other at the higher layer dealing with End to End security. In former, 802.11i provides security while in latter, higher layer protocols like IPSec, SSL-TLS etc. provides security. Hence, it is suggestive that lightweight authentication and symmetric key based cryptographic measures per frame should be used.

For providing individual frame level protection, two kinds of per frame authentication exist in WLANs: MIC based authentication and lightweight authentication. MIC based frame authentication for data frames is utilized by standard WLAN protocols like IEEE 802.11i, FLAP etc. In these protocols, each frame is accompanied by a unique MIC calculated using sender's shared secret key. The receiver verifies it by recalculating and matching using its share secret key. The MIC calculations and verification consume computation time of the order of 1.5 ms and as shown in Section 2 for FLAP protocol, computation DoS attacks are a possibility [12, 17, 18]. Main reason for computation DoS attack is attributed to the fact that MIC is serving two purposes: authentication and message integrity. Instead, first lightweight authentication should be used. If it succeeds, frame integrity (MIC) should be checked only for those frames whose authentication has succeeded. This will reduce the DoS attacker chances. Thus, lightweight authentication techniques which uses less computation time may prove useful.

The lightweight authentication schemes [19–25] generate the random authentication bits at sender and receiver using random bit generator with commonly shared secret seed as input. These authentication bits are inserted into the WLAN frames. Upon verification of the authentication bits, the frame is accepted at the receiver. Though such schemes provides authentication but they usually lack other security measures like key freshness, secrecy and integrity. A brief tabulation of these schemes is presentation in **Table 4**, showing advantage and disadvantage of each.

### **3.1 Comparisons of various lightweight authentication mechanisms**

All the schemes considered in **Table 4** provide per frame continuous authentication. Schemes of Pepyne et al. [25] and Singh and Sharma [26] supports integrity. Former supports CRC based weak integrity while latter supports MIC based strong integrity. Schemes of Pepyne et al. [25] and Singh and Sharma [26] supports encryption. Former supports RC4 based weak encryption while latter supports TKIP/AES based strong encryption. All the schemes considered use their own synchronization algorithm, in fact scheme by Wang et al. [22] uses three different synchronization algorithms. Schemes by Ren et al. [23], Lee et al. [24], Pepyne et al. [25] and Singh and Sharma [26] involves initial message exchanges. Key freshness is incorporated by Pepyne et al. [25] and Singh and Sharma [26]. None of these involves extra messages for evolving new symmetric key (key renewal).

Considering the memory requirements of these schemes Singh and Sharma [26] has the greatest (912 bits) while Lee et al. [24] has the lowest (24 bits). Others except Pepyne et al. [25] have 256 bits memory requirements. Pepyne et al. [25] has 384 bits memory requirements. As far as communication overheads are concern, Johnson et al. [19, 20] and Ren et al. [23] have requirements of 3 bits per frame and 7 bits per ACK frame for counter. Wang et al. [21, 22] has no extra bit requirements as these keep the authentication bits in the unused type and subtype fields of 802.11 frame. Lee et al. [24] requires four extra frames, each having 3 authentication bits. Pepyne et al. [25] has requirements of keeping 128 bits per frame for keeping counter. ASN based scheme by Singh and Sharma [26] has no explicit requirements but requires 48 bits per ACK for synchronization.


**61**

replay attacks.

required by any WLAN security protocol.

negotiation, and no fast reconnection capability [29].

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

> • utilizes sequence number of the frame along with the authentication stream generators for authentication • provides authentication by modifying sequence number of the frame by trivial math operations by sender such that the modification is verified at the receiver

*Comparison of per frame WLAN authentication solutions.*

**Light weight authentication schemes**

Singh and Sharma [26]

**Table 4.**

On comparing the computational performance of the lightweight authentication

**Features Advantage(s) Disadvantage(s)**

• it requires no extra bits or messages for authentication purpose and also no change in the existing frame format is required • lightweight authentication • helps in protecting against computation DoS attacks • prohibits replays and maintains the synchronization

AP maintains sequence numbers per STA

schemes mentioned in **Table 4**, it is found that Pepyne et al. [25] and Singh and Sharma [26] take more computational time as compared with others. Singh and Sharma [26] takes more computational time due to the fact that it involves MIC evaluation and encryption of frame for enhancing the security. It is shown in [26] that considering only the authentication the time taken for computational cost for is 0.5 micro seconds which implies that it is same as that of other lightweight solutions. Except, Pepyne et al. [25], the chances of Brute Force attacks on authentication bits embedded in the frames are quite high in these schemes. Except Pepyne et al. [25] and Singh and Sharma [26] the possibilities of frame contents modification, man-in-the middle attack, replay attacks and DoS attacks are quite high. Pepyne et al. [25] and Singh and Sharma [26] do not allow frame contents modifications and DoS attacks. Pepyne et al. [25] suffers under man-in-the middle attack and

Though KHC is considered in this chapter initially under the Access control mechanisms, it involves lightweight per frame authentication also and needs a special mention in this sub-section. In comparison with the schemes mentioned in **Table 4**, KHC has longer initial entity authentication process. KHC also has raised memory requirements but meets important security features like forward secrecy, key refreshing, lightweight per frame authentication, per frame encryption etc.

Apart from the two main authentication types i.e., MIC based authentication and lightweight authentication, the others are password key exchange mechanisms and layered authentication. The password key exchange mechanisms [27, 28] provide mutual authentication between client and authentication server (AS), identity privacy, half forward secrecy and low computation cost for a client. These mechanisms lack some of the mandatory and recommended requirements for the key exchange methods [29]. Also, these schemes provide authentication at the AS level only while ignoring the authentication at the AP level. The layered authentication achieved by EAP which acts as basis for higher layer authentication protocols, contains certain vulnerabilities e.g. no identity protection, no protected cipher suite *Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*


#### **Table 4.**

*Computer and Network Security*

Only one bit from the authentication stream generator is placed in the link layer data frame

receiver generates an authentication stream using same seed value • The bit from the authentication stream is put in the frames by the sender and are verified by the receiver using its authentication stream

• single bit lightweight authentication solution • Concept of discrimination among legitimate STAs and attacker nodes is used

for authentication of management frames

• based upon improvising the WEP protocol • uses random stream generator for generating the authenticator variables and fresh encryption keys

Wang et al. [21] • the sender and the

Ren et al. [23] 3 bit authentication solution

Lee et al. [24] Scheme selects 3 bits

**Features Advantage(s) Disadvantage(s)**

• scheme provides originator sender identity authentication • has low communication overhead • as one bit can easily be damaged, synchronization algorithm is also proposed

lightweight protocol with synchronization algorithm and low communication overhead

efficient in terms of computation cost, communication cost and synchronization

Has synchronization algorithm that uses 7 bit counter value put in the ACK frame by the receiver for attaining synchronization

Protection from DoS attack performed by unauthenticated management frames

Frame counter 'k' is used for synchronization purpose

efficiency

• attack leading to nonsynchronization can easily be launched via successive frame authentication

• The number of bits used for authentication purpose is too less due to which attacker has 50% chances • the data packets are not encrypted in SOLA nor MIC per frame is provided, hence payload may be changed (overwrite attack)

• The authentication bits are not bound to the frame

• synchronization process is affected by flooding DoS attack where the attacker confuses the sender via unauthenticated ACK

• long authentication bits of continuous 0's or 1's by attackers in the frames can

Possibility of authentication bit manipulation by attacker

still utilizes less number of bits and therefore high probability of attacks

• scheme protects only the management frame whereas the data frame are

• DoS attack is still possible by using frames other than the management frames

attacker can easily modify 'k' and launch the attack leading to non-synchronization and

not protected

Denial of Service

cause confusion

contents

frames

exists

failures

**Light weight authentication schemes**

Johnson et al. [19] Wu et al. [20]

Wang, et al. [22]

Pepyne et al. [25]

**60**

*Comparison of per frame WLAN authentication solutions.*

On comparing the computational performance of the lightweight authentication schemes mentioned in **Table 4**, it is found that Pepyne et al. [25] and Singh and Sharma [26] take more computational time as compared with others. Singh and Sharma [26] takes more computational time due to the fact that it involves MIC evaluation and encryption of frame for enhancing the security. It is shown in [26] that considering only the authentication the time taken for computational cost for is 0.5 micro seconds which implies that it is same as that of other lightweight solutions.

Except, Pepyne et al. [25], the chances of Brute Force attacks on authentication bits embedded in the frames are quite high in these schemes. Except Pepyne et al. [25] and Singh and Sharma [26] the possibilities of frame contents modification, man-in-the middle attack, replay attacks and DoS attacks are quite high. Pepyne et al. [25] and Singh and Sharma [26] do not allow frame contents modifications and DoS attacks. Pepyne et al. [25] suffers under man-in-the middle attack and replay attacks.

Though KHC is considered in this chapter initially under the Access control mechanisms, it involves lightweight per frame authentication also and needs a special mention in this sub-section. In comparison with the schemes mentioned in **Table 4**, KHC has longer initial entity authentication process. KHC also has raised memory requirements but meets important security features like forward secrecy, key refreshing, lightweight per frame authentication, per frame encryption etc. required by any WLAN security protocol.

Apart from the two main authentication types i.e., MIC based authentication and lightweight authentication, the others are password key exchange mechanisms and layered authentication. The password key exchange mechanisms [27, 28] provide mutual authentication between client and authentication server (AS), identity privacy, half forward secrecy and low computation cost for a client. These mechanisms lack some of the mandatory and recommended requirements for the key exchange methods [29]. Also, these schemes provide authentication at the AS level only while ignoring the authentication at the AP level. The layered authentication achieved by EAP which acts as basis for higher layer authentication protocols, contains certain vulnerabilities e.g. no identity protection, no protected cipher suite negotiation, and no fast reconnection capability [29].
