**Abstract**

Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devices—three standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided.

**Keywords:** WLAN security, WEP, WPA, 802.11i, denial of service (DoS), lightweight authentication, secure handoff

## **1. Introduction**

Wireless Local Area Networks (WLANs) provide an extension to the wired network. The wireless stations (STAs) connect to an Access Point (AP) for communication. The messages involved in the communication between STA and AP are visible to other STAs lying in the communication range. This makes WLANs insecure and hence WLANs requires protection.

As with any other computer network, the major security goals in WLANs are: confidentiality, integrity and availability (termed as CIA triad). Prominent techniques that help in attaining these goals include: access control, authentication, encryption, message authentication codes (MAC). Under Access control domain, the entity authentication is performed initially. Depending upon the entity authentication results, access into the WLAN network is controlled. For controlling access into the WLANs IEEE 802.11i (WPA2) is the main standard [1]. This standard though provides flexibility in user authentication but has several issues under the Denial of Service (DoS) attacks [2]. For providing protection to individual WLAN data frames encryption mechanisms like WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Lepaja et al. [3] have demonstrated through experiment that WPA with AES provides high TCP throughput. Also, AES-CCMP protocol provides strong security properties, and hence is mostly used in the enterprises [3]. In WLANs, sometimes handoff by the STA is required to maintain communication continuity. There exist several protocols like CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r that claim safe and continuous handoff by the STAs [4]. These protocols transfer safely the keying material to STA for further communication. The time limit constraint is imposed on such handoff as the handoff should be performed within short interval required by the real time applications.

This chapter is further divided into four sections. Section2 discusses access control methodologies in WLANs while section3 provides understanding of frame authentication methodologies. Section 4 explains secure handoff methods along with the requirements of secure handoff in WLAN environment. Each of these sections also provides comparative analysis among various methodologies. Section5 provides conclusions and future directions.

### **2. Access control**

Traditionally, the entity authentication and access control is provided by the legacy authentication standard i.e., WEP. It has proved insufficient [2] and is hence, deprecated. Currently, IEEE 802.11i (WPA2) [1] security standard is used as an entity authentication and access control mechanism. This security standard is used to secure data communication over 802.11 wireless LANs. The IEEE 802.11i authentication specifies 802.1X authentication mechanism for large networks. The 4-way handshake follows an 802.1X authentication process to confirm the shared keys on Wireless Station (STA) and AP, evolving alongside the Pairwise Transient Key (PTK). This key is used to secure the data sessions between STA and AP using either Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) in counter mode with a Cipher Block Chaining Message Authentication Code (CBC-MAC) Protocol (CCMP). As per the findings of Asante and Akomea-Agyin, use of simple passwords/passphrases makes CCMP susceptible to dictionary attacks [5]. The authentication and 4-way handshake are performed sequentially in 802.11i. Once STAs are authenticated, the standard evolves fresh secret keys to secure data communication over 802.11 wireless LANs. A large numbers of packets are used in these processes [2], which results in an increased process length, communication overhead and network overhead. The authentication and 4-way handshake both are prone to Denial of Service (DoS) attacks. This is due to the lack of proper authentication and insecure message communications between wireless devices [2, 6].

In 802.11i based Networks, 4-way handshake is used for evolving and sharing the keys between the two communicating partners. This 4-way handshake is one of the major concerns in WPA2/802.11i because of Denial of Service (DoS) attacks and therefore researchers target to reduce the 4-way handshake latency. Some suggested to make it 3-way while other suggested to make it 2-way [7]. One such improvement is proposed by Singh and Sharma [7]. In their proposal, the authors try to eliminate the entire 4-way handshake while maintaining the security and key refreshing requirements. For their purpose, they have utilized frame sequence numbers and the striking feature of the proposal is that the key freshness is maintained for each communicating frame. The key refreshed is used for fulfilling the security aspects like frame encryption and integrity management. The overheads in the proposal are bare minimum and it is lightweight as no changes in the existing MAC frame

**53**

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

synchronization in case of frame loss.

considers the present widespread standard i.e., WPA2.

attacks conducted in the 4-way handshake are also removed.

are done. Also, no extra messages are required. Their improvement is more useful under frequent key refreshing situations where users are joining and leaving the wireless environment frequently like in a short duration conference/workshop or in lounge of railway station/airport. The improved technique provides a secure authentication mechanism and no explicit synchronization is required in case of loss of frames. The timings analysis done in the work shows that this technique is effective while security analysis shows that it enjoys almost equivalent security as compared with 4-way handshake of 802.11i. Removal of handshake ensures that the

Another improvement in the 802.11i standard is proposed by Singh and Sharma [8] wherein a novel sequence number based scheme is proposed to reduce the MIC field overhead in the WLANs. The existing security frameworks (WPA, 802.11i) provide MIC for maintaining the integrity and authentication for each data frame. MIC is kept in separate field in the frame, and hence adds to the communication overhead. The scheme of Singh and Sharma [8] introduces the notion of authentication token (AT). This AT is calculated based upon the existing sequence number of the WLAN frame. The AT serves both frame integrity and frame authentication purposes. After calculation, it is placed instead of sequence number in the sequence number field of the WLAN frame which means no extra bit or field overhead involvements. As MIC field is removed and AT placement requires no overheads, the scheme is effective as far as WLAN communication overheads and space managements are considered. In addition, the authors have shown that their method is resistant against replay attacks and also provided details on how to attain

In October 2017, a new and major weakness was documented in WPA2 WLAN standard termed as Key Reinstallation AttaCK or KRACK [9]. It was noted that this affected all kinds of WLAN security and hence the reputation of WPA2 got decreased. The WPA2 standard also suffered under DoS attacks. Hence, Wi-Fi Alliance comes up with the improvement. The improvement is termed as WPA3. Its main features involve: (1) ease of use (2) natural password selection (3) an improved and robust handshake and, (4) forward secrecy. The WPA3 is backward compatible with WPA2 which means the upgraded devices can work in WPA2 or WPA3 modes [10]. The market adoption of this standard is now picking and it will take some more time for getting stabilized. Thus, this work on WLAN security

Li et al. proposed an initial entity authentication scheme termed as fast WLAN initial access authentication protocol (FLAP) [11]. FLAP is targeted towards making access authentication faster by reducing the number of initial authentication messages. It is assumed in the protocol that STA and AS share common secret key which simplifies the entire mechanism. Overall, this method involves 6 messages (approx. Two round trip times, **Figure 1**), proves STA authentication at the AS via shared key, has key hierarchy equivalent to 802.11i and protects the messages by MIC. Through practical measurements it is shown that FLAP can improve the efficiency of EAP-TLS by 94.7 percent. It is suggested that this method is compatible with 802.11i and can coexist with existing 802.11i standard. Depending upon circumstances either 802.11i or FLAP can be chosen from suite selector. Like standard 802.11i security protocol, FLAP scheme also depends upon MIC for frame integrity and authentication despite of the fact that MIC verification is computation intensive. This protocol hence may fall an easy prey to Denial of Service (DoS) attacks wherein the attacker may send large number of frames having incorrect MICs. The successive MIC failures on the receiver results in a kind of DoS attack termed as computation DoS attack [12]. Singh and Sharma [13] proposed an access control authentication scheme— SWAS (Secure WLAN Authentication Scheme). The scheme introduces the concept

#### *Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

*Computer and Network Security*

provides conclusions and future directions.

**2. Access control**

TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Lepaja et al. [3] have demonstrated through experiment that WPA with AES provides high TCP throughput. Also, AES-CCMP protocol provides strong security properties, and hence is mostly used in the enterprises [3]. In WLANs, sometimes handoff by the STA is required to maintain communication continuity. There exist several protocols like CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r that claim safe and continuous handoff by the STAs [4]. These protocols transfer safely the keying material to STA for further communication. The time limit constraint is imposed on such handoff as the handoff should be performed within short interval required by the real time applications. This chapter is further divided into four sections. Section2 discusses access control methodologies in WLANs while section3 provides understanding of frame authentication methodologies. Section 4 explains secure handoff methods along with the requirements of secure handoff in WLAN environment. Each of these sections also provides comparative analysis among various methodologies. Section5

Traditionally, the entity authentication and access control is provided by the legacy authentication standard i.e., WEP. It has proved insufficient [2] and is hence, deprecated. Currently, IEEE 802.11i (WPA2) [1] security standard is used as an entity authentication and access control mechanism. This security standard is used to secure data communication over 802.11 wireless LANs. The IEEE 802.11i authentication specifies 802.1X authentication mechanism for large networks. The 4-way handshake follows an 802.1X authentication process to confirm the shared keys on Wireless Station (STA) and AP, evolving alongside the Pairwise Transient Key (PTK). This key is used to secure the data sessions between STA and AP using either Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) in counter mode with a Cipher Block Chaining Message Authentication Code (CBC-MAC) Protocol (CCMP). As per the findings of Asante and Akomea-Agyin, use of simple passwords/passphrases makes CCMP susceptible to dictionary attacks [5]. The authentication and 4-way handshake are performed sequentially in 802.11i. Once STAs are authenticated, the standard evolves fresh secret keys to secure data communication over 802.11 wireless LANs. A large numbers of packets are used in these processes [2], which results in an increased process length, communication overhead and network overhead. The authentication and 4-way handshake both are prone to Denial of Service (DoS) attacks. This is due to the lack of proper authentication and insecure message communications between wireless devices [2, 6]. In 802.11i based Networks, 4-way handshake is used for evolving and sharing the keys between the two communicating partners. This 4-way handshake is one of the major concerns in WPA2/802.11i because of Denial of Service (DoS) attacks and therefore researchers target to reduce the 4-way handshake latency. Some suggested to make it 3-way while other suggested to make it 2-way [7]. One such improvement is proposed by Singh and Sharma [7]. In their proposal, the authors try to eliminate the entire 4-way handshake while maintaining the security and key refreshing requirements. For their purpose, they have utilized frame sequence numbers and the striking feature of the proposal is that the key freshness is maintained for each communicating frame. The key refreshed is used for fulfilling the security aspects like frame encryption and integrity management. The overheads in the proposal are bare minimum and it is lightweight as no changes in the existing MAC frame

**52**

are done. Also, no extra messages are required. Their improvement is more useful under frequent key refreshing situations where users are joining and leaving the wireless environment frequently like in a short duration conference/workshop or in lounge of railway station/airport. The improved technique provides a secure authentication mechanism and no explicit synchronization is required in case of loss of frames. The timings analysis done in the work shows that this technique is effective while security analysis shows that it enjoys almost equivalent security as compared with 4-way handshake of 802.11i. Removal of handshake ensures that the attacks conducted in the 4-way handshake are also removed.

Another improvement in the 802.11i standard is proposed by Singh and Sharma [8] wherein a novel sequence number based scheme is proposed to reduce the MIC field overhead in the WLANs. The existing security frameworks (WPA, 802.11i) provide MIC for maintaining the integrity and authentication for each data frame. MIC is kept in separate field in the frame, and hence adds to the communication overhead. The scheme of Singh and Sharma [8] introduces the notion of authentication token (AT). This AT is calculated based upon the existing sequence number of the WLAN frame. The AT serves both frame integrity and frame authentication purposes. After calculation, it is placed instead of sequence number in the sequence number field of the WLAN frame which means no extra bit or field overhead involvements. As MIC field is removed and AT placement requires no overheads, the scheme is effective as far as WLAN communication overheads and space managements are considered. In addition, the authors have shown that their method is resistant against replay attacks and also provided details on how to attain synchronization in case of frame loss.

In October 2017, a new and major weakness was documented in WPA2 WLAN standard termed as Key Reinstallation AttaCK or KRACK [9]. It was noted that this affected all kinds of WLAN security and hence the reputation of WPA2 got decreased. The WPA2 standard also suffered under DoS attacks. Hence, Wi-Fi Alliance comes up with the improvement. The improvement is termed as WPA3. Its main features involve: (1) ease of use (2) natural password selection (3) an improved and robust handshake and, (4) forward secrecy. The WPA3 is backward compatible with WPA2 which means the upgraded devices can work in WPA2 or WPA3 modes [10]. The market adoption of this standard is now picking and it will take some more time for getting stabilized. Thus, this work on WLAN security considers the present widespread standard i.e., WPA2.

Li et al. proposed an initial entity authentication scheme termed as fast WLAN initial access authentication protocol (FLAP) [11]. FLAP is targeted towards making access authentication faster by reducing the number of initial authentication messages. It is assumed in the protocol that STA and AS share common secret key which simplifies the entire mechanism. Overall, this method involves 6 messages (approx. Two round trip times, **Figure 1**), proves STA authentication at the AS via shared key, has key hierarchy equivalent to 802.11i and protects the messages by MIC. Through practical measurements it is shown that FLAP can improve the efficiency of EAP-TLS by 94.7 percent. It is suggested that this method is compatible with 802.11i and can coexist with existing 802.11i standard. Depending upon circumstances either 802.11i or FLAP can be chosen from suite selector. Like standard 802.11i security protocol, FLAP scheme also depends upon MIC for frame integrity and authentication despite of the fact that MIC verification is computation intensive. This protocol hence may fall an easy prey to Denial of Service (DoS) attacks wherein the attacker may send large number of frames having incorrect MICs. The successive MIC failures on the receiver results in a kind of DoS attack termed as computation DoS attack [12].

Singh and Sharma [13] proposed an access control authentication scheme— SWAS (Secure WLAN Authentication Scheme). The scheme introduces the concept

#### **Figure 1.**

*A simplified overview of initial access authentication protocol (FLAP).*

of delegation in WLANs and provides access to clients only upon authentication. SWAS provides authentication of all parties (STA, AP and AS) and evolves a fresh key for securing the data sessions. In addition, it provides security to all messages by utilizing cryptographic primitives, such as encryption and Message Integrity Code (MIC). The proposed scheme reduces the length and complexity compared to IEEE 802.11i authentication and key deriving process. The use of cryptographic techniques does not increase the authentication time of the proposed method. The scheme reduces the communication cost, network overhead and is also resilient against DoS attacks. Therefore, the main contribution of SWAS is to provide a secure and efficient authentication mechanism that evolves fresh communication keys.

The SWAS scheme involves three parties: STA, AP and AS. It has three phases: registration phase, request phase and authentication phase. Initially, STA registration is performed at AS and is required only once in a given network. In registration, AS utilizes delegation concept, and generates shared secret key (σ) for AS and STA [14]. The registration phase is followed by the request phase, where the existing 802.11 probe requests, and the probe response messages are utilized by the STA to request the network connection and access. After the request phase, SWAS authentication is performed for authentication and to derive a new communication key that is used to protect the data packets in subsequent sessions.

Both online and offline authentications are used in the SWAS scheme. Online authentication provides authentication and security to all messages among STA, AP and AS. The online authentication utilizes three random numbers (r1, r2, r3) and a sequence number (s1) to ensure proper encryption, authentication and key freshness. In addition, it maintains a key hierarchy similar in purpose to 802.11i with a Master Session Key (MSK), Pairwise Master Key (PMK) and Pairwise Transient Key (PTK). The PTK evolved on the STA and AP during the authentication process is used to encrypt the data packets between them. A simplified view of the SWAS online authentication message exchanges (M1, M2, M3 and M4) is shown in **Figure 2**. In this figure it is clearly visible that each one among STA, AP and AS authenticates each other through various passcode/digital signature verification. The passcode is nothing but protected information (secured through cryptographic means) for the other party. Offline authentication is required whenever a new session key between the same STA and AP is required. This does not involve AS for authentication rather it uses prior stored information at STA and AP. The offline authentication is done via a re-association request and utilizes loosely synchronized sequence number scheme [15].

The salient features of SWAS include: (1) Resistance to DoS attacks in almost all the phases, (2) Less communication and computation time as compared with

**55**

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

handoff situations is provided till date.

*A simplified overview of online authentication phase of SWAS scheme.*

**Figure 2.**

tion process is shown stepwise in **Figure 3**.

IEEE 802.11i standard, (3) authentication of all the associated parties i.e., STA, AP and AS by each other and, (4) authentication of all the messages used during all the protocol communication phases. The shortcomings include: (1) lack of practical demonstration of the protocol and (2) no extension of the scheme under the

Authentication per frame and symmetric key based encryption is an implicit necessity for security in Wireless Local Area Networks (WLANs). Singh and Sharma [16] proposed a novel symmetric key based Access Control and per frame authentication scheme for WLANs termed as Key Hiding Communication (KHC) scheme. KHC scheme has two phases: initial phase and communication phase. Former is utilized for sharing and evolving the master key (MK) between STA and AP whereas latter is utilized for onwards data frame communication using the (refreshed) keys. The major establishment of this scheme is the introduction of novel concepts of refreshing the key, protecting the key and initial vector (IV) using different counters and then mixing the bytes of protected key and IV together for each communicating frame. The mixing is based upon the shared secret key and hence only the two communicating parties i.e., STA and AP can mix and separate the bytes of key and IV. The protected mixed bytes are termed as codeword while the concept of mixing the protected key and IV bytes is termed as key hiding. The codeword is added in the WLAN frame. This addition of codeword to the existing WLAN frame occupies extra space and hence the scheme has extra space overheads. Integrity to the frame is provided via MIC. A new key and new IV for the new frame to be transmitted is evaluated based upon existing secret key and existing IV. Evaluation of new key and new IV is termed as key and IV refreshing. The refreshed new key and new IV are first protected using incremented values of counters and then mixed together to form new codeword. The verification and separation of the key and IV from the transmitted codeword provides frame authentication. Once the frame is authenticated, its integrity is verified through MIC verification involving key. The frame authentication is lightweight in KHC as it involves trivial increment, XOR and modulus operations. Thus, KHC follows the notion of frame authentication first and then checking the frame integrity for protection against computation DoS attacks. The separated key and IV are used to decrypt the frame contents and are also used to confirm the frame integrity via MIC. The simplified overview of KHC communica*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

#### **Figure 2.**

*Computer and Network Security*

**Figure 1.**

of delegation in WLANs and provides access to clients only upon authentication. SWAS provides authentication of all parties (STA, AP and AS) and evolves a fresh key for securing the data sessions. In addition, it provides security to all messages by utilizing cryptographic primitives, such as encryption and Message Integrity Code (MIC). The proposed scheme reduces the length and complexity compared to IEEE 802.11i authentication and key deriving process. The use of cryptographic techniques does not increase the authentication time of the proposed method. The scheme reduces the communication cost, network overhead and is also resilient against DoS attacks. Therefore, the main contribution of SWAS is to provide a secure and efficient authentication mechanism that evolves fresh communication keys. The SWAS scheme involves three parties: STA, AP and AS. It has three phases: registration phase, request phase and authentication phase. Initially, STA registration is performed at AS and is required only once in a given network. In registration, AS utilizes delegation concept, and generates shared secret key (σ) for AS and STA [14]. The registration phase is followed by the request phase, where the existing 802.11 probe requests, and the probe response messages are utilized by the STA to request the network connection and access. After the request phase, SWAS authentication is performed for authentication and to derive a new communication

*A simplified overview of initial access authentication protocol (FLAP).*

key that is used to protect the data packets in subsequent sessions.

Both online and offline authentications are used in the SWAS scheme. Online authentication provides authentication and security to all messages among STA, AP and AS. The online authentication utilizes three random numbers (r1, r2, r3) and a sequence number (s1) to ensure proper encryption, authentication and key freshness. In addition, it maintains a key hierarchy similar in purpose to 802.11i with a Master Session Key (MSK), Pairwise Master Key (PMK) and Pairwise Transient Key (PTK). The PTK evolved on the STA and AP during the authentication process is used to encrypt the data packets between them. A simplified view of the SWAS online authentication message exchanges (M1, M2, M3 and M4) is shown in **Figure 2**. In this figure it is clearly visible that each one among STA, AP and AS authenticates each other through various passcode/digital signature verification. The passcode is nothing but protected information (secured through cryptographic means) for the other party. Offline authentication is required whenever a new session key between the same STA and AP is required. This does not involve AS for authentication rather it uses prior stored information at STA and AP. The offline authentication is done via a re-association request and utilizes loosely synchronized

The salient features of SWAS include: (1) Resistance to DoS attacks in almost all the phases, (2) Less communication and computation time as compared with

**54**

sequence number scheme [15].

*A simplified overview of online authentication phase of SWAS scheme.*

IEEE 802.11i standard, (3) authentication of all the associated parties i.e., STA, AP and AS by each other and, (4) authentication of all the messages used during all the protocol communication phases. The shortcomings include: (1) lack of practical demonstration of the protocol and (2) no extension of the scheme under the handoff situations is provided till date.

Authentication per frame and symmetric key based encryption is an implicit necessity for security in Wireless Local Area Networks (WLANs). Singh and Sharma [16] proposed a novel symmetric key based Access Control and per frame authentication scheme for WLANs termed as Key Hiding Communication (KHC) scheme. KHC scheme has two phases: initial phase and communication phase. Former is utilized for sharing and evolving the master key (MK) between STA and AP whereas latter is utilized for onwards data frame communication using the (refreshed) keys. The major establishment of this scheme is the introduction of novel concepts of refreshing the key, protecting the key and initial vector (IV) using different counters and then mixing the bytes of protected key and IV together for each communicating frame. The mixing is based upon the shared secret key and hence only the two communicating parties i.e., STA and AP can mix and separate the bytes of key and IV. The protected mixed bytes are termed as codeword while the concept of mixing the protected key and IV bytes is termed as key hiding. The codeword is added in the WLAN frame. This addition of codeword to the existing WLAN frame occupies extra space and hence the scheme has extra space overheads. Integrity to the frame is provided via MIC. A new key and new IV for the new frame to be transmitted is evaluated based upon existing secret key and existing IV. Evaluation of new key and new IV is termed as key and IV refreshing. The refreshed new key and new IV are first protected using incremented values of counters and then mixed together to form new codeword. The verification and separation of the key and IV from the transmitted codeword provides frame authentication. Once the frame is authenticated, its integrity is verified through MIC verification involving key. The frame authentication is lightweight in KHC as it involves trivial increment, XOR and modulus operations. Thus, KHC follows the notion of frame authentication first and then checking the frame integrity for protection against computation DoS attacks. The separated key and IV are used to decrypt the frame contents and are also used to confirm the frame integrity via MIC. The simplified overview of KHC communication process is shown stepwise in **Figure 3**.

#### **Figure 3.**

*A simplified overview of communication phase of KHC scheme.*

In nutshell, KHC introduces the concept of key hiding which involves protecting the key using counters followed by mixing of refreshed key & IV i.e., mapping of refreshed key & IV. Through this process of formation of the codeword, the secret symmetric key remains concealed from the attacker. The recipient extracts the key from the codeword, compares it with its own evaluated key, thereby authenticating the sender. Key along with IV, is then used to decrypt the data frame of the sender. Thus, KHC is a useful WLAN communication scheme that is not only secure but is also efficient. The major contributions made by KHC are: (1) lightweight WLAN communication methodology, (2) utilization of symmetric key based encryption/ decryption, (3) Per frame Key refreshment, (4) protection against computation DoS attacks and, (5) comparable security as that of 802.11i.

#### **2.1. Comparisons of various WLAN access control mechanisms**

A property wise comparison between prominent WLAN access control security mechanism is presented in **Table 1**. WEP is though deprecated but mentioned here for the sake of completeness. It can be noted that WEP provides weak authentication, integrity and encryption support. Further, WEP does not consider key and IV refreshing. IEEE 802.11i is a strong protocol as it maintains strong authentication, integrity and encryption. It involves large number of messages and hence consumes times during initial authentication. For key refreshing, it involves 4-way handshake having 4 message exchanges between STA and AP. This 4-way handshake is the major concern in 802.11i. It is prone to DoS attacks and KRACK attacks. FLAP and SWAS both enjoys features similar to that of 802.11i with a difference that the messages exchanged for symmetric key evaluation are less in FLAP and SWAS. In FLAP, very few i.e., approx. 6 messages are exchanged for the key evaluation (including those between STA and AP). In SWAS, only four (4) initial messages are required during online authentication (including those between STA and AP) for sharing the PTK. During offline authentication for refreshing the shared symmetric key only two messages are required. The KHC scheme adopts an interesting methodology which is different from the other access control protocol.

**57**

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

**WLAN access control—Security mechanisms**

Authentication Yes, weak Yes, strong,

Yes, weak, CRC based

Yes, low, RC4 algorithm

No, done manually

N.A.\* Yes, four,

*Property wise comparison of WLAN access control security mechanisms [16].*

explicitly

Integrity support

Encryption support for confidentiality, strength of encryption

Synchronization Algorithm

Initial message Exchange for symmetric key exchange

Messages exchange for key renewal

**Table 1.**

*\*Not Applicable in this mechanism.*

It does not use any third party like AS in the authentication process and hence involves less number of messages. It provides an implicit key hiding per frame authentication procedure that is capable of communicating the key to the other entity and is able to refresh not only the shared key but also the IV for encrypting each frame. Thus, least messages are required for key refreshing among all the access control WLAN security mechanisms. Also, the adopted methodology of key refreshing, protection and mapping makes the cracking of key difficult for the attacker. In contrast to WEP, IV is hidden and not visible to the attacker. Other

**Property WEP 802.11i [1] FLAP [11] SWAS [13] KHC [16]**

Yes, strong, initial entity authentication followed by MIC based per frame auth.

Yes, strong, MIC based

Yes, high, TKIP and AES based

No No No No Yes

messages (two round trip times)

Yes, four (between STA and AP), explicitly

Yes, large Yes, few – 06

Key freshness No Yes Yes Yes Yes IV freshness No N.A.\* N.A.\* N.A.\* Yes

Yes, strong, initial authentication followed by MIC based per frame auth.

Yes, strong, MIC based

Yes, high (Once shared key is evolved, rest process is same as that of 802.11i)

Yes, few -only four (4) initial messages during online authentication

Yes, two using offline authentication Yes, strong, initial entity authentication followed by continuous, lightweight per frame auth.

Yes, strong, MIC based

Yes, high, any one of RC4/ TKIP/ AES can be used

Yes, few

No, done implicitly

initial entity authentication followed by MIC based per frame auth.

Yes, strong, MIC based

Yes, high, TKIP and AES based

As shown in **Table 2**, memory requirements of WEP is least. 802.11i has more memory requirements than WEP but less than others. Among others, SWAS has highest while FLAP has lowest memory requirements. Communication overhead analysis shows that (1) KHC and WEP involves per frame overheads whereas in others it is done implicitly and, (2) KHC is efficient in key refreshing as compared to others. For key refreshing each of 802.11i and FLAP requires 4 frames,

access protocols do not have the notion of IV.

*Computer and Network Security*

**Figure 3.**

In nutshell, KHC introduces the concept of key hiding which involves protecting the key using counters followed by mixing of refreshed key & IV i.e., mapping of refreshed key & IV. Through this process of formation of the codeword, the secret symmetric key remains concealed from the attacker. The recipient extracts the key from the codeword, compares it with its own evaluated key, thereby authenticating the sender. Key along with IV, is then used to decrypt the data frame of the sender. Thus, KHC is a useful WLAN communication scheme that is not only secure but is also efficient. The major contributions made by KHC are: (1) lightweight WLAN communication methodology, (2) utilization of symmetric key based encryption/ decryption, (3) Per frame Key refreshment, (4) protection against computation

A property wise comparison between prominent WLAN access control security mechanism is presented in **Table 1**. WEP is though deprecated but mentioned here for the sake of completeness. It can be noted that WEP provides weak authentication, integrity and encryption support. Further, WEP does not consider key and IV refreshing. IEEE 802.11i is a strong protocol as it maintains strong authentication, integrity and encryption. It involves large number of messages and hence consumes times during initial authentication. For key refreshing, it involves 4-way handshake having 4 message exchanges between STA and AP. This 4-way handshake is the major concern in 802.11i. It is prone to DoS attacks and KRACK attacks. FLAP and SWAS both enjoys features similar to that of 802.11i with a difference that the messages exchanged for symmetric key evaluation are less in FLAP and SWAS. In FLAP, very few i.e., approx. 6 messages are exchanged for the key evaluation (including those between STA and AP). In SWAS, only four (4) initial messages are required during online authentication (including those between STA and AP) for sharing the PTK. During offline authentication for refreshing the shared symmetric key only two messages are required. The KHC scheme adopts an interesting methodology which is different from the other access control protocol.

DoS attacks and, (5) comparable security as that of 802.11i.

*A simplified overview of communication phase of KHC scheme.*

**2.1. Comparisons of various WLAN access control mechanisms**

**56**


#### **Table 1.**

*Property wise comparison of WLAN access control security mechanisms [16].*

It does not use any third party like AS in the authentication process and hence involves less number of messages. It provides an implicit key hiding per frame authentication procedure that is capable of communicating the key to the other entity and is able to refresh not only the shared key but also the IV for encrypting each frame. Thus, least messages are required for key refreshing among all the access control WLAN security mechanisms. Also, the adopted methodology of key refreshing, protection and mapping makes the cracking of key difficult for the attacker. In contrast to WEP, IV is hidden and not visible to the attacker. Other access protocols do not have the notion of IV.

As shown in **Table 2**, memory requirements of WEP is least. 802.11i has more memory requirements than WEP but less than others. Among others, SWAS has highest while FLAP has lowest memory requirements. Communication overhead analysis shows that (1) KHC and WEP involves per frame overheads whereas in others it is done implicitly and, (2) KHC is efficient in key refreshing as compared to others. For key refreshing each of 802.11i and FLAP requires 4 frames,


#### **Table 2.**

*Performance comparison of WLAN access control security mechanisms [16].*

SWAS requires 2 frames whereas it is handled implicitly in KHC. In [11], the average authentication delays of the EAP-TLS and FLAP are evaluated as 260.253 and 13.884 ms, respectively. In [13], the total time for SWAS authentication is found to be of the order of 26.46 ms (including time for DoS protection). In [16] Key refreshing timings of 802.11i and KHC are shown as 13.5 ms and 7.5 ms, respectively.

The security comparison shown in **Table 3** clearly indicates that SWAS and KHC scheme provides almost equivalent and better security. 802.11i is prone to DoS attacks whereas FLAP is prone to replay and man-in-middle attacks. Obviously, security of FLAP is least and hence it is not much used presently.

In most of the WLAN access control mechanisms (except KHC), authenticity to the data frame is usually provided by MIC. The MIC based per frame authentication may lead to computation DoS. Hence, lightweight per frame authentication solution is required. It is discussed next.


**59**

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

less computation time may prove useful.

In WLANs, a two layer redundant security exists. One at the Medium Access Control (MAC) layer while other at the higher layer dealing with End to End security. In former, 802.11i provides security while in latter, higher layer protocols like IPSec, SSL-TLS etc. provides security. Hence, it is suggestive that lightweight authentication

For providing individual frame level protection, two kinds of per frame authentication exist in WLANs: MIC based authentication and lightweight authentication. MIC based frame authentication for data frames is utilized by standard WLAN protocols like IEEE 802.11i, FLAP etc. In these protocols, each frame is accompanied by a unique MIC calculated using sender's shared secret key. The receiver verifies it by recalculating and matching using its share secret key. The MIC calculations and verification consume computation time of the order of 1.5 ms and as shown in Section 2 for FLAP protocol, computation DoS attacks are a possibility [12, 17, 18]. Main reason for computation DoS attack is attributed to the fact that MIC is serving two purposes: authentication and message integrity. Instead, first lightweight authentication should be used. If it succeeds, frame integrity (MIC) should be checked only for those frames whose authentication has succeeded. This will reduce the DoS attacker chances. Thus, lightweight authentication techniques which uses

The lightweight authentication schemes [19–25] generate the random authentication bits at sender and receiver using random bit generator with commonly shared secret seed as input. These authentication bits are inserted into the WLAN frames. Upon verification of the authentication bits, the frame is accepted at the receiver. Though such schemes provides authentication but they usually lack other security measures like key freshness, secrecy and integrity. A brief tabulation of these schemes is presentation in **Table 4**, showing advantage and disadvantage of each.

All the schemes considered in **Table 4** provide per frame continuous authentication. Schemes of Pepyne et al. [25] and Singh and Sharma [26] supports integrity. Former supports CRC based weak integrity while latter supports MIC based strong integrity. Schemes of Pepyne et al. [25] and Singh and Sharma [26] supports encryption. Former supports RC4 based weak encryption while latter supports TKIP/AES based strong encryption. All the schemes considered use their own synchronization algorithm, in fact scheme by Wang et al. [22] uses three different synchronization algorithms. Schemes by Ren et al. [23], Lee et al. [24], Pepyne et al. [25] and Singh and Sharma [26] involves initial message exchanges. Key freshness is incorporated by Pepyne et al. [25] and Singh and Sharma [26]. None of these

**3.1 Comparisons of various lightweight authentication mechanisms**

involves extra messages for evolving new symmetric key (key renewal).

but requires 48 bits per ACK for synchronization.

Considering the memory requirements of these schemes Singh and Sharma [26] has the greatest (912 bits) while Lee et al. [24] has the lowest (24 bits). Others except Pepyne et al. [25] have 256 bits memory requirements. Pepyne et al. [25] has 384 bits memory requirements. As far as communication overheads are concern, Johnson et al. [19, 20] and Ren et al. [23] have requirements of 3 bits per frame and 7 bits per ACK frame for counter. Wang et al. [21, 22] has no extra bit requirements as these keep the authentication bits in the unused type and subtype fields of 802.11 frame. Lee et al. [24] requires four extra frames, each having 3 authentication bits. Pepyne et al. [25] has requirements of keeping 128 bits per frame for keeping counter. ASN based scheme by Singh and Sharma [26] has no explicit requirements

and symmetric key based cryptographic measures per frame should be used.

**3. Frame authentication**

#### **Table 3.**

*Comparison of WLAN access control security mechanisms under attacks [16].*
