**4. Secure handoff**

WLANs handoffs are essential for providing continuous mobility to a wireless Station in an Enterprise LAN. Two important requirements of the handoff are: (1) establishment of a secure connection of the roaming STA with new access point (AP) and (2) completion of handoff within time limits such that the undergoing communication remains unaffected. The time limit on handoff for multimedia and real time WLAN applications is approximately 50 ms [30]. During this period no data packets transfer occurs. As per the 802.11i WLAN security standard, the complete secure STA authentication (default Full EAP/TLS) via AS evolving shared secret key between STA and AP takes time of the order of 300 ms to 4 s [12] and hence is unfit for the handoffs. For reducing this time, notion of pre-authentication is introduced wherein full 802.1X authentication involving AS is done utilizing old AP and candidate AP (new AP). Hence, at the time of handoff only 4-way handshake is required between STA and candidate AP. In this pre-authentication process, an inaccurate candidate AP prediction has associated resource wastage issues as full 802.1X will again be required [31]. Researchers have considered predictive authentication and proactive key distribution for reducing the handoff times. Former involves predicting the candidate AP whereas latter involves locating a group of candidate APs. Thus, in former the problem of inaccurate candidate AP prediction exists whereas in latter the problem of extra communication overhead for authentication with group of APs exists.

Researchers have also worked towards reactive solutions wherein the candidate AP is selected by STA and then the security context is transferred to this AP. In such solutions, STA requests to AS via old AP, then AS transfer security context and material to the candidate AP. Singh and Sharma [32] proposed one such novel secure handoff scheme that maintains security properties while evolving and transferring the security context (key and initial vector) to the candidate AP. The scheme is lightweight and uses reactive method for handoff. Two kinds of APs are defined in the scheme: normal AP and Domain Controller AP (DCAP). STA request DCAP through AP by putting ID of the candidate AP. DCAP in turn distributes the STA context (key and initial vector) to the candidate AP. Thus, when STA roams into the area of candidate AP, less time is involved in the STA authentication at the candidate AP.

For providing fast and secure handoff for the mobile STA in WLANs, standard bodies IEEE and IETF have defined protocols like Control and Provisioning of Wireless Access Points (CAPWAP), HandOver Keying (HOKEY) and IEEE 802.11r (Task group r) [5]. CAPWAP supports centralized management of APs. HOKEY extends the Authentication, Authorization and Accounting (AAA) architecture to support key deriving and distribution with involving full EAP authentication. 802.11r depends upon passing credentials directly between APs for handover. Though CAPWAP takes very less time, it is more or less re-authentication with centralized Access Controller (AC), followed by key transfer to new Wireless Termination Points (WTP). HOKEY is successful in multidomains but it takes more communication time. Among these three (CAPWAP, HOKEY and 802.11r), 802.11r is more efficient in terms of communication overheads. It still has issues concerning the safe transfer of key between APs.

#### **4.1 Comparisons of various handoff mechanisms**

CAPWAP and HOKEY does not change the existing 802.11 frame structure. 802.11r is a separate protocol and hence has different frame structure. All except CAPWAP scheme generates fresh session keys. Fresh traffic keys are generated by all the schemes. Communication overhead of KHC based handoff scheme is less as

**63**

*Security in Wireless Local Area Networks (WLANs) DOI: http://dx.doi.org/10.5772/intechopen.89857*

**5. Conclusions**

the security properties intact.

specified handoff time limits.

**Acknowledgements**

Institutes for the support.

and secure handoff mechanisms using WPA3.

compared to any other scheme. This handoff scheme shortens the handoff latency by initiating a key transfer process prior to moving to the new AP and performing handoff. It strengthens the security by (1) protecting STAs from re-associating to Malicious APs, (2) evolving fresh keys even during handshake, (3) authenticating all the frames during the handoff and, (4) safeguarding against DoS attacks and,

This chapter discusses about the present WLAN security environment. It is clear that the WLAN security environment till date is dominated by WPA2 (IEEE 802.11i) standard. Researchers have pointed out regarding length and complexity of the WPA2. The major point of concern in WPA2 is key refreshing mechanism i.e., 4-way handshake due to which the WLAN security is considered vulnerable. Researchers, hence target to reduce the length of this handshake while maintaining

The chapter also studies other WLAN security mechanisms proposed by researchers and categories them into: (i) access control, (ii) per frame authentication and (iii) secure handoff mechanisms. It provides category wise comparative analysis of these mechanisms. Three mechanisms are considered in the access control category. Among them Key Hiding Communication (KHC) is the most attractive but it requires changes in the existing WLAN frame structure. Per frame category is further sub-categorized into: (a) per frame authentication mechanisms utilizing MIC and (b) lightweight per frame authentication mechanisms. For enhancing the security, most of the per frame authentication solutions rely on MIC for both authentication and integrity of frame. It is shown that this MIC verification involves computation time and large number of such verifications may result in computation DoS attack on the receiver. The researchers hence advocate separating the authentication and integrity parts in per frame authentication. The lightweight per frame authentication mechanism are though lightweight in nature but lacks security properties like key refreshing, secrecy and integrity. In this chapter, several handoff mechanisms for WLAN environment are also discussed and it is accomplished that none guarantees to maintain required level of security during the

WLAN security is having a transformation from WPA2 to WPA3. WLAN security is strengthened in the upcoming standard i.e., WPA3. It is very early to comment on the effectiveness of WPA3 and it is evident that the existing WLAN devices will continue to use WPA2. The new upcoming WLAN devices will obviously follow the backward compatibility towards WPA2. Thus, researchers can still target to test the implementation of 802.11i with the novel ideas like MIC reduction, 4-way handshake reduction and blockchain application in WLANs [33]. In wireless medium, per frame lightweight authentication mechanisms will prove an edge and in future, researchers may consider developing such solutions. For maintaining uninterrupting communication quick, secure, accurate and secure handoff is the need of the hour. Hence, researchers in future may consider implementation of efficient

The authors acknowledge and express the gratitude towards their parent

(5) providing continuous authentication during communication.

compared to any other scheme. This handoff scheme shortens the handoff latency by initiating a key transfer process prior to moving to the new AP and performing handoff. It strengthens the security by (1) protecting STAs from re-associating to Malicious APs, (2) evolving fresh keys even during handshake, (3) authenticating all the frames during the handoff and, (4) safeguarding against DoS attacks and, (5) providing continuous authentication during communication.

## **5. Conclusions**

*Computer and Network Security*

cation with group of APs exists.

the safe transfer of key between APs.

**4.1 Comparisons of various handoff mechanisms**

WLANs handoffs are essential for providing continuous mobility to a wireless Station in an Enterprise LAN. Two important requirements of the handoff are: (1) establishment of a secure connection of the roaming STA with new access point (AP) and (2) completion of handoff within time limits such that the undergoing communication remains unaffected. The time limit on handoff for multimedia and real time WLAN applications is approximately 50 ms [30]. During this period no data packets transfer occurs. As per the 802.11i WLAN security standard, the complete secure STA authentication (default Full EAP/TLS) via AS evolving shared secret key between STA and AP takes time of the order of 300 ms to 4 s [12] and hence is unfit for the handoffs. For reducing this time, notion of pre-authentication is introduced wherein full 802.1X authentication involving AS is done utilizing old AP and candidate AP (new AP). Hence, at the time of handoff only 4-way handshake is required between STA and candidate AP. In this pre-authentication process, an inaccurate candidate AP prediction has associated resource wastage issues as full 802.1X will again be required [31]. Researchers have considered predictive authentication and proactive key distribution for reducing the handoff times. Former involves predicting the candidate AP whereas latter involves locating a group of candidate APs. Thus, in former the problem of inaccurate candidate AP prediction exists whereas in latter the problem of extra communication overhead for authenti-

Researchers have also worked towards reactive solutions wherein the candidate AP is selected by STA and then the security context is transferred to this AP. In such solutions, STA requests to AS via old AP, then AS transfer security context and material to the candidate AP. Singh and Sharma [32] proposed one such novel secure handoff scheme that maintains security properties while evolving and transferring the security context (key and initial vector) to the candidate AP. The scheme is lightweight and uses reactive method for handoff. Two kinds of APs are defined in the scheme: normal AP and Domain Controller AP (DCAP). STA request DCAP through AP by putting ID of the candidate AP. DCAP in turn distributes the STA context (key and initial vector) to the candidate AP. Thus, when STA roams into the area of candidate AP, less time is involved in the STA authentication at the candidate AP. For providing fast and secure handoff for the mobile STA in WLANs, standard bodies IEEE and IETF have defined protocols like Control and Provisioning of Wireless Access Points (CAPWAP), HandOver Keying (HOKEY) and IEEE 802.11r (Task group r) [5]. CAPWAP supports centralized management of APs. HOKEY extends the Authentication, Authorization and Accounting (AAA) architecture to support key deriving and distribution with involving full EAP authentication. 802.11r depends upon passing credentials directly between APs for handover. Though CAPWAP takes very less time, it is more or less re-authentication with centralized Access Controller (AC), followed by key transfer to new Wireless Termination Points (WTP). HOKEY is successful in multidomains but it takes more communication time. Among these three (CAPWAP, HOKEY and 802.11r), 802.11r is more efficient in terms of communication overheads. It still has issues concerning

CAPWAP and HOKEY does not change the existing 802.11 frame structure. 802.11r is a separate protocol and hence has different frame structure. All except CAPWAP scheme generates fresh session keys. Fresh traffic keys are generated by all the schemes. Communication overhead of KHC based handoff scheme is less as

**4. Secure handoff**

**62**

This chapter discusses about the present WLAN security environment. It is clear that the WLAN security environment till date is dominated by WPA2 (IEEE 802.11i) standard. Researchers have pointed out regarding length and complexity of the WPA2. The major point of concern in WPA2 is key refreshing mechanism i.e., 4-way handshake due to which the WLAN security is considered vulnerable. Researchers, hence target to reduce the length of this handshake while maintaining the security properties intact.

The chapter also studies other WLAN security mechanisms proposed by researchers and categories them into: (i) access control, (ii) per frame authentication and (iii) secure handoff mechanisms. It provides category wise comparative analysis of these mechanisms. Three mechanisms are considered in the access control category. Among them Key Hiding Communication (KHC) is the most attractive but it requires changes in the existing WLAN frame structure. Per frame category is further sub-categorized into: (a) per frame authentication mechanisms utilizing MIC and (b) lightweight per frame authentication mechanisms. For enhancing the security, most of the per frame authentication solutions rely on MIC for both authentication and integrity of frame. It is shown that this MIC verification involves computation time and large number of such verifications may result in computation DoS attack on the receiver. The researchers hence advocate separating the authentication and integrity parts in per frame authentication. The lightweight per frame authentication mechanism are though lightweight in nature but lacks security properties like key refreshing, secrecy and integrity. In this chapter, several handoff mechanisms for WLAN environment are also discussed and it is accomplished that none guarantees to maintain required level of security during the specified handoff time limits.

WLAN security is having a transformation from WPA2 to WPA3. WLAN security is strengthened in the upcoming standard i.e., WPA3. It is very early to comment on the effectiveness of WPA3 and it is evident that the existing WLAN devices will continue to use WPA2. The new upcoming WLAN devices will obviously follow the backward compatibility towards WPA2. Thus, researchers can still target to test the implementation of 802.11i with the novel ideas like MIC reduction, 4-way handshake reduction and blockchain application in WLANs [33]. In wireless medium, per frame lightweight authentication mechanisms will prove an edge and in future, researchers may consider developing such solutions. For maintaining uninterrupting communication quick, secure, accurate and secure handoff is the need of the hour. Hence, researchers in future may consider implementation of efficient and secure handoff mechanisms using WPA3.

## **Acknowledgements**

The authors acknowledge and express the gratitude towards their parent Institutes for the support.
