Auswahl der wissenschaftlichen Literatur zum Thema „WPA2 handshake“

Wi-Fi Protected Access 2 (WPA 2) currently is the most widely used mechanism for protecting the users in wireless networks. We have discussed the weakness of 4-way handshake procedure in Wi-Fi WPA2/PSK and proposed an enhance WPA2/PSK by adding timestamp parameter to prevent authentication cracking. The experiments have compared WPA2/PSK with Enhanced WPA2/PSK cracking and the result is also given.

With the growing popularity of network, more and more people use embedded portable devices to carry out e-commerce by wireless network. However, the security of wireless network is increasingly grim. According to the WPA/WPA2, this paper focuses on authentication issues between access point AP and wireless client STA in the wireless network security, and presents an improved protocol to resolve these problems. The improved one based on 4-way handshake protocol can resist dictionary attack, DOS attack and phishing attack. In the End, the paper analyzes the protocol.

Wi-Fi protected access (WPA) has provided serious improvements over the now deprecated wired equivalent privacy (WEP) protocol. WPA, however, still has some flaws that allow an attacker to obtain the passphrase. One of these flaws is exposed when the access point (AP) is operating in the WPA personal mode. This is the most common mode, as it is the quickest and easiest to configure. This vulnerability requires the attacker to capture the traffic from the four-way handshake between the AP and client, and then have enough compute time to reverse the passphrase. Increasing the rate at which passphrases can be reversed reduces the amount of time required to construct a repository of service set identifiers (SSIDs) and passphrases, which can increase the chances an attack is successful, or, alternatively, reduce the difficulty of auditing a wireless network for security purposes. This work focuses on creating an field programmable gate array (FPGA)-based architecture to accelerate the generation of a WPA/WPA2 pairwise master key (PMK) lookup table (LUT) for the recovery of the passphrase, with special emphasis on the secure hash algorithm-1 (SHA-1) implementation. PMK generation relies heavily on SHA-1 hashing and, as this work shows, an optimized SHA-1 implementation can achieve up to a 40 × speedup over an unoptimized implementation when generating PMKs.

In Wi-Fi Protected Access 3 (WPA3), a secure connection is established in two sequential stages. Firstly, in the authentication and association stage, a pairwise master key (PMK) is generated. Secondly, in the post-association stage, a pairwise transient key (PTK) is generated from PMK using the traditional 4-way handshake protocol. To reduce the heavy load of the first stage, PMK caching can be used. If the client and AP are previously authenticated and have a PMK cache, the first heavy stage can be skipped and the cached PMK can be used to directly execute the 4-way handshake. However, PMK caching is a very primitive technology to manage shared key between a client and AP and there are many limitations; AP has to manage a stateful cache for a large number of clients, cache lifetime is limited, etc. Paired token (PT)is a new secondary credential scheme that provides stateless pre-shared key (PSK) in a client-server environment. The server issues a paired token (public token and secret token) to an authenticated client where the public token has the role of signed identity and the secret token is a kind of shared secret. Once a client is equipped with PT, it can be used for many symmetric key-based cryptographic applications such as authentication, authorization, key establishment, etc. In this paper, we apply the PT approach to WPA3 and try to replace the PMK caching with the one-time authenticated key establishment using PT. At the end of a successful full handshake, AP securely issues PT to the client. Then, in subsequent re-association requests, the client and AP can compute the same one-time authenticated PMK using PT in a stateless way. Using this kind of stateless re-association technology, AP can provide a high performance Wi-Fi service to a larger number of clients.

Authentication is the process of verifying that the users who they claim to be or not, it is based on identity and credentials. Most of the attacks can be reduced using authentication process. Authentication is important because as the amount of online data sharing has increased, threats and fraud in a large amount are also increased, a changing of the guard which provides security to mobile devices is needed for which authentication is necessary. Privacy of user’s location is important in mobile networks, there are several strategies to protect the personal information (i.e., their location). In previous work it is introduced that the mix zone model which will change the old pseudonyms to new pseudonyms and anonymizes user’s identity by restricting the position where users can be located. Later work, even in the multiple mix-zones model, attackers can attack by using side information (like footprints, navigation etc.). So, we need an authentication protocol while two mix-zones or user-services are communicating. We came across different authentication protocols like PAP, CHAP, and EAP. In this paper, a four-way handshake protocol is implemented for providing authentication while multiple mix-zones are communicating. A four-way handshake authentication protocol i.e., WPA-PSK protocol for verification. WPA-PSK is applied in such a way that both STA(supplicant) and AP(authenticator) can check that they are re-agreeing on a non-forged RSN and IE, therefore they are using the most secure available protocols.

Penggunaan pada protokol WPA memiliki dua proses, antara lain adalah otentikasi serta enkripsi. Pada tingkat network dengan infrastuktur yang besar serta dengan lalu lintas network yang tinggi sama halnya dengan universitas, kantor perusahaan atau tempat umum lainnya yang menggunakan wireless LAN, proses otentikasi merupakan proses yang pertama kali yang dilakukan agar pengguna jaringan wireless LAN dapat mengakses jaringan internet. Maka dari itu, tidak hanya aman namun proses otentikasi bias beroperasi dengan cepat. Solusi dari penelitian ini adalah dengan menerapkan Protokol IEEE 802.1x EAP dengan Extensible Authentication Protocol – Tunneled Transport Layer Security (EAP-TTLS) untuk membuat secure tunnel (terowongan keamanan) dalam pertukaran kunci pada jaringan wireless, serta dengan inner authentication Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2). Luaran yang dihasilkan pada penelitian ini adalah membangun suatu keamanan pada jaringan wireless terpusat pada Fakultas Ilmu Komputer UPN Veteran Jakarta.

The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.