Abstract
The IEEE 802.11 Wireless LAN standard has been designed with very limited key management capabilities, using up to 4 static, long term, keys, shared by all the stations on the LAN. This design makes it quite difficult to fully revoke access from previously-authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt traffic generated by other hosts on the wireless LAN.
This paper proposes WEP*, a lightweight solution to the host-revocation problem. The key management in WEP* is in the style of pay-TV systems: The Access Point periodically generates new keys, and these keys are transferred to the hosts at authentication time. The fact that the keys are only valid for one re-key period makes host revocation possible, and scalable: A revoked host will simply not receive the new keys.
Clearly, WEP* is not an ideal solution, and does not address all the security problems that IEEE 802.11 suffers from. However, what makes WEP* worthwhile is that it is 100% compatible with the existing standard. And, unlike other solutions, WEP* does not rely on external authentication servers. Therefore, WEP* is suitable for use even in the most basic IEEE 802.11 LAN configurations, such as those deployed in small or home offices. A WEP* prototype has been partially implemented using free, open-source tools.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Advanced encryption standard, National Institute of Standards and Technology, NIST FIPS PUB 197, U.S. Department of Commerce (Nov 2001).
The AirSnort homepage (2002). http://airsnort.sourceforge.net.
W.A. Arbaugh, N. Shankar, Y.C.J. Wan and K. Zhang, Your 802.11 wireless network has no clothes, IEEE Wireless Communications 9(6) (2002) 44–51.
M. Bellare, R. Canetti and H. Krawczyk, HMAC: Keyed hashing for message authentication, Internet Engineering Task Force RFC 2104 (Feb 1997). http://www.ietf.org/rfc/rfc2104.txt.
N. Borisov, I. Goldberg and D. Wagner, Intercepting mobile communications: The insecurity of 802.11, in: Proc. 7th ACM Conference on Mobile Computing and Networking (MOBICOM'01), Rome, Italy (2001).
N. Cam-Winget, R. Housley and J. Walker, Authenticated key exchange at the MAC layer (2001), Document number IEEE 802.11-01/573r0. Available from http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/1-573.zip.
Cisco Aironet security solution provides dynamic WEP to address researchers' concerns. Cisco Product Bulletin, No. 1281 (2001). http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1281_pp.htm.
Cisco wireless LAN security (2002). http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml/.
M.S. DeGraw-Bertsch, Configuring a FreeBSD access point for your wireless network, Sys Admin 11(3) (2002).
N. Ferguson, Michael: An improved MIC for 802.11 WEP (2002). Document number IEEE 802.11-02/020r0. Available from http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/2-020.zip.
S. Fluhrer, I. Mantin and A. Shamir, Weaknesses in the key scheduling algorithm of RC4, in: Proc. 8th Workshop on Selected Areas in Cryptography, LNCS 2259, Springer-Verlag (2001).
freeRADIUS (2003), v0.9.2. http://www.freeradius.org/.
P. Gutman, Cryptlib 3.0 (2002). Available from http://www.cs.auckland.ac.nz/∼pgut001/cryptlib/.
Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. ANSI/IEEE Standard 802.11 (1999).
Standards for local and metropolitan area networks: Standard for port based network access control. IEEE Draft P802.1X/D11 (2001).
Draft supplement to standard for telecommunications and information exchange between systems–LAN/MAN specific requirements—part 11: Wireless medium access control (MAC) and physical layer (PHY) specifications: Specification for enhanced security. Document number IEEE Std 802.11i/D3.0 (Nov. 2002).
Information technology—security techniques, key management, part 2: Mechanisms using symmetric techniques. ISO/IEC 11770-2, first edition (1996).
Linksys group—wireless (2002). http://www.linksys.com/Products/.
A. Mishra and W. A. Arbaugh, An initial security analysis of the IEEE 802.1x standard. Technical Report UMIACS-TR-2002-10, U. Maryland, College Park, MD 20742 (Feb. 2002).
J. Malinen, Personal communication (August 2002).
J. Malinen, Host AP driver for Intersil Prism2/2.5/3 (2002). http://hostap.epitest.fi/.
A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, (CRC Press, Boca Raton, Florida, 1996).
ORiNOCO WEPplus whitepaper, Agere systems (2001). http://www.orinocowireless.com/upload/documents/WEPplusWhitepaper.pdf.
ORiNOCO wireless networks, Agere systems (2002). http://www.orinocowireless.com/.
Prism wireless LAN, Intersil. http://www.intersil.com/design/prism/ (2002).
G. Rehm, 802.11b homebrew antenna shootout (February 2002). http://www.turnpoint.net/wireless/has.html.
R.L. Rivest, The RC4 encryption algorithm. RSA Data Security Inc. (proprietary) (March 1992).
N. Shankar, W.A. Arbaugh and K. Zhang, A transparent key management scheme for wireless LANs using DHCP. HP Labs Technical Report HPL-2001-227 (2001). http://www.hpl.hp.com/techreports/2001/HPL-2001-227.html.
B. Schneier, Applied Cryptography, 2nd edition (John Wiley & Sons, New York, 1996).
Secure hash standard, National Institute of Standards and Technology, NIST FIPS PUB 180-1, U.S. Department of Commerce (April 1995).
A. Stubblefield, J. Ioannidis and A. Rubin, Using the Fluhrer, Mantin, and Shamir attack to break WEP, in: Proc. 9th Network and Distributed System Security Symposium (NDSS'02). The Internet Society (2002).
J. Tourrilhes, Wireless tools for Linux, Electronic publication, (2002) http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html.
IEEE 802.11 wireless local area networks: The working group for WLAN (2002) standards, http://grouper.ieee.org/groups/802/11/.
A. Wool, Why security standards sometimes fail, Communications of the ACM, Inside Risks Column 45(12) (2002) 144.
A. Wool, A note on the fragility of the “Michael” message integrity code. IEEE Trans. Wireless Communications 3(5) (2004) 1459–1462.
A. Young and B. O'Hara, A re-key proposal, Document number IEEE 802.11-01/540r0 (2001). Available from http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/1-540.zip.
Author information
Authors and Affiliations
Corresponding author
Additional information
Avishai Wool received a B.Sc. (Cum Laude) in Mathematics and Computer Science from Tel Aviv University, Israel, in 1989. He received an M.Sc. and Ph.D. in Computer Science from the Weizmann Institute of Science, Israel, in 1992 and 1997, respectively. Dr. Wool then spent three years as a Member of Technical Staff at Bell Laboratories, Murray Hill, NJ, USA. In 2000 Dr. Wool co-founded Lumeta corporation, a startup company specializing in network security. Since 2002 Dr. Wool has been an Assistant Professor at the Department of Electrical Engineering Systems, Tel Aviv University, Israel.
Dr. Wool is the creator of the Lumeta Firewall Analyzer. He is an associate editor of the ACM Transactions on Information and System Security. He has served on the program committee of the leading IEEE and ACM conferences on computer and network security. He is a member of the ACM, IEEE Computer Society, and USENIX. His research interests include firewall technology, network and wireless security, data communication networks, and distributed computing.
Rights and permissions
About this article
Cite this article
Wool, A. Lightweight Key Management for IEEE 802.11 Wireless LANs with Key Refresh and Host Revocation. Wireless Netw 11, 677–686 (2005). https://doi.org/10.1007/s11276-005-3522-9
Issue Date:
DOI: https://doi.org/10.1007/s11276-005-3522-9