Downloads provided by UsageCountsModelling of 802.11 4-Way Handshake Attacks and Analysis of Security Properties
EC| FutureTPM
Rajiv Ranjan Singh; José Moreira; Tom Chothia; Mark Dermot Ryan;
Modelling of 802.11 4-Way Handshake Attacks and Analysis of Security Properties
The IEEE 802.11 standard de nes a 4-way handshake between a supplicant and authenticator for secure communication. Many attacks such as KRACK, cipher downgrades, and key recovery attacks have been recently discovered against it. These attacks raise the question as to whether the implementation violates one of the required security properties or whether the security properties are insucient. To the best of our knowledge, this is the rst work that shows how to answer this question using formal methods. We model and analyse a variety of these attacks using the Tamarin prover against the security properties mandated by the standard for the 4-way handshake. This lets us see which security properties are violated. We nd that our Tamarin models vulnerable to the KRACK attacks do not violate any of the standard's security properties, indicating that the properties, as speci ed by the standard, are insucient. We propose an additional security property and show that it is violated by systems vulnerable to KRACK attacks, and that enforcing this property is successful in stopping them. We demonstrate how to use Tamarin to automatically test the adequacy of a set of security properties against attacks, and that the suggested mitigations make 802.11 secure against these attacks.
- University of Birmingham United Kingdom
- School of Computer Science, University of Birmingham United Kingdom
- University of Delhi India
- University of Birmingham United Kingdom
WPA2 4-way handshake, IEEE 802.11, Group key handshake, WPA2 4-way handshake, Downgrade attack
WPA2 4-way handshake, IEEE 802.11, Group key handshake, WPA2 4-way handshake, Downgrade attack
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).8 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average views 6 downloads 22 - 6views22downloads
selected citations
Citations provided by BIP!
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Citations provided by BIP!popularityPopularity provided by BIP!
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
Popularity provided by BIP!influenceInfluence provided by BIP!
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Influence provided by BIP!impulseImpulse provided by BIP!
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
Impulse provided by BIP!viewsViews provided by UsageCounts
Views provided by UsageCountsdownloadsDownloads provided by UsageCounts
Downloads provided by UsageCounts 8
Top 10%
Average
Average
6
22
Green
Fields of Science
Funded by