Stateless Re-Association in WPA3 Using Paired Token
| Autor: | Byoungcheon Lee |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
Key establishment
JSON Web Token Handshake Computer Networks and Communications Computer science lcsh:TK7800-8360 stateless re-association 050109 social psychology Cryptography 02 engineering and technology Shared secret Security token WPA3 PMK caching Stateful firewall 0202 electrical engineering electronic engineering information engineering paired token 0501 psychology and cognitive sciences Electrical and Electronic Engineering Stateless protocol Authentication business.industry 05 social sciences lcsh:Electronics Authorization JSON web token Symmetric-key algorithm one-time authenticated key establishment Hardware and Architecture Control and Systems Engineering Signal Processing Key (cryptography) 020201 artificial intelligence & image processing Cache Wi-Fi security business secondary credential Computer network |
| Zdroj: | Electronics, Vol 10, Iss 215, p 215 (2021) Electronics Volume 10 Issue 2 |
| ISSN: | 2079-9292 |
| Popis: | In Wi-Fi Protected Access 3 (WPA3), a secure connection is established in two sequential stages. Firstly, in the authentication and association stage, a pairwise master key (PMK) is generated. Secondly, in the post-association stage, a pairwise transient key (PTK) is generated from PMK using the traditional 4-way handshake protocol. To reduce the heavy load of the first stage, PMK caching can be used. If the client and AP are previously authenticated and have a PMK cache, the first heavy stage can be skipped and the cached PMK can be used to directly execute the 4-way handshake. However, PMK caching is a very primitive technology to manage shared key between a client and AP and there are many limitations AP has to manage a stateful cache for a large number of clients, cache lifetime is limited, etc. Paired token (PT)is a new secondary credential scheme that provides stateless pre-shared key (PSK) in a client-server environment. The server issues a paired token (public token and secret token) to an authenticated client where the public token has the role of signed identity and the secret token is a kind of shared secret. Once a client is equipped with PT, it can be used for many symmetric key-based cryptographic applications such as authentication, authorization, key establishment, etc. In this paper, we apply the PT approach to WPA3 and try to replace the PMK caching with the one-time authenticated key establishment using PT. At the end of a successful full handshake, AP securely issues PT to the client. Then, in subsequent re-association requests, the client and AP can compute the same one-time authenticated PMK using PT in a stateless way. Using this kind of stateless re-association technology, AP can provide a high performance Wi-Fi service to a larger number of clients. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|