Elliptic curve cryptography based mechanism for secure Wi-Fi connectivity

Abstract

The connection establishment and client handover mechanism for Wi-Fi Protected Access (WPA/WPA2) Pre-Shared Key (PSK) networks described by the IEEE 802.11 standard are vulnerable to various attacks. The existing security protocols WPA/WPA2 use symmetric key cryptography to provide confidentiality and data authenticity. An attacker listening to the channel can eavesdrop on the four-way key handshaking and can also derive the encryption key. The well-known attacks are key recovery, man-in-middle, Hole 196, and de-authentication attack. Another key problem with the PSK mode is that all stations use the same key for authentication. In this paper, we propose an alternative to the existing mechanism for authentication and re-authentication during connection establishment and client handover, respectively that use Elliptic Curve Cryptography, a public key encryption technique. Our proposed mechanism uses a lesser number of frames during (re)-authentication and is immune to the existing vulnerabilities of WPA2 PSK.