Modelling of 802.11 4-Way handshake attacks and analysis of security properties

Rajiv Ranjan Singh, José Moreira, Tom Chothia, Mark D. Ryan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The IEEE 802.11 standard defines a 4-way handshake between a supplicant and an authenticator for secure communication. Many attacks such as KRACK, cipher downgrades, and key recovery attacks have been recently discovered against it. These attacks raise the question as to whether the implementation violates one of the required security properties or whether the security properties are insufficient. To the best of our knowledge, this is the first work that shows how to answer this question using formal methods. We model and analyse a variety of these attacks using the Tamarin prover against the security properties mandated by the standard for the 4-way handshake. This lets us see which security properties are violated. We find that our Tamarin models vulnerable to the KRACK attacks do not violate any of the standard’s security properties, indicating that the properties, as specified by the standard, are insufficient. We propose an additional security property and show that it is violated by systems vulnerable to KRACK attacks, and that enforcing this property is successful in stopping them. We demonstrate how to use Tamarin to automatically test the adequacy of a set of security properties against attacks, and that the suggested mitigations make 802.11 secure against these attacks.
Original languageEnglish
Title of host publicationSecurity and Trust Management: 16th International Workshop, STM 2020, Guildford, UK, September 17–18, 2020, Proceedings
EditorsKostantinos Markantonakis, Marinella Petrocchi
PublisherSpringer Science and Business Media Deutschland GmbH
Pages3-21
Number of pages19
ISBN (Electronic)9783030598174
ISBN (Print)9783030598167
DOIs
Publication statusPublished - 15 Sept 2020
Externally publishedYes
EventThe 16th International Workshop on Security and Trust Management - Online
Duration: 17 Sept 202018 Sept 2020
https://hosting.services.iit.cnr.it/stm2020/ (Link to conference website)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12386 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceThe 16th International Workshop on Security and Trust Management
Abbreviated titleSTM 2020
Period17/09/2018/09/20
Internet address

Keywords

  • 4-way handshake
  • Downgrade attack
  • Group key handshake
  • IEEE 802.11
  • KRACK attack
  • SAPiC
  • Tamarin prover
  • WPA2

Fingerprint

Dive into the research topics of 'Modelling of 802.11 4-Way handshake attacks and analysis of security properties'. Together they form a unique fingerprint.

Cite this