[1] Pang Liaojun, Li Huixian, Wang Yumin,. Security analysis of newly ameliorated WAPI protocol [J]. Journal of Southeast University (English Edition), 2008, 24 (1): 25-28. [doi:10.3969/j.issn.1003-7985.2008.01.006]

Copy

Security analysis of newly ameliorated WAPI protocol()

新完善的WAPI协议安全性分析

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

24

Issue:

2008 1

Page:

25-28

Research Field:

Computer Science and Engineering

Publishing date:

2008-03-30

Info

Title:

Security analysis of newly ameliorated WAPI protocol

新完善的WAPI协议安全性分析

Author(s):

Pang Liaojun¹;  Li Huixian²;  Wang Yumin¹

¹Key Laboratory of Computer Networks and Information Security of Ministry of Education, Xidian University, Xi’an 710071, China
²School of Computer Science and Engineering, Northwestern Polytechnical University, Xi’an 710072, China

庞辽军¹;  李慧贤²;  王育民¹

¹西安电子科技大学计算机网络与信息安全教育部重点实验室, 西安 710071; ²西北工业大学计算机学院, 西安 710072

Keywords:

wireless local area network(WLAN);  WLAN authentication and privacy infrastructure(WAPI);  authentication;  key negotiation;  CK model

无线局域网;  WAPI;  认证;  密钥协商;  CK模型

PACS:

TP309

DOI:

10.3969/j.issn.1003-7985.2008.01.006

Abstract:

Based on thorough researches on the Chinese wireless local area network(WLAN)security standard, i.e., WLAN authentication and privacy infrastructure(WAPI), the security of the authentication access process is analyzed with the CK(Canetti-Krawczyk)model and the BAN(Burrows-Abadi-Needham)logic.Results show that it can achieve the alleged authentication and key negotiation goals.Besides those alleged, further analyses indicate that the authentication access process can satisfy other security requirements, such as mutual identity authentication, mutual key control, key confirmation, message integrity check, etc.If the used elliptic curve encryption algorithm and the hash algorithm are secure enough, the protocol can efficiently realize mutual authentication between STAs(station)and APs(access point).Therefore, WAPI can be applied to replace the security mechanism used in the original WLAN international standard to enhance its security.

在深入研究中国无线局域网安全标准WAPI接入鉴别过程的基础上, 利用CK模型并结合BAN逻辑, 对其认证和密钥协商过程安全性进行了形式化分析, 证明其能够实现所声称的各种认证及密钥协商目标.进一步的分析结果表明, WAPI不仅具有所声称的各种安全属性, 同时还能够有效地实现实体间相互认证、密钥的相互控制、密钥确认、消息完整性校验等安全属性.如果协议中所采用的椭圆曲线加密算法和杂凑算法足够安全, 则该协议能够实现STA和AP之间的相互身份认证, 可以用于替代原来的无线局域网国际标准中的安全机制, 以增强无线局域网的安全性.

References:

[1] Branch J, Petroni N, van Doorn L, et al.Autonomic 802.11 wireless LAN security auditing [J].IEEE Security and Privacy, 2004, 2(3):56-65.
[2] Johnston D, Walker J.Overview of IEEE 802.16 security [J].IEEE Security and Privacy, 2004, 2(3):40-48.
[3] GB 15629.11—2003 Information technology-local and metropolitan area networks-specific requirements—part 11:wireless LAN medium access control(MAC)and physical layer(PLY)specifications[S].Beijing:Standards Press of China, 2003.(in Chinese)
[4] GB 15629.11—2003/XG1[S].Beijing:Standards Press of China, 2006.(in Chinese)
[5] Canetti R, Krawczyk H.Analysis of key-exchange protocols and their use for building secure channels [C]//Proc of Advances in Cryptology—EUROCRYPT’01, LNCS 2045.Berlin:Springer-Verlag, 2001:453-474.
[6] Canetti R, Krawczyk H.Universally composable notions of key exchange and secure channels [C]//Proc of Advances in Cryptology—EUROCRYPT’02, LNCS 2332.Berlin:Springer-Verlag, 2002:337-351.
[7] Cramer R, Shoup V.A practical public-key cryptosystem provably secure against adaptive chosen ciphertext attack [C]//Proc of Advances in Cryptology — CRYPTO’98, LNCS 1462.Berlin:Springer-Verlag, 1998:13-25.
[8] Mitchell C J, Ward M, Wilson P.Key control in key agreement protocols [J].Electronics Letters, 1998, 34(10):980-981.
[9] Boyd C, Mao W, Paterson K.Key agreement using statically keyed authenticators [C]//Proc of the 2nd International Conference on Applied Cryptography and Network Security, LNCS 3089.Berlin:Springer-Verlag, 2004:248-262.
[10] Bellare M, Canetti R, Krawczyk H.A modular approach to the design and analysis of authentication and key-exchange protocols [C]//Proc of the 30th Annual Symposium on Theory of Computing.New York:ACM Press, 1998:419-428.

Memo

Memo:

Biographies: Pang Liaojun(1978—), male, doctor;Wang Yumin(corresponding author), male, professor, ymwang@xidian.edu.cn.
Foundation items: The National Basic Research Program of China(973 Program)(No.G1999035805), the Natural Science Foundation of Shannxi Province(No.2007F37), China Postdoctoral Science Foundation(No.20060401008, 20070410376).
Citation: Pang Liaojun, Li Huixian, Wang Yumin.Security analysis of newly ameliorated WAPI protocol[J].Journal of Southeast University(English Edition), 2008, 24(1):25-28.

Common functions