Abstract
The IEEE 802.11 standard defines a 4-way handshake between a supplicant and an authenticator for secure communication. Many attacks such as KRACK, cipher downgrades, and key recovery attacks have been recently discovered against it. These attacks raise the question as to whether the implementation violates one of the required security properties or whether the security properties are insufficient. To the best of our knowledge, this is the first work that shows how to answer this question using formal methods. We model and analyse a variety of these attacks using the Tamarin prover against the security properties mandated by the standard for the 4-way handshake. This lets us see which security properties are violated. We find that our Tamarin models vulnerable to the KRACK attacks do not violate any of the standard’s security properties, indicating that the properties, as specified by the standard, are insufficient. We propose an additional security property and show that it is violated by systems vulnerable to KRACK attacks, and that enforcing this property is successful in stopping them. We demonstrate how to use Tamarin to automatically test the adequacy of a set of security properties against attacks, and that the suggested mitigations make 802.11 secure against these attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. IEEE Std. 802.11-1997, November 1997
Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 6. IEEE Std. 802.11i-2004, July 2004
Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. IEEE Std. 802.11-2016, December 2016
IEEE Standard for Local and Metropolitan Area Networks-Port-Based Network Access Control. IEEE Std. 802.1X-2020, February 2020
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. ACM SIGPLAN Not. 36(3), 104–115 (2001)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.02: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial, July 2020
Cremers, C.: On the protocol composition logic PCL. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS), Tokyo, Japan, pp. 66–76, March 2008
Cremers, C., Kiesl, B., Medinger, N.: A formal analysis of IEEE 802.11’s WPA2: countering the kracks caused by cracking the counters. In: Proceedings of the USENIX Security Symposium (USENIX Security), pp. 1–17. Virtual Event, August 2020 (to appear)
Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (PCL). Electron. Notes Theor. Comput. Sci. 172, 311–358 (2007)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Harkins, D., Malinen, J.: Addressing the issue of nonce reuse in 802.11 implementations, October 2017. https://mentor.ieee.org/802.11/dcn/17/11-17-1602-03-000m-nonce-reuse-prevention.docx
He, C., Mitchell, J.C.: Analysis of the 802.11i 4-way handshake. In: Proceedings of the ACM Workshop on Wireless Security (WiSe), Philadelphia, PA, pp. 43–50, October 2004
He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A modular correctness proof of IEEE 802.11i and TLS. In: ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, pp. 2–15, November 2005
Joux, A.: Authentication failures in NIST version of GCM. Pub. C. to NIST (2006)
Kremer, S., Künnemann, R.: Automated analysis of security protocols with global state. J. Comput. Secur. 24(5), 583–616 (2016)
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW), Rockport, MA, pp. 31–43, June 1997
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Singh, R.R., Moreira, J., Chothia, T., Ryan, M.D.: TAMARIN prover models of attacks on the 802.11 4-way handshake to verify security properties (source code and proofs) (2020). http://people.du.ac.in/~rrsingh/wpa2models
McMahon Stone, C., Chothia, T., de Ruiter, J.: Extending automated protocol state learning for the 802.11 4-way handshake. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 325–345. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_16
Vanhoef, M., Piessens, F.: Predicting, decrypting, and abusing WPA2/802.11 group keys. In: Proceedings of the USENIX Security Symposium, pp. 673–688 (2016)
Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the ACM Conference on Computer and Communications Security (CSS), Dallas, TX, pp. 1313–1328 (2017)
Wi-Fi Alliance: Security update october 2017, October 2017. https://www.wi-fi.org/security-update-october-2017
Acknowledgements
We would like to thank Robert Künnemann, Chris McMahon Stone and Mathy Vanhoef for useful discussions. We would also like to thank the anonymous reviewers for their insightful comments and suggestions. This work was partially supported by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 779391 (FutureTPM).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Singh, R.R., Moreira, J., Chothia, T., Ryan, M.D. (2020). Modelling of 802.11 4-Way Handshake Attacks and Analysis of Security Properties. In: Markantonakis, K., Petrocchi, M. (eds) Security and Trust Management. STM 2020. Lecture Notes in Computer Science(), vol 12386. Springer, Cham. https://doi.org/10.1007/978-3-030-59817-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-59817-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59816-7
Online ISBN: 978-3-030-59817-4
eBook Packages: Computer ScienceComputer Science (R0)