More Web Proxy on the site http://driver.im/

research-article

WI-FAB: attribute-based WLAN access control, without pre-shared keys and backend infrastructures

Authors:

Alberto Caponi,

Tooska Dargahi,

Giuseppe Bianchi,

Nicola Blefari-MelazziAuthors Info & Claims

HotPOST '16: Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking

Pages 31 - 36

https://doi.org/10.1145/2944789.2949546

Published: 05 July 2016 Publication History

Abstract

Two mainstream techniques are traditionally used to authorize access to a WiFi network. Small scale networks usually rely on the offline distribution of a WPA/WPA2 static pre-shared secret key (PSK); security hence relies on the fact that this PSK is not leaked by end user, and is not disclosed via dictionary or brute-force attacks. On the other side, Enterprise and large scale networks typically employ online authorization using an 802.1X-based authentication service leveraging a backend online infrastructure (e.g. Radius servers/proxies). In this work, we propose a new mechanism which does not require neither online operation nor backend access control infrastructure, but which does not force us to rely on a static pre-shared secret key. The idea is very simple, yet effective: directly broadcast in the WLAN beacons an encrypted version of the secret key required to access the WLAN network, so that only the users which possess suitable authorization credentials can decrypt and use it. This proposed approach clearly decouples the management of authorization credentials, issued offline to the authorized end users, from the actual secret key used in the WLAN network, which can thus be in principle changed at each new user's access. The solution described in the paper relies on attribute-based encryption, and is designed to be compatible with WPA2 and deployable within standard 802.11 management frames. Since no user identification is required (access control is based on attributes rather than on the user identity), the proposed approach further improves privacy. We demonstrate the feasibility of the proposed solution via a concrete implementation in Linux-based devices and via relevant testing in a real-world experimental setup.

References

[1]

Advanced crypto software collection - ciphertext-policy attribute-based encryption. http://hms.isi.jhu.edu/acsc/cpabe/.

[2]

Linux wireless - hostapd. http://linuxwireless.org/en/users/Documentation/hostapd/.

[3]

Linux wireless - iw. http://linuxwireless.org/en/users/Documentation/iw/.

[4]

Linux wireless - wpa_supplicant. http://linuxwireless.org/en/users/Documentation/wpa_supplicant/.

[5]

IEEE standard for information technology - telecommunications and information exchange between systems - local and metropolitan area networks - specific requirements - part 11: Mac and phy specifications. IEEE Std 802.11-2007, pages 1--1076, June 2007.

[6]

IEEE standard for local and metropolitan area networks--port-based network access control. IEEE Std 802.1X-2010, pages 1--205, Feb 2010.

[7]

Cisco visual networking index: Global mobile data traffic forecast update, 2015 white paper. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.html, 2016.

[8]

A. Aijaz, H. Aghvami, and M. Amani. A survey on mobile data offloading: technical and business perspectives. Wireless Communications, IEEE, 20(2):104--112, 2013.

[9]

W. Alliance. Wpa2 security now mandatory for wi-fi certified products. Press Release, 2006.

[10]

M. Ambrosin, M. Conti, and T. Dargahi. On the feasibility of attribute-based encryption on smartphone devices. In Proceedings of the 2015 Workshop on IoT challenges in Mobile and Industrial Systems, pages 49--54. ACM, 2015.

Digital Library

[11]

P. Arana. Benefits and vulnerabilities of wi-fi protected access 2 (wpa2). INFS 612, pages 1--6, 2006.

[12]

R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In ACM SIGCOMM Computer Communication Review, volume 39, pages 135--146. ACM, 2009.

Digital Library

[13]

J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy, SP'07, pages 321--334. IEEE, 2007.

Digital Library

[14]

H. Boland and H. Mousavi. Security issues of the ieee 802.11b wireless lan. In Proceedings of the Canadian Conference on Electrical and Computer Engineering, 2004., volume 1, pages 333--336. IEEE, 2004.

[15]

J. W. Byers, M. Luby, M. Mitzenmacher, and A. Rege. A digital fountain approach to reliable distribution of bulk data. ACM SIGCOMM Computer Communication Review, 28(4):56--67, 1998.

Digital Library

[16]

A. Cassola, E.-O. Blass, and G. Noubir. Authenticating privately over public Wi-Fi hotspots. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS'15, pages 1346--1357. ACM, 2015.

Digital Library

[17]

A. Cassola, W. K. Robertson, E. Kirda, and G. Noubir. A practical, targeted, and stealthy attack against wpa enterprise authentication. In Proceedings of the 20th Annual Network and Distributed System Security Symposium, NDSS'13, 2013.

[18]

T. Dargahi, M. Ambrosin, M. Conti, and N. Asokan. Abaka: A novel attribute-based k-anonymous collaborative solution for lbss. Computer Communications, 85:1--13, 2016.

Digital Library

[19]

K. Frikken, M. Atallah, and J. Li. Attribute-based access control with hidden policies and hidden credentials. Computers, IEEE Transactions on, 55(10):1259--1270, 2006.

Digital Library

[20]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security, CCS'06, pages 89--98. Acm, 2006.

Digital Library

[21]

V. C. Hu, D. Ferraiolo, R. Kuhn, A. R. Friedman, A. J. Lang, M. M. Cogdell, A. Schnitzer, K. Sandlin, R. Miller, K. Scarfone, et al. Guide to attribute based access control (abac) definition and considerations. NIST Special Publication, 800:162, 2013.

[22]

V. C. Hu, D. R. Kuhn, and D. F. Ferraiolo. Attribute-based access control. Computer, (2):85--88, 2015.

[23]

T. Jung, X.-Y. Li, Z. Wan, and M. Wan. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Transactions on Information Forensics and Security, 10(1):190--199, 2015.

[24]

J. S. Park and D. Dicoi. Wlan security: current and future. IEEE Internet Computing, 7(5):60, 2003.

Digital Library

[25]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In Advances in Cryptology--EUROCRYPT 2005, pages 457--473. Springer, 2005.

Digital Library

[26]

S.-Y. Tan and W.-S. Yap. Cryptanalysis of a cp-abe scheme with policy in normal forms. Information Processing Letters, 116(7):492--495, 2016.

Digital Library

[27]

H. Zhang, X. Chu, W. Guo, and S. Wang. Coexistence of wi-fi and heterogeneous small cell networks sharing unlicensed spectrum. Communications Magazine, IEEE, 53(3):158--164, 2015.

Cited By

Ochoa Villanueva CRoman-Gonzalez A(2023)Implementation of a RADIUS server for access control through authentication in wireless networksInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2023.03.02210:3(183-188)Online publication date: Mar-2023
https://doi.org/10.21833/ijaas.2023.03.022
Niu YWei LZhang CLiu JFang Y(2023)Towards Anonymous yet Accountable Authentication for Public Wi-Fi Hotspot Access with Permissionless BlockchainsIEEE Transactions on Vehicular Technology10.1109/TVT.2022.321852872:3(3904-3913)Online publication date: Mar-2023
https://doi.org/10.1109/TVT.2022.3218528
Ande ASingh NRaju B(2019)A Modified IEEE 802.11 Protocol for Increasing Confidentiality in WLANsInnovations in Bio-Inspired Computing and Applications10.1007/978-3-030-16681-6_25(247-256)Online publication date: 21-May-2019
https://doi.org/10.1007/978-3-030-16681-6_25
Show More Cited By

WI-FAB: attribute-based WLAN access control, without pre-shared keys and backend infrastructures
1. Networks
  1. Network types
2. Security and privacy
  1. Security services

Recommendations

Embedding lightweight proxy re-encryption for efficient attribute revocation in cloud computing

Cloud computing has emerged as a successful paradigm to deliver flexible and convenient data processing and sharing. Security and privacy management of outsourced data is among the top concerns for cloud adoption. To this end, attribute-based encryption ...
Privacy-Preserving Resource Sharing Using Permissioned Blockchains: (The Case of Smart Neighbourhood)
Financial Cryptography and Data Security. FC 2021 International Workshops
Abstract
In a resource sharing system users offer goods and services with specified conditions that if met, the access will be granted. Traditional resource sharing systems use a trusted intermediary that mediates users’ interactions. Our work is motivated ...
Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation

Attribute-based encryption (ABE) enables an access control mechanism by specifying access control policies among decryption keys and ciphertexts. In this paper, we propose a novel ABE variant, dubbed directly revocable key-policyABEwith verifiable ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

HotPOST '16: Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking

July 2016

67 pages

ISBN:9781450343442

DOI:10.1145/2944789

General Chairs:
Yang Chen
Fudan University P.R. China
,
Michael Sirivianos
Cyprus University of Technology Cyprus

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 July 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Horizon 2020

Conference

MobiHoc'16

Sponsor:

MobiHoc'16: The Seventeenth ACM International Symposium on Mobile Ad Hoc Networking and Computing

July 5 - 8, 2016

Paderborn, Germany

Acceptance Rates

Overall Acceptance Rate 5 of 10 submissions, 50%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
123
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ochoa Villanueva CRoman-Gonzalez A(2023)Implementation of a RADIUS server for access control through authentication in wireless networksInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2023.03.02210:3(183-188)Online publication date: Mar-2023
https://doi.org/10.21833/ijaas.2023.03.022
Niu YWei LZhang CLiu JFang Y(2023)Towards Anonymous yet Accountable Authentication for Public Wi-Fi Hotspot Access with Permissionless BlockchainsIEEE Transactions on Vehicular Technology10.1109/TVT.2022.321852872:3(3904-3913)Online publication date: Mar-2023
https://doi.org/10.1109/TVT.2022.3218528
Ande ASingh NRaju B(2019)A Modified IEEE 802.11 Protocol for Increasing Confidentiality in WLANsInnovations in Bio-Inspired Computing and Applications10.1007/978-3-030-16681-6_25(247-256)Online publication date: 21-May-2019
https://doi.org/10.1007/978-3-030-16681-6_25
Sciancalepore SPiro GTedeschi PBoggia GBianchi GGiustiniano DKoutsonikolas DBanchs AMingozzi EChowdhury K(2018)Multi-Domain Access Rights Composition in Federated IoT PlatformsProceedings of the 2018 International Conference on Embedded Wireless Systems and Networks10.5555/3234847.3234915(290-295)Online publication date: 16-Feb-2018
https://dl.acm.org/doi/10.5555/3234847.3234915
Sciancalepore SPiro GCaldarola DBoggia GBianchi G(2018)On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical SystemsIEEE Internet of Things Journal10.1109/JIOT.2018.28643005:6(5190-5204)Online publication date: Dec-2018
https://doi.org/10.1109/JIOT.2018.2864300
Chin TXiong K(2018)KrackCover: A Wireless Security Framework for Covering KRACK AttacksWireless Algorithms, Systems, and Applications10.1007/978-3-319-94268-1_60(733-739)Online publication date: 13-Jun-2018
https://doi.org/10.1007/978-3-319-94268-1_60
Pisa CDargahi TCaponi ABianchi GBlefari-Melazzi N(2017)On the feasibility of attribute-based encryption for WLAN access control2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)10.1109/WiMOB.2017.8115806(1-8)Online publication date: Oct-2017
https://doi.org/10.1109/WiMOB.2017.8115806
Niu YWei LZhang CLiu JFang Y(2017)An anonymous and accountable authentication scheme for Wi-Fi hotspot access with the Bitcoin blockchain2017 IEEE/CIC International Conference on Communications in China (ICCC)10.1109/ICCChina.2017.8330337(1-6)Online publication date: Oct-2017
https://doi.org/10.1109/ICCChina.2017.8330337

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents