Wireless Network Security Protocols A Comparative Study

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012)

Wireless Network Security Protocols A Comparative Study 1

Swati Sukhija, 2Shilpi Gupta

1

M.Tech Scholar, Department of Computer Science & Engineering, Amity University, Noida, Uttar Pradesh Assistant Professor, Department of Computer Science & Engineering, Amity University, Noida, Uttar Pradesh

2

1

[email protected] 2 [email protected]

Wired Equivalent Privacy (WEP) which was the first protocol for securing wireless network will be covered in Section 2, Wi-fi Protected Access (WPA) and Wi-fi Protected Access 2 (WPA2) will be discussed in Section 3 and 4 respectively. Section 5 presents a comparison between different wireless security protocols.

Abstract— In recent years, wireless networks have gained rapid popularity. Wireless networks are inexpensive and provides mobility but they are prone to a variety of threats like denial of service, replay attacks, eavesdropping and data modification. This paper discusses the three wireless security protocols with details about the encryption methods used, authentication mechanisms and their limitations.

II. WIRED EQUIVALENT PRIVACY (WEP) Keywords— Advanced Encryption Standard (AES), CCMP, Message Integrity Code (MIC), Rivest Cipher 4 (RC4), Wired Equivalent Privacy (WEP), Wi-fi Protected Access (WPA), Wi-fi Protected Access 2 (WPA2), Temporal Key Integrity Protocol (TKIP)

Wired Equivalent Privacy (WEP) is a security mechanism for Wireless LAN. It was introduced in September 1999 as part of IEEE 802.11 security standard. The purpose of Wired Equivalent Privacy (WEP) was to provide security comparable to that of wired networks. RC4 stream cipher is used by WEP to provide confidentiality and CRC-32 for data integrity [1]. The standard specified for WEP provides support for 40 bit key only but non standard extensions have been provided by various vendors which provide support for key length of 128 and 256 bits as well. A 24 bit value known as initialization vector is also used by WEP for initialization of the cryptographic key stream.

I. INTRODUCTION This paper explains the evolution of security for wireless networks. The paper provides a comparative study between three major security protocols: Wired Equivalent Privacy (WEP), Wi-fi Protected Access (WPA) and Wi-fi Protected Access 2 (WPA2). It discusses encryption/decryption process, limitations and the vulnerability of each protocol to various attacks. WPA2 provides most secure communication among the three protocols with implementation of sophisticated encryption techniques. But, WPA2 still faces some security concerns and challenges which has also been discussed in this paper.

A. WEP Encryption/Decryption Process WEP Encryption process consists of following steps: i. 24 bit initialization vector is concatenated with 40 bit WEP key. ii. The resultant concatenated key acts as seed value for Pseudo random number generator [29].

357 Figure 1: WEP Encryption Process [3, 17]

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) iii.

Integrity Algorithm CRC-32 is performed on plain text to generate Integrity Check Value (ICV) which is concatenated with plain text.

iv.

RC4 algorithm is applied on Plain text + ICV and Key sequence to generate cipher text.

v.

The payload for the wireless MAC frame is created by adding the IV to front of the encrypted combination of data and ICV along with other fields.

captured traffic to reveal the secret passphrase.

WEP Decryption Process consists of following steps: i. Initialization vector from 802.11 frame payload is concatenated with WEP key. This acts as seed value for Pseudo Random Number Generator. ii. CR4 algorithm is applied to cipher text of frame payload and key sequence to get plain text. iii. Plain text and original ICV are obtained. iv. Plain text is input to Integrity algorithm to generate new ICV. v. New ICV is compared with original ICV to get the result. B. WEP Shortcomings 1)

Weak Cryptography: Analysis of captured traffic can easily reveal the shared key used by WEP. Various tools are available which enable data decryption within few minutes [14, 25].

2)

Absence of Key Management: WEP does not provide key management and thus, same keys are used for longer duration and tend to be of poor quality [12].

3)

4)

Reuse initialization vector: Initialization vector is reused and thus, data can easily be decrypted without the knowledge of encryption key using various cryptanalytic methods.

5)

Lack of Replay protection: WEP does not provide protection against replay attacks, thus, an attacker can record and replay packets and they will be accepted as genuine.

6)

Authentication issues: Challenge-response scheme is used in shared key authentication but it can lead to man-in-the-middle attack. Man-in-themiddle attacks set up illegitimate access points within range of wireless clients in order to gain access to sensitive information.

7)

Jamming: Availability can be impacted i.e. electromagnetic energy emitted on wireless LAN’s frequency by a device making WLAN unusable.

8)

Packet Forgery: WEP does not provide any protection measures against packet forgery.

9)

Flooding: An attacker can send large number of messages to access point (AP) and thus, preventing the AP from processing the traffic [27].

C. WEP Attacks 1) Chopchop Attack: This attack was proposed with the pseudonym KoreK in 2004. The attacker can decrypt the last s bytes of plaintext of encrypted packet by sending an average of s*128 packets on the network [9]. Integrity Check Value (ICV) is appended with the plain text and chopchop attack exploits the insecurity of this four byte checksum. The root key is not revealed in this attack. Various access points can easily identify between correct

Small key size: The standard specified for WEP provides support for 40 bit key only, thus it is prone to brute force attacks. Offline dictionary attack is a type of brute force attack where frequently used words for encryption are considered and the result is compared with

358

Figure 2: WEP Decryption Process [3, 17]

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) and incorrect checksum of encrypted packets. The attacker can use this principle for packet decryption. The attacker chops one byte from end of captured packet, guesses the packet’s last byte and modifies the checksum accordingly and sends the packet to access point. If the guess was correct, the access point accepts the packet and the attacker now knows the last byte of plaintext. So, attacker proceeds to determine the second last byte. In case, the guess of last byte was incorrect then, the access point silently discards the packet and attacker makes a different guess for last byte. Using this methodology, there has been a significant reduction in amount of time required to crack WEP keys.

first bytes of plaintext can be easily predicted. The attacker can also easily know the initialization vector (first three bytes of per packet key) which is transmitted unencrypted with the packets. Rest of bytes per packet key are unknown to attacker but are identical for all packets. 4) Thus, the attacker gathers a large amount of encrypted data and generates different possible values. The actual value appears more frequently than any other value enabling the attacker to recognize the correct key value. Various tools like WEP Crack, AirSnort and bsdairtools have automated WEP cracking. 5) Pyshkin, Tews and Weimann (PTW) Attack: This attack was introduced in 2007 and utilizes the analysis of RC4 stream cipher showing further associations between RC4 key streams and key presented by Andreas Klien in 2005. The probability of this attack being successful is independent of key byte being attacked unlike FMS and KoreK attack. Also, it utilizes more number of bytes of key stream and byte count which depends upon length of IV and secret root key [18]. PTW attack requires 85,000 frames with 95% probability of successful execution i.e. breaking 104 bit WEP key unlike FMS attack which requires 10 million messages [13].

2) Bittau’s fragmentation Attack: After attacker discovers keystream of length s, he can send packets with payload length s-4 i.e. excluding 4 byte ICV. Long packets can be split up to 16 fragments with s-4 payload length per packet. These fragments are received and reassembled as a single packet at the access point. The packet is re-encrypted with a new key stream and transmitted by the access point. Since the attacker knows the plain text, so he can easily recover new key stream. [18] 3) Fluhrer, Mantin and Shamir (FMS) Attack: The most serious attack on WEP was discovered by three cryptographers: Fluhrer, Mantin and Shamir. FMS attacks are due to use of weak initialization vectors in RC4 algorithm [8, 30]. The encrypted packets along with initialization vectors for these packets can be recorded by listening passively to network traffic. The attacker is easily able to recover the first bytes of keystream which were used for packet encryption, since

III. WI-FI PROTECTED ACCESS (WPA) In order to overcome the flaws of WEP, Wi-Fi Protected Access (WPA) was introduced in 2003 by the Wi-Fi (Wireless Fidelity) alliance [2]. WPA implements majority of the IEEE 802.11i standard, thus it is an intermediate solution. WPA was intended to address the WEP cryptographic problems without requiring new hardware. WPA provides the following security features:

Figure 3: TKIP Encryption Process [19]

359

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) A. WPA Encryption Process WPA uses Temporal Key Integrity Protocol (TKIP) for encryption [10]. A new key is dynamically generated for every packet; 128 bit per packet key is used. Michael algorithm is used by TKIP to generate Message Integrity Code (MIC) which provides enhanced data integrity as compared to CRC-32 used in WEP. Also, TKIP provides replay protection. MSDU is Medium Access Control Service Data Unit and MPDU is Medium Access Control Protocol Data Unit.

5 (EAP-MD5), EAP- Transport Layer Security (EAP-TLS), EAP- Tunneled Transport Layer Security (EAP-TTLS), EAP- Subscriber Identity Module of Global System for Mobile Communications (EAP-SIM). There are 3 components for EAP infrastructure: EAPPeer: access client, attempting to access the network, EAPAuthenticator: access point that requires authentication before granting access to network, Authentication server: RADIUS server, validates credentials of EAP-Peer and authorizes network access [28].

B. WPA Authentication Mechanisms The two authentication mechanisms provided by WPA are:

C. WPA Shortcomings i. WPA uses old cryptography algorithm RC4 instead of superior Advanced Encryption Standard (AES). ii. WPA is vulnerable to brute force attacks in case of weak passphrase for pre shared key mode. iii. Prone to threats during Hash collisions due to use of hash functions for TKIP key mixing. iv. Also, WPA remains vulnerable to availability attacks like Denial of Service. v. WPA has greater performance overhead unlike WEP. vi. Complicated setup is required for WPA-enterprise.

1) WPA-Personal or WPA-PSK (Pre-Shared Key): Pre-Shared Key is a static key shared between two parties for initiating the communication. The key which is a Pairwise Master Key (PMK) in TKIP process must be in place before an association can be established [23]. WPAPersonal is suitable for home and small office networks and an authentication server is not required. The wireless devices are authenticated with access point using 256 bit key. The key is never transmitted over air since station and access point already possess this key before initiating the communication. Also, 64 bit MIC key and 128 bit encryption key can be derived from pre shared key.

D. WPA Attacks TKIP used in WPA is prone to Chopchop, Ohigashi-Morii, WPA-PSK and Beck-Tews attack [33].

2) WPA-Enterprise: This is designed for enterprise networks. IEEE 802.1x and Extensible Authentication Protocol (EAP) provide stronger authentication. In this mode, Remote Authentication Dial In User Service (RADIUS) server is required which provides excellent security for wireless network traffic [16, 31]. The various EAP methods are EAP- Lightweight Extensible Authentication Protocol (EAP- LEAP), EAP- Flexible Authentication via Secure Tunneled (EAP-FAST), EAP- Message Digest

1) WPA-PSK Attack: Authentication mechanisms WPA-PSK is prone to offline dictionary attack since information has to be broadcasted for verification of session key. In order to generate PMK, passphrase, Service Set Identifier (SSID) and SSID length are fed into hashing algorithm. Since SSID can be easily recovered thus, in order to identify PMK only passphrase needs to be guessed. There is approximately 2.5 bits of security per character in passphrase.

Figure 4: EAP Infrastructure

360

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) Thus, n bytes passphrase leads to key with 2.5n+12 bits of security strength and hence, vulnerable to dictionary attack in case of short passphrase i.e. less than 20 characters Hence, if PMK is determined by attacker, he can gain access to the network. Aircrack and coWPAtty are the tools which can be used for attack.

IV. WI-FI PROTECTED ACCESS 2 (WPA2)/ IEEE 802.11I WPA2 was introduced in September 2004 by Wi-Fi alliance. WPA2 completely implements IEEE 802.11i standard and is an enhancement over WPA. The significant development was introduction of Counter Mode with Cipher block Chaining Message Authentication Code Protocol (CCMP) which uses block cipher Advanced Encryption Standard (AES) for data encryption but stream cipher TKIP is available for backward compatibility with existing WAP hardware [21, 24]. WPA2 authentication also has two modes: Pre-Shared Key and Enterprise similar to WPA. WPA2 key generation is achieved by 4-way handshake for deriving Pair wise Transient Key (PTK) and

2) Beck-Tews Attack: This attack is an extension to chopchop attack on WEP. Since, TKIP implements MIC, so if two MIC failures are observed within 60 seconds then both client and access point are shut down and TKIP session key is rekeyed. Thus, in case of failure, the attacker waits for 60 seconds to avoid countermeasures. Packet can be decoded at rate of one byte per minute with this attack. Once plaintext has been retrieved by attacker, he has access to MIC and keystream of packet which he can use to construct and transmit a new packet on network and in turn enabling the attacker to execute Denial of service and ARP poisoning attacks. This attack can be executed only against TKIP and not against WPA implementing AES. 3) Ohigashi-Morii Attack: This attack uses a mechanism similar to Beck-Tews attack but also executes a man in the middle attack. Unlike BeckTews, it is efficient for all WPA modes and does not require Quality of Service to be enabled on access point.

Figure 5: CCMP Encryption Process [15]

Group Transient Key (GTK) [6] and Group Key handshake for Group Transient Key renewal or host disassociation.

4) Michael Reset Attack: This attack was discovered by Beck and Tews and was based on flaws in Michael. During the initialization phase of Michael, two keywords are set as the internal state which processes following 32 bit words. Also, the Michael algorithm resets when internal state reaches a particular point which results in rest of plaintext to have same MIC as of the whole packet. Thus, it enables the attacker to add any plaintext along with keyword to reset the algorithm which results in packet modification without affecting the correctness of Michael’s result. This attack involves discovering magic words which are put in between arbitrary captured packet and ICMP echo request. This echo request is transmitted to client on wireless network with spoofed IP address of attacker port which in turn causes ICMP response to be delivered to the attacker port thus, enabling the attacker to decrypt the captured packet.

Figure 6: CCMP Decryption Process [15]

WPA2 Encryption/Decryption Process CCMP encryption process consists of following steps: i. Packet number (PN) is incremented for every MPDU (Medium access control Protocol Data Unit) and is distinct for MPDU’s sharing the same temporal key.

361

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) ii.

iii.

iv. v.

vi.

Additional Authentication Data (AAD) is constructed using fields in MPDU header. Integrity is provided to fields in AAD by CCMP. PN, A2 (MPDU address 2) and Priority field of MPDU are used to construct CCMP Nonce block. The Priority field has reserved value of zero.

v.

Plaintext MPDU is obtained by combining MAC header of MPDU and decrypted MPDU plaintext data.

A. WPA2 Shortcomings i. Prone to availability attacks like Jamming and Flooding since it cannot prevent physical layer attacks [5, 16]. ii. Control Frames like Request to Send (RTS) and Clear to Send (CTS) are unencrypted making them prone to DoS attacks. iii. Management frames that are used to report network topology are not encrypted thus enabling attacker to analyse the network layout [4]. iv. GTK is shared amongst all authorized clients of the network. A malicious authorized client may inject spoofed GTK packets in the network. Thus, an authorized user can sniff and decrypt data of other authorized users and may install malware and compromise other user’s devices [26, 32]. This is known as Hole196 vulnerability. WPA/WPA2 Enterprise which is based on port-based 802.1X access control protocol is prone to this vulnerability. v. WPA 2 is expensive for the already deployed networks since CCMP and AES implementation needs change in the existing network hardware [7]. vi. Deauthentication may lead to MAC address spoofing.

New PN and key identifier are used to construct the 64 bit CCMP header. In this CCM originator processing step, temporal key, AAD, nonce, and MPDU data are used to form the cipher text and MIC. Encrypted MPDU is formed by combining the CCMP header, original MPDU header, encrypted data and MIC.

CCMP decryption process consists of following steps: i. AAD and nonce values are obtained from encrypted MPDU. ii. The AAD is constructed from MPDU header of encrypted MPDU. iii. MPDU address 2 (A2), PN, and Priority fields are used to construct nonce value. iv. In this CCM recipient processing steps, temporal key, MIC, AAD, nonce and MPDU cipher text data are combined to reconstruct the MPDU plaintext. Also, integrity of AAD and MPDU plaintext is verified.

TABLE I COMPARISON OF WIRELESS LAN SECURITY PROTOCOLS: WEP, WPA AND WPA2

WEP

WPA

WPA2

Overcome the flaws of WEP without requiring new hardware, Implements majority of IEEE 802.11i standard

Implements completely IEEE 802.11i standard and an enhancement over WPA

Rivest Cipher 4 (RC4)

Temporal (TKIP)

Counter Mode with Cipher block Chaining Message Authentication Code Protocol (CCMP) using block cipher Advanced Encryption Standard (AES)

Authentication

WEP-Open Shared

WPA-PSK and WPA-Enterprise

WPA2-Personal and WPA2-enterprise

Data Integrity

CRC-32

Michael (generates Message Integrity Code (MIC))

Cipher block chaining message authentication code (CBC-MAC)

Key Management

Lack of key management

Provides robust key management and

Provides robust key management and keys are

Purpose

Data Privacy

Provide comparable networks

to

security wired

Key

Integrity

Protocol

(Encryption)

and

WEP-

362

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) keys are generated through four way handshake

generated through four way handshake

Hardware Compatibility

Works on hardware

existing

Works on existing hardware through firmware upgrades on NIC

Supported in Wi-Fi devices certified since 2006, Does not work with older NIC

Attacks/ Vulnerabilities

Chopchop, Bittau’s fragmentation, FMS and PTW attack, DoS attacks

Chopchop, Ohigashi-Morii, WPA-PSK, Beck-Tews and Michael Reset Attack and Hole 196 vulnerability, DoS attacks

Hole 196 vulnerability, DoS attacks due to unencrypted management and control frames, MAC address spoofing due to Deauthentication, Offline dictionary attacks in WPA2-Personal

Deployment complexity

Easy to configure

and

Complicated setup required for WPAenterprise

Complicated enterprise

Replay attack protection

No protection replay attacks

against

Implements sequence counter for replay protection

48 bit packet number prevents replay attacks

setup

setup

required

for

WPA2-

V. CONCLUSION This paper presents different protocols for securing Wireless LAN. WEP is unable to provide security against various threats and attacks. Then, WPA was introduced which was an interim solution to the security flaws identified in WEP. But, it is still prone to various attacks like Beck-Tews, Chopchop etc. Thus, WPA2 was introduced providing an enhancement over WPA. WPA2 provides stronger encryption by using block cipher AES but it is still vulnerable to attacks due to sharing of GTK among clients and transmission of unencrypted control and management frames. Also, WPA2 does not support legacy hardware unlike WPA [20, 22]. Thus, arises the need to provide a solution to WPA2 deficiencies in order to secure wireless networks against these attacks. It is hoped that in the continuing paper, we will propose the solution addressing WPA2 shortcomings.

[5] J. C. M. Changhua He, ―Security Analysis and Improvements for IEEE 802.11i,‖ in 12th Annual Network and Distributed System Security Symposium, 2005 [6] A.K.M. Nazmus Sakib, Fariha Tasmin Jaigirdar, Muntasim Munim, Armin Akter, ―Security Improvement of WPA 2 (Wi-Fi Protected Access 2)‖, International Journal of Engineering Science and Technology (IJEST), Vol. 3 No. 1 Jan 2011 [7] Frank H. Katz, ―WPA vs. WPA2: Is WPA2 Really an Improvement on WPA?‖ in 2010 4th Annual Computer Security Conference (CSC 2010), April 15-16, 2010, Coastal Carolina University, Myrtle Beach, SC. [8] Martin Beck, Erik Tews, ―Practical attacks against WEP and WPA‖, in WiSec '09: Proceedings of the second ACM conference on Wireless network security, New York, USA, ACM (2009) [9] Alexander Gutjahr, Albert Ludwigs University, Freiburg. ―Wired Equivalent Privacy (WEP) Functionality, Weak Points, Attacks‖

References

[10] Shadi R. Masadeh, Nidal Turab, ―A Formal Evaluation of the Security Schemes for Wireless Networks‖, Research Journal of Applied Sciences, Engineering and Technology 3(9): 910-913, 2011

[1] Jason Bonde, Wireless Security, University of Minnesota UMM CSci Senior Seminar Conference Morris, MN.

[11] Se Hyun Park, Aura Ganz, Zvi Ganz, ―Security protocol for IEEE 802.11 wireless local area network‖, Mobile Networks and Applications. Vol. 3. 1998

[2] National Institute of Standards and Technology NIST 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, http://csrc.nist.gov/publications/nistpubs/800-97/SP80097.pdf

[12] Halil Ibrahim Bulbul, Ihsan Batmaz, Mesut Ozel, ―Wireless Network Security: Comparison of WEP (Wired Equivalent Privacy) Mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) Security Protocols‖; in Proceedings of the 1st international conference on Forensic applications and techniques, information, and multimedia and workshop, (Adelaide, Australia, January 21-23, 2008), ICST, Brussels, Belgium, 2008

[3] Arash Habibi Lashkari, Masood Mansoori, Amir Seyed Danesh, ―Wired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA)‖, in ICCDA Singapore Conference, 2009 [4] Paul Arana, ―Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)‖, INFS 612-Fall 2006

363

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) [13] Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin. Breaking 104 bit wep in less than 60 seconds. Cryptology ePrint Archive, Report 2007/120 (2007)

[28] A. Chiornita, L. Gheorghe, and D. Rosner. A practical analysis of EAP authentication methods. In Roedunet International Conference (RoEduNet), 2010 9th, pages 31 - 35, June 2010.

[14] Scott Fluhrer, Itsik Mantin, Adi Shamir, ―Weaknesses in the Key Scheduling Algorithm of RC4‖, In Eight Annual Workshop on Selected Areas in Cryptography, August 2001.

[29] K. Benton, ―The evolution of 802.11 wireless security‖, INF 795, April 18th, 2010. UNLV Informatics-Spring 2010 [30] Andrea Bittau, Mark Handley, Joshua Lackey. The final nail in WEP's coffin, IEEE Symposium on Security and Privacy, pages 386-400. IEEE Computer Society, 2006.

[15] Nidal Turab, Florica Moldoveanu, ―A Comparison between Wireless LAN Security Protocols‖, Series C, Vol. 71, No. 1, 2009, ISSN: 1454-234x, Scientific Bulletin of UPB.

[31] C. Rigney, S. Willens, A. Rubens, W. Simpson, ―Remote Authentication Dial In User Service (RADIUS)‖, RFC 2865, June 2000.

[16] Jyh-Cheng Chen, Ming-Chia Jiang, Yi-Wen Liu, ―Wireless LAN Security and IEEE 802.11i‖, IEEE Wireless Communications, vol. 12, no. 1, pp. 27–36, Feb. 2005

[32] C. He, J. C. Mitchell, ―Analysis of the 802.11i 4-way handshake‖ in Proceedings of the Third ACM International Workshop on Wireless Security (WiSe’04), 2004.

[17] Microsoft Technet Library, How 802.11 Wireless Works, Technical Reference, Available: http://technet.microsoft.com/enus/library/cc757419(WS.10).aspx

[33] V. Moen, H. Raddum, K. J. Hole, ―Weakness in the Temporal Key Hash of WPA‖, ACM SIGMOBILE Mobile Computing and Communications Review, April 2004.

[18] Erik Tews, ―Attacks on the wep protocol‖, Cryptology ePrint Archive, Report 2007/471, 2007 [19] Marko Ihonen, Anssi Salo, Tuomo Timonen, Laboratory of Communications Software, Lappeenranta University of Technology, 802.11 Security Protocols, Seminar Report [20] Joon S.Park, Derrick Dicoi, Syracuse University, ―WLAN Security: Current and Future‖, IEEE Computer Society, October 2003. [21] Nidal Turab, Shadi Masadeh, ―Recommendations guide for WLAN Security‖, The International Journal of ACM Jordan, Vol. 1, No. 1, March 2010 [22] Wong Stanley GSEC "The evolution of wireless security in 802.11 networks: WEP, WPA and 7802.11 standards" Practical v1.4b, SANS institute, May 20, 2003 [23] Arunesh Mishra, William, A. Arbaugh, ―An Initial Security Analysis of The IEEE 802.1X Standard‖, University of Maryland, Department of Computer Science and University of Maryland Institute for Advanced Computer Studies Technical Report CS-T R4328 and UMIACS-TR-2002-10 6 February 2002 [24] Benjamin Miller, WPA2 Security: Choosing the Right WLAN Authentication Method for Homes and Enterprises, Global Knowledge, 2008 [25] Lehembre, Guillaume. ―Wi-Fi security –WEP, WPA and WPA2‖, Article published in number 1/2006 (14) of hakin9, Jan. 2006. Publication on www.hsc.fr [26] Songhe Zhao, Shoniregun, C.A., Imafidon, C, "Addressing the vulnerability of the 4-way handshake of 802.11i", in Proceedings of the 3rd ACM workshop on Wireless security, Philadelphia, PA, USA, 2004, pp. 43 - 50. [27] Arockiam .L. and Vani .B, ―A Survey of Denial of Service Attacks and its Countermeasures on Wireless Network‖, International Journal on Computer Science and Engineering, Vol.02, No. 05, pp. 1563-1571, 2010.

364