Secure Authentication and Four-Way Handshake Scheme for Protected Individual Communication in Public Wi-Fi Networks

Abstract

This paper proposes a secure key exchange scheme for Wi-Fi protected access II pre-shared key (WPA2-PSK)-based public Wi-Fi networks. The existing public Wi-Fi networks have several vulnerabilities, which are caused by eavesdropping stations in the same network. The main problem is that all stations in the same network have the same pre-shared key after the association. The attackers can derive an encryption key by eavesdropping on the four-way handshake procedure. Thus, we apply an elliptic curve public key cryptography concept to the proposed scheme to keep the key safe. In the proposed scheme, only an access point (AP) has its public key and private key pair. The proposed scheme solves the problem by exchanging a secondary key that each user determines or generated in the station during the authentication procedure. In the proposed scheme, the secondary key is encrypted by a station before it is transmitted to the AP. The AP can only decrypt the encrypted authentication message using its private key. By using the secondary key, each user can generate a unique pre-shared key and other following keys, which are derived from the four-way handshake procedure. Therefore, the exchange of the secondary key can defend against attacks from the malicious station in the same network. The safety of the proposed scheme is analyzed by several attack scenarios defined in this paper. Consequently, the proposed scheme provides more security level, 192 bits or 256 bits, compared with the conventional WPA2-PSK-based public Wi-Fi networks.