Abstract
In Wi-Fi Protected Access 3 (WPA3), a secure connection is established in two sequential stages. Firstly, in the authentication and association stage, a pairwise master key (PMK) is generated. Secondly, in the post-association stage, a pairwise transient key (PTK) is generated from PMK using the traditional 4-way handshake protocol. To reduce the heavy load of the first stage, PMK caching can be used. If the client and AP are previously authenticated and have a PMK cache, the first heavy stage can be skipped and the cached PMK can be used to directly execute the 4-way handshake. However, PMK caching is a very primitive technology to manage shared key between a client and AP and there are many limitations; AP has to manage a stateful cache for a large number of clients, cache lifetime is limited, etc. Paired token (PT)is a new secondary credential scheme that provides stateless pre-shared key (PSK) in a client-server environment. The server issues a paired token (public token and secret token) to an authenticated client where the public token has the role of signed identity and the secret token is a kind of shared secret. Once a client is equipped with PT, it can be used for many symmetric key-based cryptographic applications such as authentication, authorization, key establishment, etc. In this paper, we apply the PT approach to WPA3 and try to replace the PMK caching with the one-time authenticated key establishment using PT. At the end of a successful full handshake, AP securely issues PT to the client. Then, in subsequent re-association requests, the client and AP can compute the same one-time authenticated PMK using PT in a stateless way. Using this kind of stateless re-association technology, AP can provide a high performance Wi-Fi service to a larger number of clients.
Highlights
WPA2 has been used for a long time to protect Wi-Fi communications, there have been many criticisms regarding the limitations of Wi-Fi Protected Access 2(WPA2) [1]
Once a client is equipped with Paired token (PT), it can be used for many symmetric key-based cryptographic applications such as authentication, authorization, key establishment, etc
WPA2 has been used for a long time to protect Wi-Fi communications, there have been many criticisms regarding the limitations of Wi-Fi Protected Access 2 (WPA2) [1]
Summary
WPA2 has been used for a long time to protect Wi-Fi communications, there have been many criticisms regarding the limitations of Wi-Fi Protected Access 2. The second stage is the post-association stage using the traditional 4-way handshake It confirms the mutual authenticity of client and AP and generates the pairwise transient key (PTK) from PMK. In WPA3-Open, an unauthenticated DH key exchange is required If it should be repeated in every connection request, the consumption time will be very long both for client and for AP. The client can request re-association by presenting a valid PMKID, and AP tries to find the corresponding PMK in the cache If it is successful, heavy authentication of the first stage is skipped and the 4-way handshake is executed using the cached PMK. The client can request re-association using PT In this stage, the client and AP can compute the same one-time authenticated PMK from PT and use it to compute.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
