Security analysis on Chinese wireless LAN standard and its solution

摘要

China has established its national standard for Wireless LAN, called GB15629.11-2003, in which, WLAN Authentication and Privacy Infrastructure (WAP1) was proposed. However, WAP1 can be proved insecure with the Canetti-Krawczyk model. Further analysis shows that in the standard there are also other vulnerabilities, such as inability to provide identity protection and resist key consistency attack, lack of private key verification and desirable security attributes like perfect forward secrecy, key control, etc. Therefore, a new protocol is proposed to fix the security problems of WAP1, especially those in the authentication and key agreement procedure. This protocol is designed and analyzed with a modular methodology and proved secure with the Canetti-Krawczyk model, thus it can guarantee the desirable security attributes. In addition, the presented protocol has a better performance than WAP1 in computational overhead and can also be applied to IEEE 802.11i as an authenticated key agreement protocol.