Two mainstream techniques are traditionally used to authorize access to a WiFi network. Small scale networks usually rely on the offline distribution of a WPA/WPA2 static preshared secret key (PSK); security hence relies on the fact that this PSK is not leaked by end user, and is not disclosed via dictionary or brute-force attacks. On the other side, Enterprise and large scale networks typically employ online authorization using an 802.1X-based authentication service leveraging a backend online infrastructure (e.g. Radius servers/proxies). In this work, we propose a new mechanism which does not require neither online operation nor backend access control infrastructure, but which does not force us to rely on a static pre-shared secret key. The idea is very simple, yet effective: directly broadcast in the WLAN beacons an encrypted version of the secret key required to access the WLAN network, so that only the users which possess suitable authorization credentials can decrypt and use it. This proposed approach clearly decouples the management of authorization credentials, issued offline to the authorized end users, from the actual secret key used in the WLAN network, which can thus be in principle changed at each new user's access. The solution described in the paper relies on attribute-based encryption, and is designed to be compatible with WPA2 and deployable within standard 802.11 management frames. Since no user identification is required (access control is based on attributes rather than on the user identity), the proposed approach further improves privacy. We demonstrate the feasibility of the proposed solution via a concrete implementation in Linux-based devices and via relevant testing in a real-world experimental setup.

Pisa, C., Caponi, A., Dargahi, T., Bianchi, G., BLEFARI MELAZZI, N. (2016). WI-FAB: Attribute-based WLAN access control, without pre-shared keys and backend infrastructures. In HotPOST '16 Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking (pp.31-36). Association for Computing Machinery, Inc [10.1145/2944789.2949546].

WI-FAB: Attribute-based WLAN access control, without pre-shared keys and backend infrastructures

PISA, CLAUDIO;CAPONI, ALBERTO;BIANCHI, GIUSEPPE;BLEFARI MELAZZI, NICOLA
2016-01-01

Abstract

Two mainstream techniques are traditionally used to authorize access to a WiFi network. Small scale networks usually rely on the offline distribution of a WPA/WPA2 static preshared secret key (PSK); security hence relies on the fact that this PSK is not leaked by end user, and is not disclosed via dictionary or brute-force attacks. On the other side, Enterprise and large scale networks typically employ online authorization using an 802.1X-based authentication service leveraging a backend online infrastructure (e.g. Radius servers/proxies). In this work, we propose a new mechanism which does not require neither online operation nor backend access control infrastructure, but which does not force us to rely on a static pre-shared secret key. The idea is very simple, yet effective: directly broadcast in the WLAN beacons an encrypted version of the secret key required to access the WLAN network, so that only the users which possess suitable authorization credentials can decrypt and use it. This proposed approach clearly decouples the management of authorization credentials, issued offline to the authorized end users, from the actual secret key used in the WLAN network, which can thus be in principle changed at each new user's access. The solution described in the paper relies on attribute-based encryption, and is designed to be compatible with WPA2 and deployable within standard 802.11 management frames. Since no user identification is required (access control is based on attributes rather than on the user identity), the proposed approach further improves privacy. We demonstrate the feasibility of the proposed solution via a concrete implementation in Linux-based devices and via relevant testing in a real-world experimental setup.
8th MobiHoc International Workshop on Hot Topics in Planet-Scale mObile Computing and Online Social Networking, HotPOST 2016
deu
2016
Rilevanza internazionale
contributo
2016
Settore ING-INF/03 - TELECOMUNICAZIONI
English
Attribute-based access control; Attribute-based encryption; Privacy preserving; WLAN federation; WPA; WPA2;
Intervento a convegno
Pisa, C., Caponi, A., Dargahi, T., Bianchi, G., BLEFARI MELAZZI, N. (2016). WI-FAB: Attribute-based WLAN access control, without pre-shared keys and backend infrastructures. In HotPOST '16 Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking (pp.31-36). Association for Computing Machinery, Inc [10.1145/2944789.2949546].
Pisa, C; Caponi, A; Dargahi, T; Bianchi, G; BLEFARI MELAZZI, N
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/183550
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? ND
social impact