User authentication at Wi-Fi Access Points (APs) is becoming an important issue. Wi-Fi APs are indeed ubiquitous, but existing authentication methods such as WPA/WPA2 static pre-shared secret key (PSK), or 802. IX-based online authentication services (e.g., RADIUS servers/proxies) have their theoretical or practical limitations. In a previous work, we proposed WI-FAB, a new authentication mechanism which neither requires online backend access control infrastructure, nor relies on a static pre-shared secret key. In this paper, we extend WI-FAB by removing the need for having a central authority for user authentication and credential issuing. Our main contribution is twofold: (i) adopting decentralized multi-authority CP-ABE, we support the users who have authentication/authorization credentials from multiple authorities. We decouple the user credentials issuing from the management of the WPA2-PSK, so that neither the credential issuing authority can track the users, nor the AP can access the real identity of the users. Considering an extensive attack model, we show that the proposed approach is secure and preserves the privacy of the users. (ii) We provide a real-world implementation of the proposed approach on off-the-shelf embedded hardware to demonstrate its feasibility and efficiency.
Pisa, C., Dargahi, T., Caponi, A., Bianchi, G., Blefari-Melazzi, N. (2017). On the Feasibility of Attribute-Based Encryption for WLAN Access Control. In 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) (pp.783-790). 345 E 47TH ST, NEW YORK, NY 10017 USA : IEEE [10.1109/WiMOB.2017.8115806].
On the Feasibility of Attribute-Based Encryption for WLAN Access Control
Pisa, C;Caponi, A;Bianchi, G;Blefari-Melazzi, N
2017-01-01
Abstract
User authentication at Wi-Fi Access Points (APs) is becoming an important issue. Wi-Fi APs are indeed ubiquitous, but existing authentication methods such as WPA/WPA2 static pre-shared secret key (PSK), or 802. IX-based online authentication services (e.g., RADIUS servers/proxies) have their theoretical or practical limitations. In a previous work, we proposed WI-FAB, a new authentication mechanism which neither requires online backend access control infrastructure, nor relies on a static pre-shared secret key. In this paper, we extend WI-FAB by removing the need for having a central authority for user authentication and credential issuing. Our main contribution is twofold: (i) adopting decentralized multi-authority CP-ABE, we support the users who have authentication/authorization credentials from multiple authorities. We decouple the user credentials issuing from the management of the WPA2-PSK, so that neither the credential issuing authority can track the users, nor the AP can access the real identity of the users. Considering an extensive attack model, we show that the proposed approach is secure and preserves the privacy of the users. (ii) We provide a real-world implementation of the proposed approach on off-the-shelf embedded hardware to demonstrate its feasibility and efficiency.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
