Security Verification of 802.11i 4-Way Handshake Protocol

Key management is a significant part of secure wireless communication. In IEEE 802. Hi standard, 4-way handshake protocol is designed to exchange key materials and generate a fresh pairwise key for subsequent data transmissions between the mobile supplicant and the authenticator. Due to several design flaws, original 4-way handshake protocol cannot provide satisfying security and performance. In this study, we adopt formal specification and verification methods to analyze the 4-way handshake protocol. We give its formal models utilizing two kinds of High-level Petri Nets. Based on these formal models, we use two verification methods, model checking and insecure states deduction, to perform an integrated security verification process. The verification results confirm that the 4- way handshake protocol is vulnerable to Denial-of-Service attack during handshake. To repair such vulnerability, we propose an improved key management scheme named enhanced two-way handshake protocol. According to security analysis and performance evaluation, our proposal could provide stronger security capability and cost less computation and communication time.