Server based PMK generation with identity protection for wireless networks

Pairwise key generation between two parties is a fundamental problem in cryptography and computer security. In wireless networks, since it is dangerous to store any long-lived secret in wireless devices, pairwise master key (PMK) generation between two parties is based either on passwords (with low entropy) or on some other information. Due to the limited power and computational ability of wireless devices, it is preferable to design protocols with low communication cost and lightweight computation in the client side. In this paper, we propose two PMK generation protocols for wireless networks. The first is based on a shared password between the wireless client and a server (or base station) with more storage and computational power. It only needs lightweight computation for the wireless client, and achieves forward secrecy. The second protocol is used for PMK generation between two wireless devices with the help of the server. Both protocols provide the identity protection for the wireless devices and the mechanism for the server to thwart denial of service (DoS) attacks. These two features are ignored by most previous work, but they are very important for the practical implementation of wireless security protocols. To the best of our knowledge, our protocols are the first to achieve lightweight client computation, identity protection and DoS resistancy simutaneously.