Article
Version 1
Preserved in Portico This version is not peer-reviewed
Stateless Reassociation in WPA3 Using Paired Token
Version 1
: Received: 13 December 2020 / Approved: 14 December 2020 / Online: 14 December 2020 (14:01:50 CET)
A peer-reviewed article of this Preprint also exists.
Lee, B. Stateless Re-Association in WPA3 Using Paired Token. Electronics 2021, 10, 215. Lee, B. Stateless Re-Association in WPA3 Using Paired Token. Electronics 2021, 10, 215.
Abstract
In WPA3 secure connection is executed in two sequential stages. Firstly, in authentication and association stage a pairwise master key (PMK) is generated. Secondly, in post-association stage a pairwise transient key (PTK) is generated from PMK using the traditional 4-way handshake protocol. To reduce the heavy computation of the first stage PMK caching can be used. If client and AP are previously authenticated and has PMK cache, client can skip the first heavy stage and reuse the cached PMK to directly execute the 4-way handshake. But PMK caching is a very primitive technology to manage shared key between client and AP and there are many limitations; AP has to manage stateful cache for multiple clients, cache lifetime is limited, etc.
Paired token (PT) \cite{LZ} is a new secondary credential scheme that provides stateless pre-shared key (PSK) in client-server environment. Server issues paired token (public token and secret token) to authenticated client where public token has the role of signed identity and secret token is a kind of shared secret. Once client is equipped with PT, it can be used for many symmetric key based cryptographic applications such as authentication, authorization, key establishment, etc.
In this paper we apply the PT approach to WPA3 and try to replace the PMK caching with the one-time authenticated key establishment using PT. At the end of the authentication and association stage AP securely issues PT to client. Then in reassociation stage client and AP can compute the same one-time authenticated PMK from PT in stateless way and compute PTK using the traditional 4-way handshake protocol. Using this kind of stateless reassociation technology AP can provide high performance service to huge number of clients.
Keywords
Wi-Fi; WPA3; PMK caching; Stateless reassociation; Paired token; Secondary credential; JSON web token; One-time authenticated key establishment
Subject
Computer Science and Mathematics, Information Systems
Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Comments (0)
We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.
Leave a public commentSend a private comment to the author(s)
* All users must log in before leaving a comment