Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Stateless Reassociation in WPA3 Using Paired Token

Version 1 : Received: 13 December 2020 / Approved: 14 December 2020 / Online: 14 December 2020 (14:01:50 CET)

A peer-reviewed article of this Preprint also exists.

Lee, B. Stateless Re-Association in WPA3 Using Paired Token. Electronics 2021, 10, 215. Lee, B. Stateless Re-Association in WPA3 Using Paired Token. Electronics 2021, 10, 215.


In WPA3 secure connection is executed in two sequential stages. Firstly, in authentication and association stage a pairwise master key (PMK) is generated. Secondly, in post-association stage a pairwise transient key (PTK) is generated from PMK using the traditional 4-way handshake protocol. To reduce the heavy computation of the first stage PMK caching can be used. If client and AP are previously authenticated and has PMK cache, client can skip the first heavy stage and reuse the cached PMK to directly execute the 4-way handshake. But PMK caching is a very primitive technology to manage shared key between client and AP and there are many limitations; AP has to manage stateful cache for multiple clients, cache lifetime is limited, etc. Paired token (PT) \cite{LZ} is a new secondary credential scheme that provides stateless pre-shared key (PSK) in client-server environment. Server issues paired token (public token and secret token) to authenticated client where public token has the role of signed identity and secret token is a kind of shared secret. Once client is equipped with PT, it can be used for many symmetric key based cryptographic applications such as authentication, authorization, key establishment, etc. In this paper we apply the PT approach to WPA3 and try to replace the PMK caching with the one-time authenticated key establishment using PT. At the end of the authentication and association stage AP securely issues PT to client. Then in reassociation stage client and AP can compute the same one-time authenticated PMK from PT in stateless way and compute PTK using the traditional 4-way handshake protocol. Using this kind of stateless reassociation technology AP can provide high performance service to huge number of clients.


Wi-Fi; WPA3; PMK caching; Stateless reassociation; Paired token; Secondary credential; JSON web token; One-time authenticated key establishment


Computer Science and Mathematics, Information Systems

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0
Metrics 0

Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.