Extending Automated Protocol State Learning for the 802.11 4-Way Handshake

Tom Chothia; Christopher McMahon Stone; Joeri De Ruiter

doi:10.1007/978-3-319-99073-6_16

Extending Automated Protocol State Learning for the 802.11 4-Way Handshake

Tom Chothia, Christopher McMahon Stone, Joeri De Ruiter

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Citations (Scopus)

Abstract

We show how state machine learning can be extended to handle time out behaviour and unreliable communication mediums. This enables us to carry out the first fully automated analysis of 802.11 4-Way Handshake implementations. We develop a tool that uses our learning method and apply this to 7 widely used Wi-Fi routers, finding 3 new security critical vulnerabilities: two distinct downgrade attacks and one router that can be made to leak some encrypted data to an attacker before authentication.

Original language	English
Title of host publication	Computer Security
Subtitle of host publication	23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I
Editors	Javier Lopez, Jianying Zhou, Miguel Soriano
Publisher	Springer
Pages	325-345
Number of pages	21
Edition	1
ISBN (Electronic)	978-3-319-99073-6
ISBN (Print)	978-3-319-99072-9
DOIs	https://doi.org/10.1007/978-3-319-99073-6_16
Publication status	Published - 8 Aug 2018
Event	23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain Duration: 3 Sept 2018 → 7 Sept 2018

Publication series

Name	Lecture Notes in Computer Science
Volume	11098
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd European Symposium on Research in Computer Security, ESORICS 2018
Abbreviated title	ESORICS 2018
Country/Territory	Spain
City	Barcelona
Period	3/09/18 → 7/09/18

Access to Document

10.1007/978-3-319-99073-6_16Licence: None: All rights reserved

https://link.springer.com/chapter/10.1007/978-3-319-99073-6_16

Cite this

Chothia, T., McMahon Stone, C., & De Ruiter, J. (2018). Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In J. Lopez, J. Zhou, & M. Soriano (Eds.), Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I (1 ed., pp. 325-345). (Lecture Notes in Computer Science; Vol. 11098). Springer. https://doi.org/10.1007/978-3-319-99073-6_16

Chothia, Tom ; McMahon Stone, Christopher ; De Ruiter, Joeri. / Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I. editor / Javier Lopez ; Jianying Zhou ; Miguel Soriano. 1. ed. Springer, 2018. pp. 325-345 (Lecture Notes in Computer Science).

@inproceedings{ad173755173e4d329c90a8462f3d71ec,

title = "Extending Automated Protocol State Learning for the 802.11 4-Way Handshake",

abstract = "We show how state machine learning can be extended to handle time out behaviour and unreliable communication mediums. This enables us to carry out the first fully automated analysis of 802.11 4-Way Handshake implementations. We develop a tool that uses our learning method and apply this to 7 widely used Wi-Fi routers, finding 3 new security critical vulnerabilities: two distinct downgrade attacks and one router that can be made to leak some encrypted data to an attacker before authentication.",

author = "Tom Chothia and {McMahon Stone}, Christopher and {De Ruiter}, Joeri",

year = "2018",

month = aug,

day = "8",

doi = "10.1007/978-3-319-99073-6_16",

language = "English",

isbn = " 978-3-319-99072-9",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "325--345",

editor = "Lopez, {Javier } and Zhou, {Jianying } and Soriano, {Miguel }",

booktitle = "Computer Security",

edition = "1",

note = "23rd European Symposium on Research in Computer Security, ESORICS 2018, ESORICS 2018 ; Conference date: 03-09-2018 Through 07-09-2018",

}

Chothia, T, McMahon Stone, C & De Ruiter, J 2018, Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. in J Lopez, J Zhou & M Soriano (eds), Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I. 1 edn, Lecture Notes in Computer Science, vol. 11098, Springer, pp. 325-345, 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, 3/09/18. https://doi.org/10.1007/978-3-319-99073-6_16

Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. / Chothia, Tom; McMahon Stone, Christopher; De Ruiter, Joeri.
Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I. ed. / Javier Lopez; Jianying Zhou; Miguel Soriano. 1. ed. Springer, 2018. p. 325-345 (Lecture Notes in Computer Science; Vol. 11098).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Extending Automated Protocol State Learning for the 802.11 4-Way Handshake

AU - Chothia, Tom

AU - McMahon Stone, Christopher

AU - De Ruiter, Joeri

PY - 2018/8/8

Y1 - 2018/8/8

N2 - We show how state machine learning can be extended to handle time out behaviour and unreliable communication mediums. This enables us to carry out the first fully automated analysis of 802.11 4-Way Handshake implementations. We develop a tool that uses our learning method and apply this to 7 widely used Wi-Fi routers, finding 3 new security critical vulnerabilities: two distinct downgrade attacks and one router that can be made to leak some encrypted data to an attacker before authentication.

AB - We show how state machine learning can be extended to handle time out behaviour and unreliable communication mediums. This enables us to carry out the first fully automated analysis of 802.11 4-Way Handshake implementations. We develop a tool that uses our learning method and apply this to 7 widely used Wi-Fi routers, finding 3 new security critical vulnerabilities: two distinct downgrade attacks and one router that can be made to leak some encrypted data to an attacker before authentication.

U2 - 10.1007/978-3-319-99073-6_16

DO - 10.1007/978-3-319-99073-6_16

M3 - Conference contribution

SN - 978-3-319-99072-9

T3 - Lecture Notes in Computer Science

SP - 325

EP - 345

BT - Computer Security

A2 - Lopez, Javier

A2 - Zhou, Jianying

A2 - Soriano, Miguel

PB - Springer

T2 - 23rd European Symposium on Research in Computer Security, ESORICS 2018

Y2 - 3 September 2018 through 7 September 2018

ER -

Chothia T, McMahon Stone C, De Ruiter J. Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In Lopez J, Zhou J, Soriano M, editors, Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I. 1 ed. Springer. 2018. p. 325-345. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-99073-6_16

Extending Automated Protocol State Learning for the 802.11 4-Way Handshake

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this