Handshake

About: Handshake is a research topic. Over the lifetime, 1105 publications have been published within this topic receiving 15166 citations. The topic is also known as: 🤝.

How effective is the IEEE 802.11 RTS/CTS handshake in ad hoc networks

Abstract: IEEE 802.11 MAC mainly relies on two techniques to combat interference: physical carrier sensing and RTS/CTS handshake (also known as "virtual carrier sensing"). Ideally, the RTS/CTS handshake can eliminate most interference. However, the effectiveness of RTS/CTS handshake is based on the assumption that hidden nodes are within transmission range of receivers. In this paper, we prove using analytic models that in ad hoc networks, such an assumption cannot hold due to the fact that power needed for interrupting a packet reception is much lower than that of delivering a packet successfully. Thus, the "virtual carrier sensing" implemented by RTS/CTS handshake cannot prevent all interference. Physical carrier sensing can complement this in some degree. However, since interference happens at receivers, while physical carrier sensing is detecting transmitters (the same problem causing the hidden terminal situation), physical carrier sensing cannot help much, unless a very large carrier sensing range is adopted, which is limited by the antenna sensitivity. We investigate how effective is the RTS/CTS handshake in terms of reducing interference. We show that in some situations, the interference range is much larger than transmission range, where RTS/CTS cannot function well. Then, a simple MAC layer scheme is proposed to solve this problem. Simulation results verify that our scheme can help IEEE 802.11 resolve most interference caused by large interference range.

Effectiveness of RTS/CTS handshake in IEEE 802.11 based ad hoc networks

Abstract: IEEE 802.11 MAC mainly relies on two techniques to combat interference: physical carrier sensing and RTS/CTS handshake (also known as “virtual carrier sensing”). Ideally, the RTS/CTS handshake can eliminate most interference. However, the effectiveness of RTS/CTS handshake is based on the assumption that hidden nodes are within transmission range of receivers. In this paper, we prove using analytic models that in ad hoc networks, such an assumption cannot hold due to the fact that power needed for interrupting a packet reception is much lower than that of delivering a packet successfully. Thus, the “virtual carrier sensing” implemented by RTS/CTS handshake cannot prevent all interference as we expect in theory. Physical carrier sensing can complement this in some degree. However, since interference happens at receivers, while physical carrier sensing is detecting transmitters (the same problem causing the hidden terminal situation), physical carrier sensing cannot help much, unless a very large carrier sensing range is adopted, which is limited by the antenna sensitivity. In this paper, we investigate how effective is the RTS/CTS handshake in terms of reducing interference. We show that in some situations, the interference range is much larger than transmission range, where RTS/CTS cannot function well. Two independent solutions are proposed in this paper. One is a simple enhancement to the IEEE 802.11 MAC protocol. The other is to utilize directional antennas. Simulation results verify that the proposed schemes indeed can help IEEE 802.11 resolve most interference caused by large interference range.

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key's associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack. All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks, and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value. Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use. Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them. Against WPA-TKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged. Because GCMP uses the same authentication key in both communication directions, it is especially affected. Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.

Method and apparatus for establishing a secure connection over a one-way data path

Abstract: Improved techniques for facilitating secure data transfer over one-way data channels or narrowband channels are disclosed Often, these channels are wireless channels provided by wireless data networks The techniques enable cryptographic handshake operations for a one-way data channel to be performed over a companion two-way data channel so that the one-way data channel is able to effectively satisfy security protocols that require two-way communications for the cryptographic handshake operations Once the cryptographic handshake operations are complete, data can be transmitted over the one-way data channel in a secure manner Additionally, the techniques also enable the cryptographic handshake operations to be performed more rapidly because the two-way channel is typically a wideband channel In which case, the use of a wideband channel instead of a narrowband channel for the cryptographic handshake operations results in latency reductions, regardless of whether the narrowband channel is a one-way channel or a two-way channel