Supporting secure authentication and privacy in wireless computing

The IEEE 802.11 standard for wireless LAN communications introduced the Wired Equivalent Privacy(WEP) protocol in an attempt to bring the security level of wireless systems closer to that of wired ones. Unfortunately, WEP falls short of accomplishing its security goals. Despite employing the well-known and believed-secure RC4 cipher, WEP contains several major security flaws. The flaws give rise to a number of attacks, both passive and active, that allow eavesdropping on, and tampering with, wireless transmissions. The IEEE 802.1x framework, what was known to have improved the IEEE 802.11b's weakness in user authentication, is a port-based authentication protocol. The IEEE 802.1x does not specify an authentication method, although the most common approach for WLANs is EAP, which is a framework for a variety of authentication methods. However, the IEEE 802.1x is also vulnerable to Denial of service and session highjacking attacks due to the lack of AP authentication and encryption mechanism. In this paper, we propose a Wireless LAN secure system that offers secure encrypted communication and user authentications. The purpose of the WLAN secure system that this study suggests is to improve the weakness in security of IEEE 802.1x and to guarantee a secure encrypted communication. The proposed system does not allow any faking of the identity by performing a thorough mutual authentication to all associated objects. Furthermore, it provides an integrity service by encrypting EAP-SUCCESS messages with distributed a new shared-key through the key distribution mechanism when an authentication process is executed, and securing the encrypted communication by using the 128 bit-length key.