K. Dimitrov. Analysis of the Information Security in WLAN Standards IEEE 802.11

Key Words: Wireless LAN (WLAN) security; WEP; RC4; IEEE 802.11; IEEE 802.1X; IEEE 802.11i; WPA; TKIP; WPA2; AES; CCMP; KRACK attack.

Abstract. On the basis of extensive research in the specialized literature, a critical analysis of information security protocols in the standards for IEEE 802.11 wireless LAN (WLAN, WiFi) has been carried out. Finally, some conclusions and recommendations are made. The first WLAN security protocol – WEP is extremely insecure and should not be used. Due to the inherited vulnerabilities of WEP and the fact that some parts of TKIP (such as the Michael function) have some security deficiencies, WPA has already exhausted its role as a temporary WEP fix for legacy hardware and is not recommended. Despite the mathematically proven cryptographic security of the AES standard in CBC mode, a weakness in the cryptographic key management process makes it vulnerable and leads to a security breach of WPA2 in October 2017. Although the vulnerability is removable by patch, probably a lot of WiFi-Devices have not been updated, which puts users at risk. In addition, despite updates of the firmware and recommendations from information security professionals to circumvent and/or block the protocol breach, reports emerged in October 2018 that the vulnerability to KRACK was still being exploited.