Wireless transmission is becoming increasing ubiquitous, but there is a big black hole in the security of this kind of network. Although IEEE 802.11 provides an optionalWired Equivalent Privacy (WEP), to implement the authentication and confidentiality, it leaves a lot of vulnerabilities and threats. This paper proposes a protocol called SPRNG for wireless data-link layer security. SPRNG is based on the sender and receiver who generate in a synchronized way a pseudo-random number sequence. In each transmission, the sender and receiver use a pair of random numbers, one for data frame authentication, and the other for encryption key. The random numbers are used as “one-time passwords” for sender authentication and as fresh encryption keys for each frame. SPRNG is designed to be compatible with the existing 802.11 products. Like WEP, the current 802.11 security protocol, SPRNG uses a symmetric key as its seed. SPRNG has already been simulated and tested in experiment, it shows that SPRNG has stronger security than WEP because it reveals little information for attackers. The key problem of SPRNG, synchronization loss problem, is also presented. Though motivated by wireless security, SPRNG is generic for many other applications, especially in the point to point communication.
Qingmin Zheng, D. Pepyne, Qing Wang
Journal of Computer Science and Technology