Stupify: A Hardware Countermeasure of KRACKs in WPA2 using Physically Unclonable Functions

A digital communication network is typically the backbone of world wide web and web based applications. Security protocols, specifically in wireless network has undergone several rounds of modifications and upgrades in order to prevent supplicants (or clients) or authenticators (or access points) from attackers either sitting physically around the wireless coverage area or being hooked up to a wired network connected to wireless clients. The latest security protocol in the series is WPA2 (Wi-Fi Protected Access II) which has been implemented in most of the Wi-Fi stations (clients or access points) that are being used in traditional wireless networking as well as recent IoT and CPS devices. Recently a severe replay attack named Key Reinstallation AttaCK (KRACK) has shown that the handshake in WPA2 protocol suite can be compromised and enforce the stations to reuse an old set of initialization vectors (IVs). In this work, we propose to use an unconventional hardware security primitive named Physically Unclonable Functions (PUFs) to nullify the impact of KRACK attack by ensuring a mutual authentication before establishing the communication between the authenticators and the supplicants. In this demo, we show i) how the hardware intrinsic properties of a device can be leveraged to embed a PUF instance in each device, ii) a working prototype of PUF based authentication protocol using Z-Turn board integrated with dual-core ARM Cortex-A9 processor and Artix-7 FPGA, iii) how this protocol can be integrated with existing handshake protocol in WiFi network to resist against KRACK attacks.