Abstract
Several statistics on the factors of attacks’ proliferation revealed the scarce deployment of entity authentication mechanisms being one of the most important. Particularly, providing seamless mobile re-authentication service for real-time inter-domain handover procedures is still an open issue. This paper is focused on the re-authentication architecture and mechanisms design, aiming to low latency re-authentication services for roaming WLAN or WiMAX terminals. Authentication architecture is specified to integrate the proposed mechanisms and a novel generic key material concept is defined in addition to the current state-of-the-art. An identity-based key material derivation method is developed, relying on the multiplicative group associativity property and the intractable underlying RSA problem. Then, the required cryptographic properties are evaluated. A simple generic key material pre-distribution mechanism is proposed and the related local re-authentication protocol. Eventually, the validation of the security properties of the re-authentication protocol, as well as the functional correctness validation of the re-authentication service is performed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std. 802.11 (2007)
IEEE-SA Standards Board, Port-based Network Access Control, IEEE Std. 802.1x-2001 (2001) ISBN 0-7381-2626-7
IEEE-SA Standards Board, Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems. Amendment 2: Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum 1, IEEE Std. 802.16e (2006)
Chen, J.J., Tseng, Y.C., Lee, H.W.: A Seamless Handoff Mechanism for IEEE 802.11 WLANs Supporting IEEE 802.11i Security Enhancements, http://www.cs.nctu.edu.tw/~yctseng/papers.pub/mobile79-handover-tunnel-apwcs2007.pdf
Lin, X., Ling, X., Zhu, H., Ho, P.H., Shen, X.: A novel localized authentication scheme in IEEE 802.11 based wireless mesh network. Intl. Journal Security and Networks 3(2) (2008)
Hong, Z., Rui, H., Man, Y.: A novel fast authentication method for mobile network access (2003), http://www.cnnic.net.cn/download/2003/11/27/142157.pdf
Calhoun, P., Montemurro, M., Stanley, D.: Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Specification, IETF, RFC 5415 (2009)
Clancy, T.: Secure Handover in Enterprise WLANs: CAPWAP, HOKEY and 802.11r. IEEE Wireless Communications Journal 15(5) (2008)
Mishra, A., Shin, M., Arbaugh, W.: An Empirical Analysis of the IEEE 802.11 MAC Layer Handoff Process. ACM SIGCOMM Computer Communication 3(2) (2003)
Long, M., Wu, C.-H., David Irwin, J.: Localized Authentication for Wireless LAN Inter-network Roaming. IEEE Communications 151(5) (2004)
Komarova, M.: Fast authentication and trust based access control in heterogeneous wireless networks, Ph.D. Thesis, Telecom-ParisTech (2008)
Huang, P.J., Tseng, Y.C.: A Fast Handoff Mechanism for IEEE 802.11 and IAPP Networks. In: Proc. of Vehicular Technology Conference, VTC 2006-Spring (2006)
The HOKEY working group documents homepage, http://datatraker.ietf.org/wg/hokey/
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP), IETF, RFC 3748 (2004), www.ietf.org/rfc/rfc3748.txt
Housley, R., Aboba, B.: Guidance for Authentication, Authorization and Accounting (AAA) Key Management, IETF, RFC 4962 (2007)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of applied cryptography. CRC Press (1996)
AVISPA project website, http://www.avispa-project.org
Dolev, D., Yao, A.: On the security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)
Vardi, M.: An automata theoretic approach to LTL, http://www.cs.rice.edu/~vardi/papers/banff94rj.ps.gz
LTL2BA translator website, http://www.lsv.ens-cachan.fr/~gastin/lt2ba/index.php
IFx tool website, http://www-if.imag.fr
Sage Math, tool website www.sagemath.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lupu, R., Borcoci, E., Rasheed, T. (2012). Identity-Based Key Derivation Method for Low Delay Inter-domain Handover Re-authentication Service. In: Laud, P. (eds) Information Security Technology for Applications. NordSec 2011. Lecture Notes in Computer Science, vol 7161. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29615-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-29615-4_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29614-7
Online ISBN: 978-3-642-29615-4
eBook Packages: Computer ScienceComputer Science (R0)