An EAP-EHash authentication method adapted to resource constrained terminals

  • Omar Cheikhrouhou
  • Maryline Laurent
  • Amin Ben Abdallah
  • Maher Ben Jemaa
Article

DOI: 10.1007/s12243-009-0135-9

Cite this article as:
Cheikhrouhou, O., Laurent, M., Abdallah, A.B. et al. Ann. Telecommun. (2010) 65: 271. doi:10.1007/s12243-009-0135-9

Abstract

In the era of mobile and wireless networks, the growing complexity of end devices and the accentuated tendency towards miniaturization of them raise new security challenges. Authentication is a crucial concern in resource constrained environments, and despite the great number of existing EAP methods, as explained in the article, we are still in need for EAP methods tightly adapted to wireless environments and satisfying heterogeneity of terminals and their limitations of resources. After a first comparative analysis of existing EAP methods, this article presents a new EAP-EHash method (EHash for encrypted hash) that is adapted to the highly vulnerable wireless environment by supporting mutual authentication and session key derivation and offering simplicity, rapidity, and easy-to-deploy features. This EAP-EHash was formally proven to satisfy the claimed security properties, thanks to the AVISPA tool. Implementation of it on an 802.11 testbed platform gave realistic authentication delays averaging 26 ms and thus proved that EAP-EHash is competitive to EAP-MD5 that is known to be the simplest of the EAP methods. Features of EAP-EHash include short execution delays and low bandwidth consumption, and as such, it appears attractive for wireless.

Keywords

EAP EAP methods EAP-MD5 EAP-TLS EAP-EHash Authentication protocol Validation AVISPA 

Abbreviations

3DES

Triple DES

AAA

Authentication, authorization, accounting

AK

Authentication key

AP

Access point

AS

Authentication server

AVISPA

Automated validation of internet security protocols and applications

CPU

Central processing unit

DES

Data encryption standard

DoS

Denial of service

EAP

Extensible authentication protocol

EHash

Encrypted hash

EK

Encryption key

EP

Enforcement point

IKEv2

Internet Key Exchange version 2

KDK

Key derivation key

MK

Master key

MD5

Message digest 5

MIC

Message integrity check

MITM

Man-in-the-middle

PKI

Public key infrastructure

PMK

Pairwise master key

PRF

Pseudo-random function

PSK

Pre-shared key

PTK

Pairwise transient key

SHA-1

Secure hash algorithm-1

Copyright information

© Institut TELECOM and Springer-Verlag 2009

Authors and Affiliations

  • Omar Cheikhrouhou
    • 1
  • Maryline Laurent
    • 2
  • Amin Ben Abdallah
    • 2
  • Maher Ben Jemaa
    • 1
  1. 1.Ecole Nationale d’Ingénieurs de SfaxUnité de recherche ReDCADSfaxTunisia
  2. 2.Institut TELECOMEvryFrance

Personalised recommendations