Wireless Networks

, Volume 23, Issue 5, pp 1491–1508 | Cite as

Enhancing EAP-TLS authentication protocol for IEEE 802.11i

  • Bahareh Shojaie
  • Iman Saberi
  • Mazleena Salleh


IEEE 802.11i authentication framework is composed of the 802.1x and an extensible authentication protocol (EAP) mechanism. One of the most applicable techniques in the EAP methods is EAP-transport layer security (EAP-TLS). The EAP-TLS implementation issues are high execution time; high number of data exchanges between two parties and possibility of closing connection as a result of modification in the contents of the handshake messages, which are all addressed in this paper. This research analyses the EAP-TLS in WLANs to improve this method’s efficiency in terms of the security analysis, time and memory usage. Based on the results, this research proposes an enhanced method with a discrete cryptographic mechanisms and a distinct handshake structure, which reduces the number of steps in the handshake protocol. This enhanced method also provides robust security compared to the original EAP-TLS with approximately the same level of memory usage, which reduces execution time significantly.


EAP-TLS ECDSA handshake protocol MITM attack, finished message 



Ministry of Education (MOE), Malaysia and UTM under the Grant Vote No. (02G37) support this work.


  1. 1.
    He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.CrossRefGoogle Scholar
  2. 2.
    Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.CrossRefGoogle Scholar
  3. 3.
    Chunta, L., & Minshiang, H. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.CrossRefGoogle Scholar
  4. 4.
    RFC2284. (1998). Extensible authentication protocol (EAP) (pp. 1–15). Network Working Group.Google Scholar
  5. 5.
    Khan, M. K., Kim, S. K., & Alghathbar, K. S. (2011). Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Computer Communications, 34(3), 305–309.CrossRefGoogle Scholar
  6. 6.
    RFC5216. (2008). The EAP-TLS authentication protocol. Network Working Group.Google Scholar
  7. 7.
    Chiornită, A., Gheorghe, L., & Rosner, D. (2010). A practical analysis of EAP authentication methods. In Roedunet international conference (RoEduNet), 24–26 June 2010, pp. 31–35.Google Scholar
  8. 8.
    Liu, X., & Fapojuwo, A. (2005). An efficient SIM-based authentication and key distribution method for wireless LANs. In Canadian conference on electrical and computer engineering, 1–4 May 2005, pp. 1169–1172. doi: 10.1109/CCECE.2005.1557185.
  9. 9.
    Bhakti, M. A. C., Abdullah, A., & Jung, L. T. (2007). EAP-based authentication for ad hoc network. In Seminar Nasional Aplikasi Teknologi Informasi (SNATI).Google Scholar
  10. 10.
    Sung-Hyun, E., & Hyoung-Kee, C. (2008). EAP-Kerberos II: An adaptation of Kerberos to EAP for mutual authentication. In IEEE international conference on ITS telecommunications.Google Scholar
  11. 11.
    Latze, C., Ultes-Nitsche, U., & Baumgartner, F. (2008). Strong mutual authentication in a user-friendly way in EAP-TLS (pp. 1–5).Google Scholar
  12. 12.
    Memon, I., Mohammed, M. R., Akhtar, R., Memon, H., Memon, M. H., & Shaikh, R. A. (2014). Design and implementation to authentication over a GSM system using certificate-less public key cryptography (CL-PKC). Wireless Personal Communications, 79(1), 661–686.CrossRefGoogle Scholar
  13. 13.
    Wu, Liufei F., Zhang, Yuqing, & Wang, Fengjiao. (2009). A new provably secure authentication and key agreement protocol for SIP using ECC. Computer Standards & Interfaces, 31(2), 286–291.CrossRefGoogle Scholar
  14. 14.
    Ma, Y., & Coo, X. (2003) How to use EAP-TLS authentication in PWLAN environment. In IEEE international conference neural networks and signal processing (pp. 1677–1680), Nanjing, China.Google Scholar
  15. 15.
    Cordasco, J., Meyer, U., & Wetzel, S. (2005). Implementation and performance evaluation of EAP-TLS-KS (pp. 1–12). New Jersey.Google Scholar
  16. 16.
    Kambourakis, G., Rouskas, A., Kormentzas, G., & Gritzalis, S. (2004). Advanced SSL/TLS-based authentication for secure WLAN-3G interworking. In IEE Proceedings, Communications, 24 October 2004, pp. 501–506. doi: 10.1049/ip-com:20040835.Google Scholar
  17. 17.
    Akhtar, R., Leng, S., Memon, I., Ali, M., & Zhang, L. (2014). Architecture of hybrid mobile social networks for efficient content delivery. Wireless Personal Communications, 80(1), 85–96.CrossRefGoogle Scholar
  18. 18.
    Memon, I. (2015). Authentication users privacy: An integrating location privacy protection algorithm for secure moving objects in location based services. Wireless Personal Communications, 82(3), 1585–1600.CrossRefGoogle Scholar
  19. 19.
    Latze, C., & Ultes-Nitsche, U. (2008). A proof-of-concept implementation of EAP-TLS with TPM support. In ISSA.Google Scholar
  20. 20.
    RFC3766. (2004). Determining strengths for public keys used for exchanging symmetric keys (pp. 1–23). Network Working Group.Google Scholar
  21. 21.
    Zhao, Y., Lin, C., & Yin, H. (2006). Security authentication of 3G-WLAN interworking. In 20th international conference on advanced information networking and applications.Google Scholar
  22. 22.
    Yang, J.-H., & Chang, C.-C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28(3–4), 138–143.CrossRefGoogle Scholar
  23. 23.
    Buttyán, L., Dóra, L. (2009). An authentication scheme for QoS-aware multi-operator maintained wireless mesh networks (pp. 1–6).Google Scholar
  24. 24.
    Huang, L., Huang, Y., Gao, Z., Lin, J., & Jiang, X. (2009) Performance of authentication protocols in LTE environments. In 2009 international conference on computational intelligence and security (pp. 293–297). 28(3-4):138–143.Google Scholar
  25. 25.
    Badra, M. (2011). Securing communications between multiple entities using a single TLS session (pp. 1–4).Google Scholar
  26. 26.
    RFC2716. (1999). PPP EAP TLS authentication protocol (pp. 1–24). Network Working Group.Google Scholar
  27. 27.
    Xu, Q., Wan, C., & Hu, A. (2008). The performance analysis of fast EAP re-authentication protocol. In ISCSCT2008 (pp. 99–103).Google Scholar
  28. 28.
    Hwang, S., Cho, S., & Park, S. (2009). Keystroke dynamics-based authentication for mobile devices. Computers & Security, 28(1–2), 85–93.CrossRefGoogle Scholar
  29. 29.
    Systems, C. (2002). Extensible authentication protocol transport layer security deployment guide for wireless LAN networks (pp. 1–42).Google Scholar
  30. 30.
    Mitchell, J., Roy, A., Rowe, P., & Scedrov, A. (2008). Analysis of EAP-GPSK authentication protocol. In S. Bellovin, R. Gennaro, A. Keromytis, & M. Yung (Eds.), Applied cryptography and network security (Vol. 5037, pp. 309–327). Berlin: Springer.CrossRefGoogle Scholar
  31. 31.
    Narmadha, R., & Malarkan, S. (2012). Performance evaluation of EAP-TLS authentication protocol for UMTS-WiMAX interworking. In P. V. Krishna, M. R. Babu, & E. Ariwa (Eds.), Global trends in computing and communication systems (Vol. 269, pp. 697–702). Berlin: Springer.CrossRefGoogle Scholar
  32. 32.
    Marin, R., Zapata, S., & Gomez, A. (2007). Secure protocol for fast authentication in EAP-based wireless networks. In O. Gervasi & M. Gavrilova (Eds.), Computational science and its applications–ICCSA 2007 (Vol. 4706, pp. 1038–1051). Berlin: Springer.CrossRefGoogle Scholar
  33. 33.
    Narmadha, R., Malarkan, S., & Ramesh, C. (2011). Performance analysis of signaling cost on EAP-TLS authentication protocol based on cryptography. International Journal of Computer Applications, 33(7), 18–23.Google Scholar
  34. 34.
    Robshaw, M. J. B., & Yin, Y. L. (1997). Elliptic curve cryptosystems. An RSA Laboratories Technical Note.Google Scholar
  35. 35.
    Burr, W. E., Dodson, D. F., & Polk, W. T. (2004). Electronic authentication guideline. US Department of Commerce, Technology Administration, National Institute of Standards and Technology.Google Scholar
  36. 36.
    Forouzan, B. A. (2008). Traditional Symmetric-Key Ciphers. In Introduction to cryptography and network security (1st ed.). New York, NY: McGraw-Hill.Google Scholar
  37. 37.
    Saberi, I., Shojaie, B., & Salleh, M. (2011). Enhanced key expansion for AES-256 by using even-odd method. In 2nd international conference on research and innovation in information systems2011 (ICRIIS’11) (pp. 5), IEEE, Kuala Lumpur.Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Hamburg UniversityHamburgGermany
  2. 2.Technical University of HamburgHamburgGermany
  3. 3.University Technology MalaysiaJohor BahruMalaysia

Personalised recommendations