Abstract
Wireless enterprise networks with a central authentication server are very common in companies due to their simple serviceability. Roaming between wireless cells of these enterprise networks usually results in connection interrupts because of long authentication times, which are very negative for near realtime communication like VoIP calls. Fast handover in enterprise networks demands therefore a fast authentication and key exchange protocol.
We propose an extensible authentication protocol (EAP) for this purpose that is explicitely optimized to reduce authentication times, while still providing a high security level. The ”Mutual Preimage Authentication” (MPA) protocol offers a secure authentication of both sides and a secure key agreement with only two cryptographic messages and symmetric cryptography. Even more, the MPA protocol provides non-repudiation for the authentication process.
Our contribution includes a formal security proof under an enhanced Canetti-Krawczyk (eCK) based security model and a practical performance analysis on the basis of a proof-of-concept implementation [4], where we demonstrate the efficiency of our protocol in comparison with common efficient EAP protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Beck, M., Tews, E.: Practical attacks against wep and wpa. Cryptology ePrint Archive, Report 2008/472 (2008), http://eprint.iacr.org/
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: Lecture Notes in Computer Science, pp. 154–170 (1999)
Borrmann, M.: Implementierung eines effizienten eap-protokolls. Diplomathesis, Ruhr-University Bochum (2009)
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
Calhoun, P., Loughney, J., Guttman, E., Zorn, G., Arkko, J.: Diameter base protocol. RFC3588, Network Working Group (2003)
LAN/MAN Standards Committee. Ieee standard for local and metropolitan area networks – port-based network access control. IEEE 802.1X, IEEE Computer Society (2004)
Cordasco, J., Meyer, U., Wetzel, S.: Implementation and performance evaluation of eap-tls-ks. In: Securecomm and Workshops, pp. 1–12 (2006)
Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of rc4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
IEEE 802.11 Working Group. Ieee standard for information technology – part 11: Wireless lan medium access control (mac) and physical layer (phy) specifications/amendment 6: Medium access control (mac) security enhancements. IEEE 802.11i, IEEE Computer Society (2007)
Huang, H., Cao, Z.: Authenticated key exchange protocols with enhanced freshness properties. Cryptology ePrint Archive, Report 2009/505 (2009), http://eprint.iacr.org/
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. Cryptology ePrint Archive, Report 2006/073 (2006), http://eprint.iacr.org/
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Malinen, J.: Host ap project (hostapd/wpa_supplicant). Website (2009), http://hostap.epitest.fi/
Noack, A.: Sicherheitsanalyse von eap-protokollen. Masterthesis, Ruhr-University Bochum (2007)
Opensource. Freeradius project (2009), http://freeradius.org/
Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote authentication dial in user service (radius). RFC2865, Network Working Group (2000)
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004), http://eprint.iacr.org/
Tews, E.: Attacks on the wep protocol. Cryptology ePrint Archive, Report 2007/471 (2007), http://eprint.iacr.org/
Tews, E., Weinmann, R.-P., Pyshkin, A.: Breaking 104 bit wep in less than 60 seconds. Cryptology ePrint Archive, Report 2007/120 (2007), http://eprint.iacr.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Noack, A., Borrmann, M. (2010). Mutual Preimage Authentication for Fast Handover in Enterprise Networks. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)