پروتکل احراز هویت مجدد امن و سریع برای جابه جایی های گسترده کاربران در شبکه های بی سیم 802.1X

نویسندگان

1 دانشجوی دکتری مهندسی کامپیوتر، دانشگاه جامع امام حسین (ع)، تهران، ایران

2 دانشیار، دانشکده مهندسی کامپیوتر، واحد زنجان، دانشگاه آزاد اسلامی، زنجان، ایران

چکیده

تامین امنیت شبکه‌های بی‌سیم، مقارن با حفظ کارآیی، مهم‌ترین موضوع در این شبکه‌ها است. پروتکل احراز هویت نوعی پروتکل رمزنگاری است که وظیفه آن سنجش اعتبار موجودیت‌ها است. موسسه IETF پروتکل‌های امنیتی معتبر ارائه‌شده را قالب استاندارد منتشر می‌کند. در این پژوهش ضمن بررسی پروتکل‌های ارائه‌شده در این حوزه و بیان مشکلات هریک، پروتکل جدیدی برای احراز هویت مجدد براساس استانداردهای IETF (RFC 6696) طراحی و ارائه گردیده است. از جمله مزایای پروتکل پیشنهادی استفاده از رمزنگاری متقارن، توابع رقابت- پاسخ و تابع درهم‌سازی است. به‌منظور ارزیابی جامع امنیتی پروتکل پیشنهادی از تحلیل امنیتی صوری استفاده شده است. همچنین، ارزیابی انجام‌گرفته به‌وسیله ابزار AVISPA نشان می‌دهد که این پروتکل در مقابل حملات متعارف، مقاوم و امن است. نتایج حاصل از ارزیابی محاسباتی پروتکل نیز نشان می‌دهد زمان احراز هویت در پروتکل پیشنهادی فقط 85/22 درصد پروتکل‌های مبتنی بر TLS است. همچنین، از طریق شبیه‌سازی در محیط NS2 نیز نتایج به‌دست‌آمده مورد تایید قرار گرفت.

کلیدواژه‌ها


عنوان مقاله [English]

Secure and Fast Re-authentication Protocol to Support Extensive Movement of Users in IEEE 802.1X Wireless Networks

نویسندگان [English]

  • Ali Mohammadi 1
  • Naser Modiri 2
1 PhD student in computer engineering, Imam Hossein University (AS), Tehran, Iran
2 Associate Professor, Faculty of Computer Engineering, Zanjan Branch, Islamic Azad University, Zanjan, Iran
چکیده [English]

Tradeoffs between security and performance are the most important issue in wireless networks. An
authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities.
Latest standards for re-authentication protocols have published by Internet Engineering Task Force (IETF).
In this research, after reviewing some protocols in this scope, a security protocol is proposed. The proposed
protocol is based on IETF standards. Fundament of RFC 6696 is exploited to develop the proposed
protocol. It offers serious advantages over the existing IEEE 802.1X standard protocols, including:
symmetric cryptosystem, challenge–response and hash chaining.

کلیدواژه‌ها [English]

  • Wireless Networks
  • Wireless Networks Security
  • 802.1X Networks
  • EAP Protocol
  • Authentication
[1] A. Uzelac and Ed, “Voice over IP (VoIP) SIP Peering
Use Cases,” Internet Engineering Task Force (IETF),
2011.
[2] T. T. Kwon, M. Gerla, and S. Das, “Mobility
Management for VOIP Service: Mobile IP vs. SIP,
IEEE Wireless,” Commun. Magazine, pp. 66-75,
Oct. 2002.
[3] B. Aboba and J. Wood, “Authentication Authorization
and Accounting (AAA) Transport Profile,” Internet
Engineering Task Force (IETF), 12-Feb-2016.
[4] G. Giaretta, et al, “Authentication, Authorization, and
Accounting (AAA) Goals for Mobile IPv6,” Internet
Engineering Task Force (IETF), September 2009.
[5] R. Housley, et al, “Guidance for Authentication,
Authorization and Accounting (AAA) Key
Management,” Internet Engineering Task Force
(IETF), July 2007.
[6] J. Vollbrecht, et al, “AAA Authorization Framework,”
Internet Engineering Task Force (IETF), August 2000.
[7] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and
H. Levkowetz, “Extensible Authentication Protocol
(EAP),” RFC 3748, Internet Engineering Task Force
(IETF), June 2004.
[8] B. Aboba and D. Simon, “PPP EAP-TLS
Authentication Protocol RFC-2716,” Internet
Engineering Task Force (IETF), October 1999 .
[9] B. Aboba, H. Levkowetz, D. Simon, and P. Eronen,
“Extensible Authentication Protocol (EAP) Key
Management Framework,” Internet Engineering Task
Force (IETF), 2008.
[10] D. Simon, B. Aboba, and R. Hurst, “The EAP-TLS
Authentication Protocol RFC5216,” Internet
Engineering Task Force (IETF), March 2008.
[11] P. Funk and B. Wilson, “Extensible Authentication
Protocol, Tunneled Transport Layer Security (EAPTTLSv0)
RFC5281,” Internet Engineering Task Force
(IETF), Aug. 2008.
[12] A. Palekar, et al., “Protected EAP Protocol (PEAP),”
Work in Progress, Internet Engineering Task Force
(IETF), July 2004.
[13] S. Convery, D. Miller, and S. Sundaralingam, “Cisco
Systems, Cisco SAFE: WLAN Security in Depth,”
White Paper, 2011.
[14] Interlink Networks, “EAP Methods for Wireless
Authentication,” April 2003.
[15] H. Haverinen and J. Slowey, “Extensible
Authentication Protocol Method for Global System
for Mobile, Internet Engineering Task Force (IETF),
RFC 4186,” May 2006.
[16] N. Cam-Winget, D. McGrew, J. Salowey, and H.
Zhou, “The Flexible Authentication via Secure
Tunneling Extensible Authentication Protocol Method
(EAP-FAST),” Internet Engineering Task Force
(IETF), RFC 4851, May 2007.
[17] J. W. Hui, A. Ahuja, K. Kondaka, W. Hong, and I.
“Cisco Technology, Scalable replay counters for
network security,” 2012.
[18] L. Gavin, “An attack on the Needham-Schroeder
Public-key Authentication Protocol,” Information
Processing Letters, vol. 56, pp. 131-133, 14 August
1995.
[19] L. D. Manik and S Navkar, “on the security of
SSL/TLS-enabled applications,” Informatics,
pp. 68–81, January 2014.
[20] I. Cervesato, et al., “Breaking and fixing public-key
Kerberos,” Information and Computation,
pp. 402–424, April 2008.
[21] M. S. Daithi, “Law in the last mile: sharing Internet
access through WIFI,” SCRIPT-ed, vol. 6, 2009.
[22] R. V. Hale, “Wi-Fi liability: potential legal risks in
accessing and operating wireless Internet,” Santa
Clara Computer and High Technology Law Journal
vol. 21, 2005.
[23] M. Hines, “Worried about Wi-Fi security?,” CNET
News, January 2005 .
[24] H. Xia and J. Brustoloni, “Virtual prepaid tokens for
Wi-Fi hotspot access,” presented at the Local
Computer Networks, 29th Annual IEEE International
Conference on, pp. 232–239, 2004.
[25] O. Delgado-Mohatar, A. Fúster-Sabater, and J. M.
Sierra, “A light-weight authentication scheme for
wireless sensor networks,” Ad Hoc Netw., vol. 9, no.
5, pp. 727–735, Jul. 2011.
[26] J. Salowey, L. Dondeti, V. Narayanan, and M.
Nakhjiri, “Specification for the Derivation of Root
Keys from an Extended Master Session Key (EMSK),
RFC5295,” Internet Engineering Task Force (IETF),
2008.
[27] S. Khan and A.-S. K. Pathan, “Wireless Networks and
Security: Issues, Challenges and Research Trends,”
Springer Science & Business Media, 2013.
[28] H. Hwang, G. Jung, K. Sohn, and S. Park, “A Study
on MITM (Man in the Middle) Vulnerability in
Wireless Network Using 802.1X and EAP,”
International Conference on Presented at the
Information Science and Security (ICISS),
pp. 164–170, 2008.
[29] D. Stanley, B. Aboba, and J. Walker, “Extensible
Authentication Protocol (EAP) Method Requirements
for Wireless LANs, RFC4017,” Internet Engineering
Task Force (IETF), March 2005.
[30] D. Simon, et al., “The EAP-TLS Authentication
Protocol,” Microsoft Corporation, March 2008.
[31] Z. Cao, H. Bing, and Z. Glen, “EAP Extensions for
the EAP Re-authentication Protocol (ERP), Internet
Engineering Task Force (IETF) RFC6696,” July
2012.
[32] J.Arkko and H. Haverinen, “Extensible Authentication
Protocol Method for 3rd Generation Authentication
and Key Agreement (EAP-AKA), Internet
Engineering Task Force (IETF) RFC4187,” 2006.
[33] V. Narayanan, T. Clancy, M. Nakhjiri, and L. Dondeti,
“Handover Key Management and Re-Authentication
Problem Statement,” Internet Engineering Task Force
(IETF) RFC 5169, 2011.
[34] A. Mishra, M. H. Shin, N. J. Petroni, T. Clancy,
and W. Arbaugh, “Proactive Key Distribution Using
Neighbor Graphs,” IEEE Wireless Communications,
pp. 26–36, 2004.
[35] S. Pack and Y. Choi, “Pre-authenticated Fast Handoff
in a Public Wireless LAN based on IEEE 802.1x
model,” Proceedings of the IFIP TC6/WG6.8
Working Conference on Personal Wireless
Communications, pp. 175–182, October 2002.
[36] V. Narayanan and L. Dondeti, “EAP Extensions for
EAP Re-authentication Protocol (ERP),” Internet
Engineering Task Force (IETF) RFC5296, 2008.
[37] R. Housley, “Advanced Encryption Standard (AES)
Key Wrap with Padding Algorithm,” NIST, August
2009.
[38] A. Menezes, J. V. Oorschot, P. C. Vanstone, and A.
Scott “Handbook of Applied Cryptography, CRC
Press,” 2008, ISBN 0849385237.
[39] M. Stevens, P. Karpman, and T. Peyrin, “The
SHAppening: Freestart Collisions for SHA-1,” 2015.
[40] Network Simulator 2, www.isi.edu/nsnam/ns/