Secure and Fast Re-authentication Protocol to Support Extensive Movement of Users in IEEE 802.1X Wireless Networks

Authors

1 PhD student in computer engineering, Imam Hossein University (AS), Tehran, Iran

2 Associate Professor, Faculty of Computer Engineering, Zanjan Branch, Islamic Azad University, Zanjan, Iran

Abstract

Tradeoffs between security and performance are the most important issue in wireless networks. An
authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities.
Latest standards for re-authentication protocols have published by Internet Engineering Task Force (IETF).
In this research, after reviewing some protocols in this scope, a security protocol is proposed. The proposed
protocol is based on IETF standards. Fundament of RFC 6696 is exploited to develop the proposed
protocol. It offers serious advantages over the existing IEEE 802.1X standard protocols, including:
symmetric cryptosystem, challenge–response and hash chaining.

Keywords


[1] A. Uzelac and Ed, “Voice over IP (VoIP) SIP Peering
Use Cases,” Internet Engineering Task Force (IETF),
2011.
[2] T. T. Kwon, M. Gerla, and S. Das, “Mobility
Management for VOIP Service: Mobile IP vs. SIP,
IEEE Wireless,” Commun. Magazine, pp. 66-75,
Oct. 2002.
[3] B. Aboba and J. Wood, “Authentication Authorization
and Accounting (AAA) Transport Profile,” Internet
Engineering Task Force (IETF), 12-Feb-2016.
[4] G. Giaretta, et al, “Authentication, Authorization, and
Accounting (AAA) Goals for Mobile IPv6,” Internet
Engineering Task Force (IETF), September 2009.
[5] R. Housley, et al, “Guidance for Authentication,
Authorization and Accounting (AAA) Key
Management,” Internet Engineering Task Force
(IETF), July 2007.
[6] J. Vollbrecht, et al, “AAA Authorization Framework,”
Internet Engineering Task Force (IETF), August 2000.
[7] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and
H. Levkowetz, “Extensible Authentication Protocol
(EAP),” RFC 3748, Internet Engineering Task Force
(IETF), June 2004.
[8] B. Aboba and D. Simon, “PPP EAP-TLS
Authentication Protocol RFC-2716,” Internet
Engineering Task Force (IETF), October 1999 .
[9] B. Aboba, H. Levkowetz, D. Simon, and P. Eronen,
“Extensible Authentication Protocol (EAP) Key
Management Framework,” Internet Engineering Task
Force (IETF), 2008.
[10] D. Simon, B. Aboba, and R. Hurst, “The EAP-TLS
Authentication Protocol RFC5216,” Internet
Engineering Task Force (IETF), March 2008.
[11] P. Funk and B. Wilson, “Extensible Authentication
Protocol, Tunneled Transport Layer Security (EAPTTLSv0)
RFC5281,” Internet Engineering Task Force
(IETF), Aug. 2008.
[12] A. Palekar, et al., “Protected EAP Protocol (PEAP),”
Work in Progress, Internet Engineering Task Force
(IETF), July 2004.
[13] S. Convery, D. Miller, and S. Sundaralingam, “Cisco
Systems, Cisco SAFE: WLAN Security in Depth,”
White Paper, 2011.
[14] Interlink Networks, “EAP Methods for Wireless
Authentication,” April 2003.
[15] H. Haverinen and J. Slowey, “Extensible
Authentication Protocol Method for Global System
for Mobile, Internet Engineering Task Force (IETF),
RFC 4186,” May 2006.
[16] N. Cam-Winget, D. McGrew, J. Salowey, and H.
Zhou, “The Flexible Authentication via Secure
Tunneling Extensible Authentication Protocol Method
(EAP-FAST),” Internet Engineering Task Force
(IETF), RFC 4851, May 2007.
[17] J. W. Hui, A. Ahuja, K. Kondaka, W. Hong, and I.
“Cisco Technology, Scalable replay counters for
network security,” 2012.
[18] L. Gavin, “An attack on the Needham-Schroeder
Public-key Authentication Protocol,” Information
Processing Letters, vol. 56, pp. 131-133, 14 August
1995.
[19] L. D. Manik and S Navkar, “on the security of
SSL/TLS-enabled applications,” Informatics,
pp. 68–81, January 2014.
[20] I. Cervesato, et al., “Breaking and fixing public-key
Kerberos,” Information and Computation,
pp. 402–424, April 2008.
[21] M. S. Daithi, “Law in the last mile: sharing Internet
access through WIFI,” SCRIPT-ed, vol. 6, 2009.
[22] R. V. Hale, “Wi-Fi liability: potential legal risks in
accessing and operating wireless Internet,” Santa
Clara Computer and High Technology Law Journal
vol. 21, 2005.
[23] M. Hines, “Worried about Wi-Fi security?,” CNET
News, January 2005 .
[24] H. Xia and J. Brustoloni, “Virtual prepaid tokens for
Wi-Fi hotspot access,” presented at the Local
Computer Networks, 29th Annual IEEE International
Conference on, pp. 232–239, 2004.
[25] O. Delgado-Mohatar, A. Fúster-Sabater, and J. M.
Sierra, “A light-weight authentication scheme for
wireless sensor networks,” Ad Hoc Netw., vol. 9, no.
5, pp. 727–735, Jul. 2011.
[26] J. Salowey, L. Dondeti, V. Narayanan, and M.
Nakhjiri, “Specification for the Derivation of Root
Keys from an Extended Master Session Key (EMSK),
RFC5295,” Internet Engineering Task Force (IETF),
2008.
[27] S. Khan and A.-S. K. Pathan, “Wireless Networks and
Security: Issues, Challenges and Research Trends,”
Springer Science & Business Media, 2013.
[28] H. Hwang, G. Jung, K. Sohn, and S. Park, “A Study
on MITM (Man in the Middle) Vulnerability in
Wireless Network Using 802.1X and EAP,”
International Conference on Presented at the
Information Science and Security (ICISS),
pp. 164–170, 2008.
[29] D. Stanley, B. Aboba, and J. Walker, “Extensible
Authentication Protocol (EAP) Method Requirements
for Wireless LANs, RFC4017,” Internet Engineering
Task Force (IETF), March 2005.
[30] D. Simon, et al., “The EAP-TLS Authentication
Protocol,” Microsoft Corporation, March 2008.
[31] Z. Cao, H. Bing, and Z. Glen, “EAP Extensions for
the EAP Re-authentication Protocol (ERP), Internet
Engineering Task Force (IETF) RFC6696,” July
2012.
[32] J.Arkko and H. Haverinen, “Extensible Authentication
Protocol Method for 3rd Generation Authentication
and Key Agreement (EAP-AKA), Internet
Engineering Task Force (IETF) RFC4187,” 2006.
[33] V. Narayanan, T. Clancy, M. Nakhjiri, and L. Dondeti,
“Handover Key Management and Re-Authentication
Problem Statement,” Internet Engineering Task Force
(IETF) RFC 5169, 2011.
[34] A. Mishra, M. H. Shin, N. J. Petroni, T. Clancy,
and W. Arbaugh, “Proactive Key Distribution Using
Neighbor Graphs,” IEEE Wireless Communications,
pp. 26–36, 2004.
[35] S. Pack and Y. Choi, “Pre-authenticated Fast Handoff
in a Public Wireless LAN based on IEEE 802.1x
model,” Proceedings of the IFIP TC6/WG6.8
Working Conference on Personal Wireless
Communications, pp. 175–182, October 2002.
[36] V. Narayanan and L. Dondeti, “EAP Extensions for
EAP Re-authentication Protocol (ERP),” Internet
Engineering Task Force (IETF) RFC5296, 2008.
[37] R. Housley, “Advanced Encryption Standard (AES)
Key Wrap with Padding Algorithm,” NIST, August
2009.
[38] A. Menezes, J. V. Oorschot, P. C. Vanstone, and A.
Scott “Handbook of Applied Cryptography, CRC
Press,” 2008, ISBN 0849385237.
[39] M. Stevens, P. Karpman, and T. Peyrin, “The
SHAppening: Freestart Collisions for SHA-1,” 2015.
[40] Network Simulator 2, www.isi.edu/nsnam/ns/
  • Receive Date: 18 October 2015
  • Revise Date: 21 June 2023
  • Accept Date: 19 September 2018
  • Publish Date: 20 February 2016