Fast, secure handovers in 802.11

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

Fast, secure handovers in 802.11: back to the basis

Full text

Pdf (262 KB)

Source

International Workshop on Modeling Analysis and Simulation of Wireless and Mobile Systems archive
Proceedings of the 4th ACM symposium on QoS and security for wireless and mobile networks table of contents

Vancouver, British Columbia, Canada

SESSION: Security architectures for wireless/wired access networks table of contents

Pages: 27-34

Year of Publication: 2008

ISBN:978-1-60558-237-5

Authors

Rodolphe Marques	IEETA/University of Aveiro, Aveiro, Portugal
André Zúquete	IT/IEETA/University of Aveiro, Aveiro, Portugal

Sponsors

ACM: Association for Computing Machinery
SIGSIM: ACM Special Interest Group on Simulation and Modeling

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 139, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1454586.1454592 What is a DOI?

ABSTRACT

This article presents a fast, secure handover protocol for 802.11 networks. The protocol keeps the security functionalities of 802.1X but uses a new reauthentication protocol that promotes fast handovers during reassociations. The reauthentication protocol recovers the original 802.11 paradigm: authenticate first, reassociate next. Following this paradigm, we conceived two new 802.11 authentication and reassociation protocols, which allow a mobile station to perform 802.1X reauthentications before reassociations with the same functionality of a complete 802.1X authentication. Furthermore, reassociation protocols are authenticated, preventing denial-or-service scenarios that are not handled by 802.11i. Our new approach requires little from the environment, namely a new, central Reauthentication Service, for storing data used in the reauthentication of stations. The time of security-related tasks that contribute to handover delays was dramatically reduced to 1.5 ms, while an 802.1X fast resume takes more than 150 ms. Finally, our protocol addresses most design goals and problems stated by standards' working groups for fast, secure roaming in 802.11.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	B. Aboba. IEEE 802.1X Pre-Authentication. IEEE 802.11 TGi draft 802.11-02/389r0, June 2002.
	2	B. Aboba. IEEE 802.11i: A Retrospective, 2004. www.ieee802.org/1/files/public/docs2004/11i-Retrospective.ppt.
	3	B. Aboba, D. Simon, and P. Eronen. Extensible Authentication Protocol (EAP) Key Management Framework, Nov. 2007. draft-ietf-eap-keying-22.
	4	A. Alimian and B. Aboba. Analysis of Roaming Techniques. IEEE 802.11 WG document 802.11-04/0377r1, 2004.
	5	Tuomas Aura , Michael Roe, Reducing Reauthentication Delay in Wireless Networks, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, p.139-148, September 05-09, 2005 [doi>10.1109/SECURECOMM.2005.58]
	6	J. Chen, Y. Tseng, and H. Lee. A Seamless Hando Mechanism for DHCP-Based IEEE 802.11 WLANs. IEEE Comm. Letters, 11(8):665--667, Aug. 2007.
	7	T. Clancy, M. Nakhjiri, V. Narayanan, and L. Dondeti. Handover Key Management and Re-Authentication Problem Statement. RFC 5169, IETF, Mar. 2008.
	8	S. Govindan, H. Cheng, Z. H. Yao, W. H. Zhou, and L. Yang. Objectives for Control and Provisioning of Wireless Access Points (CAPWAP). RFC 4564, IETF, July 2006.
	9	R. Greenlaw and P. Goransson. Secure Roaming in 802.11 Networks. Elsevier, 2007. ISBN-13 978-0-7506-8211-4.
	10	C.-M. Huang and J.-W. Li. An IEEE 802.11 Fast Reassociation and Pairwise Transient Key establishment Based on the Dynamic Cluster Method. In Works. of Comp. Networks and Wireless Communications, Int. Comp. Symp. (ICS 2006), Taipei, Taiwan, 2006.
	11	Mohamed Kassab , Abdelfettah Belghith , Jean-Marie Bonnin , Sahbi Sassi, Fast pre-authentication based on proactive key distribution for 802.11 infrastructure networks, Proceedings of the 1st ACM workshop on Wireless multimedia networking and performance modeling, October 13-13, 2005, Montreal, Quebec, Canada [doi>10.1145/1089737.1089746]
	12	C. Kaufman. Internet Key Exchange (IKEv2) Protocol. RFC 4306, IETF, Dec. 2005.
	13	R. Marin, P. J. Fernandez, and A. F. Gomez. 3-Party Approach for Fast Handover in EAP-Based Wireless Networks. In Proc. of OTM Confs., 2nd Int. Symp. on Information Security (IS'07), pages 1734--1751, Vilamoura, Portugal, Nov. 2007. Springer. LNCS 4804.
	14	Arunesh Mishra , Minho Shin , William Arbaugh, An empirical analysis of the IEEE 802.11 MAC layer handoff process, ACM SIGCOMM Computer Communication Review, v.33 n.2, April 2003 [doi>10.1145/956981.956990]
	15	A. Mishra, M. H. Shin, J. N. L. Petroni, T. C. Clancy, and W. A. Arbaugh. Proactive key distribution using neighbor graphs. IEEE Wireless Communication, 11(1):26--36, Feb 2004.
	16	M. Nakhjiri and Y. Ohba. Derivation, delivery and management of EAP based keys for handover and re-authentication. IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-key-mgm-01.
	17	V. Narayanan and L. Dondeti. EAP Extensions for EAP Re-authentication Protocol (ERP). IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-erx-08.
	18	L. S. C. of the IEEE Computer Society. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 6: Medium Access Control (MAC) Security Enhancements. IEEE Std 802.11i, July 2004.
	19	S. Pack and Y. Choi. Fast Inter-AP Hando using Predictive-Authentication Scheme in a Public Wireless LAN. In IEEE Networks Conf. (Joint IEEE ICN 2002 and IEEE ICWLHN), Aug. 2002.
	20	A. R. Prasad and H. Wang. Roaming key based fast handover in WLANs. In IEEE Wireless Communications and Networking Conf. (WCNC 2005), volume 3, pages 1570--1576, Mar. 2005.
	21	J. Salowey, L. Dondeti, V. Narayanan, and M. Nakhjiri. Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK). IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-emsk-hierarchy-02.
	22	B. Sarikaya and X. Zheng. CAPWAP Handover Protocol. In IEEE Int. Conf. on Communications (ICC'06), volume 4, pages 1933--1938, June 2006.
	23	T. A. Team. Automated Validation of Internet Security Protocols and Applications (AVISPA) v1.1 User Manual, June 2006.
	24	H. Velayos and G. Karlsson. Techniques to reduce IEEE 802.11b MAC layer handover time. Technical Report TRITA-IMIT-LCN R 03:02, Kungl. Tekniska Hogskolen, Stockholm, Sweden, Apr. 2003.
	25	K. Wierenga and L. Florio. Eduroam: past, present and future. In TERENA Networking Conf., Poznan, Poland, 2005.
	26	Lei Zan , Jidong Wang , Lichun Bao, Personal AP Protocol for Mobility Management in IEEE 802.11 Systems, Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, p.418-425, July 17-21, 2005 [doi>10.1109/MOBIQUITOUS.2005.46]