ACM Digital Library home
ACM home
Advanced Search
10.1145/1454586.1454592acmconferencesArticle/Chapter ViewAbstractPublication PagesmswimConference Proceedings
research-article

Fast, secure handovers in 802.11: back to the basis

Publication: Q2SWinet '08: Proceedings of the 4th ACM symposium on QoS and security for wireless and mobile networksOctober 2008 Pages 27–34https://doi.org/10.1145/1454586.1454592
  • 1citation
  • 391
    • Downloads
Metrics
Total Citations1
Total Downloads391
Last 12 Months9
Last 6 weeks0

ABSTRACT

This article presents a fast, secure handover protocol for 802.11 networks. The protocol keeps the security functionalities of 802.1X but uses a new reauthentication protocol that promotes fast handovers during reassociations. The reauthentication protocol recovers the original 802.11 paradigm: authenticate first, reassociate next. Following this paradigm, we conceived two new 802.11 authentication and reassociation protocols, which allow a mobile station to perform 802.1X reauthentications before reassociations with the same functionality of a complete 802.1X authentication. Furthermore, reassociation protocols are authenticated, preventing denial-or-service scenarios that are not handled by 802.11i. Our new approach requires little from the environment, namely a new, central Reauthentication Service, for storing data used in the reauthentication of stations. The time of security-related tasks that contribute to handover delays was dramatically reduced to 1.5 ms, while an 802.1X fast resume takes more than 150 ms. Finally, our protocol addresses most design goals and problems stated by standards' working groups for fast, secure roaming in 802.11.

References

  1. B. Aboba. IEEE 802.1X Pre-Authentication. IEEE 802.11 TGi draft 802.11-02/389r0, June 2002.Google ScholarGoogle Scholar
  2. B. Aboba. IEEE 802.11i: A Retrospective, 2004. www.ieee802.org/1/files/public/docs2004/11i-Retrospective.ppt.Google ScholarGoogle Scholar
  3. B. Aboba, D. Simon, and P. Eronen. Extensible Authentication Protocol (EAP) Key Management Framework, Nov. 2007. draft-ietf-eap-keying-22.Google ScholarGoogle Scholar
  4. A. Alimian and B. Aboba. Analysis of Roaming Techniques. IEEE 802.11 WG document 802.11-04/0377r1, 2004.Google ScholarGoogle Scholar
  5. T. Aura and M. Roe. Reducing reauthentication delay in wireless networks. In Proc. of the 1st Int. Conf. on Security and Privacy for Emerging Areas in Communication Networks (SECURECOMM '05), pages 139--148, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. Chen, Y. Tseng, and H. Lee. A Seamless Hando Mechanism for DHCP-Based IEEE 802.11 WLANs. IEEE Comm. Letters, 11(8):665--667, Aug. 2007.Google ScholarGoogle Scholar
  7. T. Clancy, M. Nakhjiri, V. Narayanan, and L. Dondeti. Handover Key Management and Re-Authentication Problem Statement. RFC 5169, IETF, Mar. 2008.Google ScholarGoogle Scholar
  8. S. Govindan, H. Cheng, Z. H. Yao, W. H. Zhou, and L. Yang. Objectives for Control and Provisioning of Wireless Access Points (CAPWAP). RFC 4564, IETF, July 2006.Google ScholarGoogle Scholar
  9. R. Greenlaw and P. Goransson. Secure Roaming in 802.11 Networks. Elsevier, 2007. ISBN-13 978-0-7506-8211-4.Google ScholarGoogle Scholar
  10. C.-M. Huang and J.-W. Li. An IEEE 802.11 Fast Reassociation and Pairwise Transient Key establishment Based on the Dynamic Cluster Method. In Works. of Comp. Networks and Wireless Communications, Int. Comp. Symp. (ICS 2006), Taipei, Taiwan, 2006.Google ScholarGoogle Scholar
  11. M. Kassab, A. Belghith, J. Bonnin, and S. Sassi. Fast Pre-Authentication Based on Proactive Key Distribution for 802.11 Infrastructure Networks. In 1st ACM Works. on Wireless Multimedia Networking and Performance Modelling (WMuNeP'05), Montreal, Canada, Oct. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Kaufman. Internet Key Exchange (IKEv2) Protocol. RFC 4306, IETF, Dec. 2005.Google ScholarGoogle Scholar
  13. R. Marin, P. J. Fernandez, and A. F. Gomez. 3-Party Approach for Fast Handover in EAP-Based Wireless Networks. In Proc. of OTM Confs., 2nd Int. Symp. on Information Security (IS'07), pages 1734--1751, Vilamoura, Portugal, Nov. 2007. Springer. LNCS 4804. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Mishra, M. Shin, and W. A. Arbaugh. An empirical analysis of the IEEE 802.11 MAC layer hando process. Computer Communication Review, 33(2):93--102, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Mishra, M. H. Shin, J. N. L. Petroni, T. C. Clancy, and W. A. Arbaugh. Proactive key distribution using neighbor graphs. IEEE Wireless Communication, 11(1):26--36, Feb 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Nakhjiri and Y. Ohba. Derivation, delivery and management of EAP based keys for handover and re-authentication. IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-key-mgm-01.Google ScholarGoogle Scholar
  17. V. Narayanan and L. Dondeti. EAP Extensions for EAP Re-authentication Protocol (ERP). IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-erx-08.Google ScholarGoogle Scholar
  18. L. S. C. of the IEEE Computer Society. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 6: Medium Access Control (MAC) Security Enhancements. IEEE Std 802.11i, July 2004.Google ScholarGoogle Scholar
  19. S. Pack and Y. Choi. Fast Inter-AP Hando using Predictive-Authentication Scheme in a Public Wireless LAN. In IEEE Networks Conf. (Joint IEEE ICN 2002 and IEEE ICWLHN), Aug. 2002.Google ScholarGoogle Scholar
  20. A. R. Prasad and H. Wang. Roaming key based fast handover in WLANs. In IEEE Wireless Communications and Networking Conf. (WCNC 2005), volume 3, pages 1570--1576, Mar. 2005.Google ScholarGoogle ScholarCross RefCross Ref
  21. J. Salowey, L. Dondeti, V. Narayanan, and M. Nakhjiri. Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK). IETF HOKEY WG Internet-Draft, Nov. 2007. draft-ietf-hokey-emsk-hierarchy-02.Google ScholarGoogle Scholar
  22. B. Sarikaya and X. Zheng. CAPWAP Handover Protocol. In IEEE Int. Conf. on Communications (ICC'06), volume 4, pages 1933--1938, June 2006.Google ScholarGoogle Scholar
  23. T. A. Team. Automated Validation of Internet Security Protocols and Applications (AVISPA) v1.1 User Manual, June 2006.Google ScholarGoogle Scholar
  24. H. Velayos and G. Karlsson. Techniques to reduce IEEE 802.11b MAC layer handover time. Technical Report TRITA-IMIT-LCN R 03:02, Kungl. Tekniska Hogskolen, Stockholm, Sweden, Apr. 2003.Google ScholarGoogle Scholar
  25. K. Wierenga and L. Florio. Eduroam: past, present and future. In TERENA Networking Conf., Poznan, Poland, 2005.Google ScholarGoogle ScholarCross RefCross Ref
  26. L. Zan, J. Wang, and L. Bao. Personal AP Protocol for Mobility Management in IEEE 802.11 Systems. In Proc. of the 2nd Ann. Int. Conf. on Mobile and Ubiquitous Systems: Networking and Services (MOBIQUITOUS'05), pages 418--425, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Fast, secure handovers in 802.11

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!