Cong Wang,Maode Ma,Lei Zhang

DOI: https://doi.org/10.1109/access.2017.2706738

IF: 3.9

2017-01-01

IEEE Access

Abstract:The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme, the customer premises equipment and the target secondary user base station can accomplish a seamless handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal verification by automated validation of Internet security protocols and applications, we conclude that the proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments. The results show that the EPW scheme provides a lower computation delay than that mandated by the security scheme regulation of the IEEE 802.22 standard.

Zhao Yao,Yin Hao,Lin Chuang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.02.033

2006-01-01

Abstract:With the development of wireless Internet,the interworking of the third generation(3G)-Wireless Local Area Network(WLAN) has become a focus of research.3G systems have their advantages in charge management,roaming,and security facilities,and WLAN systems have the advantages of high bandwidth and low investment cost.Interworking of 3G-WLAN has complementary advantages.This paper introduces the system of 3G-WLAN interworking and its security structure,presents a comprehensive survey of the security protocols,analyzes its security challenges,points out the disadvantages of the existing security mechanism,and discusses the possible fields for further research.

LI Guo-qin,SONG Yu-bo,HU Ai-qun

DOI: https://doi.org/10.3969/j.issn.1673-5439.2010.06.012

2010-01-01

Abstract:The integration of 3G mobile networks and WLAN networks can offer subscribers higher speed wireless services in hot spots and ubiquitous connectivity in 3G.Regarding the current status of authentication mechanisms over integrated network,an improved authentication mechanism based GAA-WAPI was proposed to increase the security and high efficiency of WLAN authentication over UMTS/WLAN integrated network.As the calculation results proved,this mechanism can save more traffic cost when UEs roam from one AP to another as well as provide greater security.

Jun Ma,Yuanbo Guo

DOI: https://doi.org/10.1007/978-3-642-34041-3_90

2012-01-01

Abstract:The incorporation of The Third Generation (3G) networks with Wireless Local Area Networks (WLAN) is an inevitable outcome of mobile communication and wireless network development, and provides high quality services and anywhere-anytime connectivity to mobile users. To provide secure and trusted 3G-WLAN network, Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) is now used. However, EAP-AKA have several vulnerabilities, which can induce security threaten and lower efficiency of 3G-WLAN. Therefore, this paper analyzes vulnerabilities of EAP-AKA firstly, and proposes a new authentication and key agreement protocol based on certificateless public key cryptography in Trusted Network Connect (TNC) architecture. The proposed protocol combines D-H key exchange algorithm to overcome several vulnerabilities and provides strong security mutual-authentication between requestor and responder. Compared with other protocols based on public key cryptosystem with certificates, our protocol can also provide lightweight bandwidth consumption and high-level security.

Jun JIANG,Chen HE,Ling-ge JIANG

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.01.018

2006-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:This paper mainly focuses on the authentication protocol EAP-AKA (Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement) in the integration of 3GPP (The Third Generation Partnership Project) and WLAN (Wireless Local Network). An authentication mathematical model for 3GPP-WLAN was established. Through analyzing the authentication protocol, it is pointed out that the number K of AVs (authentication vectors) obtained from authentication center every time and the number of re-authentication can affect the authentication signaling cost. A novel adaptive K select mechanism was proposed by considering the re-authentication procedure. The novel scheme utilizes the terminal's total authentication times, the number of re-authentication and the value of K in previous WLAN to infer the proper value of K in current WLAN. The simulation result shows that the new scheme can efficiently reduce the authentication signaling cost compared with the fixed K authentication mechanism.

何广法,刘乃安

DOI: https://doi.org/10.3969/j.issn.1004-373X.2004.09.037

2004-01-01

Abstract:With development of wireless Internet, the interworking of 3GPP-WLAN has become a focus of research,where the design of access point(AP)is one of important issues. This article describes security mechanisms,especially discusses the authentication about GSM SIM procedure. It also presents a functional implement of WLAN AP which can meets the requirements of 3GPP-WLAN interworking security. Some problems involve the application of AP design will be introduced in the end.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

Minghui Shi,Humphrey Rutagemwa,Xuemin (Sherman) Shen,Jon W. Mark,Yixin Jiang,Chuang Lin

DOI: https://doi.org/10.1007/978-0-387-33112-6_11

2007-01-01

Abstract:A wireless LAN service integration architecture based on current wireless LAN hotspots is proposed to make migrating to new service cost effective. The AAA (Authentication, Authorization and Accounting) based mobile terminal registration signaling process is discussed. An application layer end-to-end authentication and key negotiation protocol is proposed to overcome the open air connection problem existing in wireless LAN deployment. The protocol provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign networks. A functional demonstration of the protocol is also given. The research results should contribute to rapid deployment of wireless LANs hotspot service.

Tao Xiao

2004-01-01

Abstract:With the more deployment and understanding of wireless LAN, significant problems have been exposed. A number of security concerns have been raised. Several organizations have implemented solutions that provide extra security. The 802.11 TGi group is working on new ways to produce a series of IEEE 802.1x and IEEE 802.11i. This paper analyzes security protocol of IEEE 802.1x and Chinese WAPI. The secure characters of wireless LAN are presented and discussed in detail. At the same time, the virtues of 802.1x and WAPI on WLAN are introduced.

Yb Song,Aq Hu

DOI: https://doi.org/10.1109/ICNNSP.2003.1281203

2003-01-01

Abstract:Wireless connectivity ability in, 'hot spots' is becoming increasingly important now. Public wireless local area network (PWLAN) provides convenient high-speed access based on IEEE 802.11 standard to the Internet. The authentication scheme provided by IEEE802.11 standard was too weak to afford a practical authentication. Many solutions such as 802.11i standard draft have proposed to resolve these security problems in WLAN environment. But they are not practicable in PWLAN, because these solutions didn't consider how to authenticate in the scene that an access controller was deployed to provide an Internet gateway between the wireless access network and the Internet. This paper proposes a new authentication scheme, which is suitable for this scene and also is compatible with 802.11i. From the security analysis, we can conclude that the scheme can offer an immediate and strong security solution for public environment.

Lianfen Huang,Ying Huang,Zhibin Gao,Jianan Lin,Xueyuan Jiang

DOI: https://doi.org/10.1109/CIS.2009.50

2009-01-01

Abstract:Long-Term Evolution (LTE) is the next-generation network beyond 3G. Authentication service is one of the most essential services in LTE networks, which has significant effects on internet security. In this paper, we survey and compare three authentication protocols: Password Authentication Protocol, Lightweight Extensible Authentication Protocol, and Extensive Authentication Protocol-Transport Layer Security. We present our implementation approach for the LTE testbed. From the experimental results, we conclude that PAP and LEAP are not sufficiently secure due to their vulnerability to dictionary attacks, while EAP-TLS can provide robust security if the network users are not very concerned with the overhead. Our proposed LTE testbed is meaningful and can be used to test the efficiency of other protocols.

Hung-Min Sun,Shih-Ying Chang,Yue-Hsun Lin,Shin-Yan Chiou

DOI: https://doi.org/10.1109/isda.2008.330

2008-01-01

Abstract:Mobile WiMAX is the next generation of broadband wireless network. It allows users to roam over the network under vehicular speeds. However, when a mobile station changes from one base station to another, it should be authenticated again. This may lead to delay in communication, especially for real-time applications, such as VoIP and Pay-TV systems. In this paper, we propose two efficient schemes to enhance the performance of authentication during handover in mobile WiMAX. The first scheme adopts, instead of the standard EAP method used in handover authentication, an efficient shared key-based EAP method. The second one, skips the standard EAP method, does the authentication in SA-TEK three-way handshake in PKMv2 process. In addition, the security proofs of our schemes are provided in this paper.

WANG NAN,HUANG JIE,XIE CHAO

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.09.063

2007-01-01

Abstract:Public Wireless Local Area Network(PWLAN),as a new access service of public mobile data,provides a convenient wireless network service for the public.But for the opening of data transferring in the physical link layer,it results in more serious hidden security troubles than that in wire network.The paper discusses the Extensible Authentication Protocol(EAP) and its implementation technology based on IEEE802.1 x protocols.Then it presents the design and implementation of the client and authenticator peer in the EAP authentication of the PWLAN.The test results verify that the authentication system can improve the performance of the security in PWLAN effectively.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Li Y,Zhu Guangxi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.02.030

2006-01-01

Abstract:This article compares the main security authentication technologies and suggests a wireless authentication proposal based on EAP protocol. We tested it in LAS-PDMA wireless communication system and the result confirms this proposal is well adapted to the wireless environment.

Jun-jun Wu,Ming-wei Fang,Xinfang Zhang,Tongyang Wang

DOI: https://doi.org/10.4304/jnw.7.9.1341-1348

2012-01-01

Journal of Networks

Abstract:Technologies make the mobile terminals such as smart phones, PDAs and handsets much more powerful to access mobile network in recent years. Especially with the widely use of mobile terminals, mobile network now becomes a primary tool for daily and business interactions. However, the proliferation of mobile terminals also draws mobile malware’s attention which will do damage to the mobile terminal and further affect the security of mobile network. But the traditional access control and authentication mechanism cannot resolve such security issues. On the basis of trusted computing technology, we proposed a mobile trusted network architecture by extending the trusted network connection in mobile environment. And an improvement EAP-EHash method is used in the proposed architecture to implement authentication. We defined two service scenarios in the authentication scheme, home network authentication and roaming network authentication. The process of each scenario is described in detail. By introducing the pseudonym mechanism, our scheme can protect user identity. And the connection status not only depends on the identification process, but also the trust status of the platform. The analysis shows that our scheme benefits the properties of user identity anonymity, mutual authentication, fake agent resistance, platform integrity verification, EAP and TNC Compatible. And the ciphersuite negotiation makes our scheme more suitable for resource limited mobile terminals.

Xiaodong Lin,Haojin Zhu,Pin-Han Ho,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/icc.2007.199

2007-01-01

Abstract:In the paper, we propose an efficient two-factor localized authentication scheme suitable for WLAN roaming. The proposed authentication scheme can greatly improve the security compared with the previously reported counterparts, where two independent factors, such as "what you know" and "what you have", are utilized in the authentication process for a mobile user (MO). Some important issues specific to the wireless environment are considered in the design of the scheme, such as limited computation power, memory space, and battery capacity of mobile stations (MSs), and ping-pong movement problem when roaming across WLANs. The detailed implementation of the proposed scheme is presented, where some of the key performance measures and security are analyzed. Numerical results demonstrate that the proposed scheme can significantly outperform the legacy authentication schemes in terms of signaling overhead, power consumption, and authentication latency without losing the capability of preserving the system security.

Jun Lei,Xiaoming Fu,Dieter Hogrefe,Jianrong Tan

DOI: https://doi.org/10.1016/j.cose.2007.01.001

IF: 5.105

2007-01-01

Computers & Security

Abstract:IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, deserve further investigation. In this paper we first identify the general requirements used for WLAN authentication and key exchange (AKE) methods, and then classify them into three levels (mandatory, recommended, and additional operational requirements). We present a review of issues and proposed solutions for AKE in 802.11 WLANs. Three types of existing methods for addressing AKE issues are identified, namely, the legacy, layered and access control-based AKE methods. Then, we compare these methods against the identified requirements. Based on the analysis, a multi-layer AKE framework is proposed, together with a set of design guidelines, which aims at a flexible, extensible and efficient security as well as easy deployment.

Pengchuan Zhao,Jianwei Liu,Shishuai Wang

DOI: https://doi.org/10.1109/ICECC.2012.299

2012-01-01

Abstract:Traditional WLAN security protocols are the basis of the WLAN's security, but they face many security risks always, one of the most important is that they cannot guarantee the terminal is trusted. The concept of Trusted Computing proposed by TCG aims to improve the terminal's security. This paper proposes a scheme for trusted and secure access to WLAN based on WAPI and Trust Computing. The scheme adopts Certificate less Public Key Cryptography (CL-PKC) to achieve session key agreement. CL-PKC is based on Identity Public Key Cryptography (ID-PKC), but it eliminates the key escrow problem in ID-PKC. The paper analyzes the security and efficiency of the scheme. The result indicates that the scheme can realize the two-way authentication and integrity verification, it also have better performance in computable cost. The scheme can become a basic scheme of trusted and secure access to WLAN.

Changsheng Wan,Aiqun Hu,Juan Zhang

DOI: https://doi.org/10.4156/jcit.vol4.issue3.13

2009-01-01

Abstract:Mobility management is the key feature of wireless network. When the mobile node roams from the home network to the foreign network, the foreign network access server usually does not have the security material of the mobile node, and can not authenticate the mobile node by itself. Thus the three-party authentication is used, and the foreign network access server consults the home authentication server of the mobile node for authentication (usually through the foreign authentication server). However, this sort of authentication will lead to a long latency. With the wide deployment of latency sensitive services in wireless network, the handover authentication latency becomes more and more flagrant. Currently, many standards organizations are working on this issue, and they defined a lot of protocols for optimizing the handover authentication procedure. These protocols mainly include the fast re-authentication protocol, the pre-authentication protocol and the context transfer based authentication protocol. However, current protocols will put a heavy burden on the authentication server in big domain, and thus add a long latency to the handover authentication procedure. This paper presents an elliptic curve based authenticated key agreement protocol with mutual authentication property to address this problem.