The Community for Technology Leaders
RSS Icon
Issue No.04 - April (2013 vol.24)
pp: 672-680
Chun-I Fan , Dept. of Comput. Sci. & Eng., Nat. Sun Yat-sen Univ., Kaohsiung, Taiwan
Yi-Hui Lin , Dept. of Comput. Sci. & Eng., Nat. Sun Yat-sen Univ., Kaohsiung, Taiwan
Ruei-Hau Hsu , Dept. of Comput. Sci. & Eng., Nat. Sun Yat-sen Univ., Kaohsiung, Taiwan
It is necessary to authenticate users who attempt to access resources in Wireless Local Area Networks (WLANs). Extensible Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLAN authentication have been defined in RFC 4017. To achieve user efficiency and robust security, lightweight computation and forward secrecy, excluded in RFC 4017, are desired in WLAN authentication. However, all EAP methods and authentication protocols designed for WLANs so far do not satisfy all of the above properties. This manuscript will present a complete EAP method that utilizes stored secrets and passwords to verify users so that it can 1) fully meet the requirements of RFC 4017, 2) provide for lightweight computation, and 3) allow for forward secrecy. In addition, we also demonstrate the security of our proposed EAP method with formal proofs.
wireless LAN, cryptographic protocols, RFC 4017, EAP method, user efficient authentication protocol, forward secure authentication protocol, IEEE 802.11 wireless LAN, Wireless Local Area Network, Extensible Authentication Protocol, stored secret, user verification, Authentication, Protocols, Servers, Cryptography, Wireless LAN, Privacy, lightweight computation, Wireless local area networks (WLANs), extensible authentication protocol (EAP), forward secrecy, passwords, authentication
Chun-I Fan, Yi-Hui Lin, Ruei-Hau Hsu, "Complete EAP Method: User Efficient and Forward Secure Authentication Protocol for IEEE 802.11 Wireless LANs", IEEE Transactions on Parallel & Distributed Systems, vol.24, no. 4, pp. 672-680, April 2013, doi:10.1109/TPDS.2012.164
[1] B. Adoba, L. Blunk, J. Vollbrecht, J. Carlson, and E. Levkowetz, "Extensible Authentication Protocol (EAP)," RFC 3748, June 2004.
[2] B. Adoba, D. Simon, and R. Hurst, "The EAP-TLS Authentication Protocol," RFC 5216, Mar. 2008.
[3] R. Anderson, Proc. Fourth ACM Ann. Conf. Computer and Comm. Security, Invited Lecture, 1997.
[4] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Parlekar, "Protected EAP Protocol (PEAP)," IETF Draft, draft- josefsson-pppext-eap-tls-eap-04.txt , Sept. 2002.
[5] M. Badra and I. Hajjeh, "Key-Exchange Authentication Using Shared Secrets," Computer, vol. 39, no. 3, pp. 58-66, 2006.
[6] M. Badra and P. Urien, "Adding Client Identity Protection to EAP-TLS SmartCards," Proc. IEEE Wireless Comm. and Networking Conf., 2007.
[7] M. Badra and P. Urien, "EAP-Double-TLS Authentication Protocol," 04 , Oct. 2005.
[8] M. Badra and A. Serhrouchni, "A New Secure Session Exchange Key Protocol for Wireless Communications," Proc. IEEE 14th Int'l Symp. Personal, Indoor and Mobile Radio Comm. (PIMRC), pp. 2765-2769, 2003.
[9] M. Bellare and P. Rogaway, "Entity Authentication and Key Distribution," Proc. 13th Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 22-26, 1993.
[10] J. Carlson, B. Aboba, and H. Haverinen, "EAP SRP-SHA1 Authentication Protocol," July 2001.
[11] N. Cam-Winget, D. McGrew, J. Salowey, and H. Zhou, "The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST)," RFC 4851, May 2007.
[12] J.C. Chen, M.C. Jiang, and Y.W. Liu, "Wireless LAN Security and IEEE 802.11i," IEEE Wireless Comm., vol. 12, no. 1, pp. 27-36, Feb. 2005.
[13] J. Chen and Y. Wang, "Extensible Authentication Protocol (EAP) and IEEE 802.1x tutorial and empirical experience," IEEE Comm. Magazine, vol. 43, no. 12, pp. 26-32, Dec. 2005.
[14] P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese, "IEEE 802.1X Remote Authentication Dial in User Service (RADIUS)," RFC 3580, Sept. 2003.
[15] M.T. Dandjinou and P. Urien, "EAP-SSC Protocol," Proc. Third Int'l Conf. Networking (ICN '04), 2004.
[16] R. Dantu, G. Clothier, and A. Atri, "EAP Methods for Wireless Networks," Computer Standards and Interfaces, vol. 29, no. 3, pp. 289-301, Mar. 2007.
[17] T. Dierks and C. Allen, "The TLS Protocol Version 1.0," RFC 2246, Jan. 1999.
[18] T. Dierks and E. Rescorla, "The TLS Protocol Version 1.2," RFC 5246, Aug. 2008.
[19] P. Eronen and H. Tschofenig, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)," RFC 4279, Dec. 2005.
[20] P. Funk and B.W. Simon, "EAP Tunneled TLS Authentication Protocol Version 0 (EAP-TTLSv0)," IETF Draft, draft-funk-eap-ttls-v0-00.txt, Feb. 2005.
[21] M. Gast 802.11 Wireless Network: The Definitive Guide, O'REILLY, 2002.
[22] R. Housley and W. Arbaugh, "Security Problems in 802.11-Based Networks," Comm. ACM, vol. 46, no. 5, pp. 35-39, 2003.
[23] H. Hwang, G. Jung, K. Sohn, and S. Park, "A Study on MITM (Man in the Middle) Vulnerability in Wireless Network Using 802.1X and EAP," Proc. Int'l Conf. Information Systems Security, pp. 164-170, 2008.
[24] D. Jablon, "The SPEKE Password-Based Key Agreement Methods," IETF Draft, draft-jablon-speke-02.txt, Oct. 2003.
[25] W.S. Juang and J.L. Wu, "Two Efficient Two-Factor Authenticated Key Exchange Protocols in Public Wireless LANs," Computers and Electrical Eng., vol. 35, no. 1, pp. 33-40, 2009.
[26] Y.M. Park and S.K. Park, "Two Factor Authenticated Key Exchange (TAKE) Protocol in Public Wireless LANs," IEICE Trans. Comm., vol. E87-B, no. 5, pp. 1382-1385, 2004.
[27] E. Rescorla, "Diffie-Hellman Key Agreement Method," RFC 2631, June 1999.
[28] W. Simpson, "PPP Challenge Handshake Authentication Protocol (CHAP)," RFC 1994, Aug. 1996.
[29] D. Stanley, J. Walker, and B. Aboba, "Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs," RFC 4017, Mar. 2005.
[30] E.J. Yoon and K.Y. Yoo, "An Optimized Two Factor Authenticated Key Exchange Protocol in PWLANs," Proc. Sixth Int'l Conf. Computational Science (ICCS '06), pp. 1000-1007, 2006.
[31] H. Zhou, N. Cam-Winget, J. SaloweyFlexible, and S. Hanna, "Authentication via Secure Tunneling Extensible Authentication Protocol Version 2," , May 2011.
[32] ANSI/IEEE Standard 802.11, "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications," Dec. 1999.
[33] IEEE 802.11i-2004, "Amendment 6: Wireless LAN Medium Access Control (MAC) Security Anhancements," July 2004.
[34] IEEE Standard 802.1X-2001, "Port-Based Network Access Control," June 2001.
[35] Cisco SAFE, "WLAN Security in Depth," epso/sqfrsafwl_wp.pdf, 2012.
[36] Dictionary Attack on Cisco LEAP, , 2012.
31 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool