M. Kassab, A. Belghith, J. Bonnin, S. Sassi

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE /533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Doc.: IEEE /533r3 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Wireless Design for Voice Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Wireless and Security CSCI 5857: Encoding and Encryption.
By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE ) this would be an access.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Wireless Network Security and Interworking
An Empirical Analysis of the IEEE MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland,College Park,MD.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /084r0-I Submission January 2003 Mishra, Shin, Arbaugh, Lee, Jang Proactive Key Distribution to support fast and secure roaming Arunesh.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Wireless Network Security CSIS 5857: Encoding and Encryption.
October 17, 2007 Cooperation Between Stations in Wireless Networks Andrea G. Forte Henning Schulzrinne Department of Computer Science Columbia University.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Doc.: IEEE /084r1 Submission January 2003 Mishra, Shin, Arbaugh, Lee, Jang Proactive Key Distribution to support fast and secure roaming Arunesh.
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
1 An Empirical Analysis of the IEEE MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland College Park,MD,USA.
Doc.: IEEE /0269r1 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District, Chengdu,
Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.
Robust Security Network (RSN) Service of IEEE
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
Authentication and handoff protocols for wireless mesh networks
An Architecture for Wireless LAN/WAN Integration
Fast MAC Layer Handoff in Networks
CS259: Security Analysis of Network Protocols, Winter 2008
Proposed SFD Text for ai Link Setup Procedure
Proposal for Fast Inter-BBS Transitions
Wireless Security Potpourri
EAP based Message Flow Optimization for FILS
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Use of EAPOL-Key messages during pre-auth
PEKM (Post-EAP Key Management Protocol)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Authentication in TGai
Mutual Authentication
The dangers of pre-shared key and why a certificate OID is needed.
Authentication and handoff protocols for wireless mesh networks
doc.: IEEE /252 Bernard Aboba Microsoft
Fast Authentication in TGai : Updates to EAP-RP
Jesse Walker and Emily Qi Intel Corporation
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Roaming Keith Amann, Spectralink
Fast Roaming Compromise Proposal
Link Setup Flow July 2011 Date: Authors: Name Company
IEEE MEDIA INDEPENDENT HANDOVER
Roaming timings and PMK lifetime
Cooperation Between Stations in Wireless Networks
Fast Roaming Compromise Proposal
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Roaming Compromise Proposal
Dan Harkins Trapeze Networks
Roaming timings and PMK lifetime
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
doc.: IEEE /1072r0 Dan Harkins Trapeze Networks
doc.: IEEE /1072r0 Dan Harkins Trapeze Networks
Fast Authentication in TGai
Link Setup Flow July 2011 Date: Authors: Name Company
Presentation transcript:

M. Kassab, A. Belghith, J. Bonnin, S. Sassi Fast Pre-Authentication Based on Proactive Key Distribution for 802.11 Infrastructure Networks M. Kassab, A. Belghith, J. Bonnin, S. Sassi ACM WMuNeP`05 2006/10/31 CS Div. NS Lab. Junbeom Hur

Authentication Server Problem Definition How to reduce the re-authentication latency during handoff in IEEE 802.11 network environment? Authentication Server AP Authentication Re-authentication Station

Fig. 1. IEEE 802.1x Architecture High-speed wireless Internet connectivity Lack of mobility support 802.1x full authentication per handoff : 1000ms 802.11i recommendation – EAP/TLS Obstacle for real-time applications (e.g., 50ms of VoIP) Fig. 1. IEEE 802.1x Architecture

EAP/TLS Authentication PMK = PRF(MK, ‘client EAP encryption’|ClientHello.random|ServerHello.random) PTK = PRF(PMK, ANonce, SNonce, STAmac, APmac) Fig. 2. Complete EAP/TLS Authentication Exchange

Proactive Key Distribution [Arunesh04] Fast handoff Pre-authenticate to the neighbor APs before handoff Fig. 3. Authentication Exchange Process with PKD PMK0 = PRF(MK, ‘client EAP encryption’|ClientHello.random|ServerHello.random) PMKn = PRF(MK, PMKn-1|Apmac|STAmac)

Proposed Method PKD with IAPP caching PKD with anticipated 4-way handshake

PKD with IAPP Caching PKD + IAPP cache mechanism Temporary authentication within a time limit (a) Pre-authentication (b) Re-authentication Fig. 4. Authentication Exchange Process with ‘PKD with IAPP Caching’ PTKx = PRF(PMK, PTKinit|Apmac|STAmac)

PKD with Anticipated 4-Way Handshake 4-way handshake through the current AP (a) Pre-authentication (b) Re-authentication Fig. 5. Authentication Exchange Process with ‘PKD with anticipated 4-way handshake’

Analysis m : # of neighbor APs

Performance Evaluation Test-bed Two STAs associate with an AP 500kb UDP packets with exponential inter-packet time (a) Re-authentication latency (b) Association latency

Discussion PKD with IAPP caching PKD with anticipated 4-way handshake Computation overhead Violation of 802.11i security requirements Mutual authentication and fresh key derivation at each AP No man-in-the-middle attack Security degradation from temporary authentication PKD with anticipated 4-way handshake Communication overhead 2 X (4-way handshake) per neighbor AP Unnecessary PTKs computation Impracticality No support for 802.11f

Conclusion Two methods for PKD-based fast pre-authentication PKD with IAPP caching Temporary authentication Security degradation PKD with anticipated 4-way handshake 4-way handshake during pre-authentication phase Communication / computation overhead

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.