Presentation is loading. Please wait.

Presentation is loading. Please wait.

M. Kassab, A. Belghith, J. Bonnin, S. Sassi

Published byMaximillian Curtis Copeland Modified over 6 years ago

Similar presentations

Presentation on theme: "M. Kassab, A. Belghith, J. Bonnin, S. Sassi"— Presentation transcript:

1 M. Kassab, A. Belghith, J. Bonnin, S. Sassi
Fast Pre-Authentication Based on Proactive Key Distribution for Infrastructure Networks M. Kassab, A. Belghith, J. Bonnin, S. Sassi ACM WMuNeP`05 2006/10/31 CS Div. NS Lab. Junbeom Hur

2 Authentication Server
Problem Definition How to reduce the re-authentication latency during handoff in IEEE network environment? Authentication Server AP Authentication Re-authentication Station

3 Fig. 1. IEEE 802.1x Architecture
High-speed wireless Internet connectivity Lack of mobility support 802.1x full authentication per handoff : 1000ms 802.11i recommendation – EAP/TLS Obstacle for real-time applications (e.g., 50ms of VoIP) Fig. 1. IEEE 802.1x Architecture

4 EAP/TLS Authentication
PMK = PRF(MK, ‘client EAP encryption’|ClientHello.random|ServerHello.random) PTK = PRF(PMK, ANonce, SNonce, STAmac, APmac) Fig. 2. Complete EAP/TLS Authentication Exchange

5 Proactive Key Distribution [Arunesh04]
Fast handoff Pre-authenticate to the neighbor APs before handoff Fig. 3. Authentication Exchange Process with PKD PMK0 = PRF(MK, ‘client EAP encryption’|ClientHello.random|ServerHello.random) PMKn = PRF(MK, PMKn-1|Apmac|STAmac)

6 Proposed Method PKD with IAPP caching
PKD with anticipated 4-way handshake

7 PKD with IAPP Caching PKD + IAPP cache mechanism
Temporary authentication within a time limit (a) Pre-authentication (b) Re-authentication Fig. 4. Authentication Exchange Process with ‘PKD with IAPP Caching’ PTKx = PRF(PMK, PTKinit|Apmac|STAmac)

8 PKD with Anticipated 4-Way Handshake
4-way handshake through the current AP (a) Pre-authentication (b) Re-authentication Fig. 5. Authentication Exchange Process with ‘PKD with anticipated 4-way handshake’

9 Analysis m : # of neighbor APs

10 Performance Evaluation
Test-bed Two STAs associate with an AP 500kb UDP packets with exponential inter-packet time (a) Re-authentication latency (b) Association latency

11 Discussion PKD with IAPP caching PKD with anticipated 4-way handshake
Computation overhead Violation of i security requirements Mutual authentication and fresh key derivation at each AP No man-in-the-middle attack Security degradation from temporary authentication PKD with anticipated 4-way handshake Communication overhead 2 X (4-way handshake) per neighbor AP Unnecessary PTKs computation Impracticality No support for f

12 Conclusion Two methods for PKD-based fast pre-authentication
PKD with IAPP caching Temporary authentication Security degradation PKD with anticipated 4-way handshake 4-way handshake during pre-authentication phase Communication / computation overhead

Download ppt "M. Kassab, A. Belghith, J. Bonnin, S. Sassi"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
Submission doc.: IEEE 802.11-12/0789r3 NameAffiliationsAddressPhoneemail George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,

Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Doc.: IEEE 802.11-03/533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,

Doc.: IEEE /533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Doc.: IEEE 802.11-03/533r3 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,

Doc.: IEEE /533r3 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Wireless Design for Voice Last Update 2011.06.11 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Wireless Design for Voice Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE 802.11) this would be an access.

By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE ) this would be an access.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb. 2006 Hyeongseop Shim NS Lab, Div. of.

KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
Doc.: IEEE 802.11-04/1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks

Doc.: IEEE /1572r0 Submission December 2004 Harkins and AbobaSlide 1 PEKM (Post-EAP Key Management Protocol) Dan Harkins, Trapeze Networks
Wireless Network Security and Interworking

Wireless Network Security and Interworking
An Empirical Analysis of the IEEE 802.11 MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland,College Park,MD.

An Empirical Analysis of the IEEE MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland,College Park,MD.
Doc.: IEEE 802.11-02/551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.

Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE802-11-03/084r0-I Submission January 2003 Mishra, Shin, Arbaugh, Lee, Jang Proactive Key Distribution to support fast and secure roaming Arunesh.

Doc.: IEEE /084r0-I Submission January 2003 Mishra, Shin, Arbaugh, Lee, Jang Proactive Key Distribution to support fast and secure roaming Arunesh.

Similar presentations

Ads by Google