Generic construction for secure and efficient handoff authentication schemes in EAP-based wireless networks

As a promising application scenario of wireless technologies, roaming communication initiates the demand for secure and efficient handoff authentication schemes. However, it seems that no existing scheme can simultaneously provide provable security and enjoy desirable efficiency. In this paper, we first utilize the double-trapdoor chameleon hash family to develop a generic method for secure and efficient handoff authentication in EAP-based wireless networks. The main idea is that the verification information, deduced from the one-time trapdoor, provides an authenticated transient Diffie-Hellman key exchange only between a mobile node and an access point. Moreover, we present an instantiation of the generic method based on a special double-trapdoor chameleon hashing. The proposed scheme not only provides robust security, but also enjoys desirable efficiency. To be specific, our scheme is proved to be secure in the random oracle model based on the computational Diffie-Hellman assumption and the unforgeability of an elliptic curve digital signature. Furthermore, formal verification by using the AVISPA tool shows that our scheme resists various malicious attacks. Finally, we evaluate the latency performance by the theoretical analysis and simulation. The results indicate that the proposed scheme achieves desirable efficiency in terms of the computation cost, the communication overhead and the storage requirement.

[1]  Eun-Jun Yoon,et al.  Cryptanalysis of a Handover Authentication Scheme Using Credentials Based on Chameleon Hashing , 2010, IEICE Trans. Inf. Syst..

[2]  Anmin Fu,et al.  A Privacy Preserving Handover Authentication Scheme for EAP-Based Wireless Networks , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[3]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[4]  Yi Mu,et al.  Efficient generic on-line/off-line (threshold) signatures without key exposure , 2008, Inf. Sci..

[5]  Jin Cao,et al.  A simple and robust handover authentication between HeNB and eNB in LTE networks , 2012, Comput. Networks.

[6]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[7]  Lein Harn,et al.  Efficient On-line/Off-line Signature Schemes Based on Multiple-Collision Trapdoor Hash Families , 2010, Comput. J..

[8]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[9]  Giuseppe Ateniese,et al.  On the Key Exposure Problem in Chameleon Hashes , 2004, SCN.

[10]  Shyhtsun Felix Wu,et al.  A Hash-Chain Based Authentication Scheme for Fast Handover in Wireless Network , 2005, WISA.

[11]  Yi Mu,et al.  Efficient Generic On-Line/Off-Line Signatures Without Key Exposure , 2007, ACNS.

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Souhwan Jung,et al.  A handover authentication using credentials based on chameleon hashing , 2010, IEEE Communications Letters.

[14]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[15]  Jung,et al.  RSA-based Proxy Signature for Media Independent Handover , 2010 .

[16]  H. Li,et al.  Identity-based construction for secure and efficient handoff authentication schemes in wireless networks , 2012, Secur. Commun. Networks.

[17]  Yanghee Choi,et al.  Fast handoff scheme based on mobility prediction in public wireless LAN systems , 2004 .

[18]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[19]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[20]  Kwangjo Kim,et al.  Identity-Based Chameleon Hash Scheme without Key Exposure , 2010, ACISP.

[21]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[22]  Wei Ren,et al.  SFRIC: A Secure Fast Roaming Scheme in Wireless LAN Using ID-Based Cryptography , 2007, 2007 IEEE International Conference on Communications.

[23]  Pin-Han Ho,et al.  A Location Privacy Preserving Authentication Scheme in Vehicular Networks , 2008, 2008 IEEE Wireless Communications and Networking Conference.

[24]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[25]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[26]  William A. Arbaugh,et al.  Proactive key distribution using neighbor graphs , 2004, IEEE Wireless Communications.

[27]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[28]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[29]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[30]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[31]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[32]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[33]  Souhwan Jung,et al.  A Secure and Efficient Handover Authentication Based on Light-Weight Diffie-Hellman on Mobile Node in FMIPv6 , 2008, IEICE Trans. Commun..

[34]  Kwangjo Kim,et al.  Chameleon Hashing Without Key Exposure , 2004, ISC.

[35]  Christos Politis,et al.  Hybrid multilayer mobility management with AAA context transfer capabilities for all-IP networks , 2004, IEEE Wirel. Commun..

[36]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[37]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[38]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.