SFRIC: A Secure Fast Roaming Scheme in Wireless LAN Using ID-Based Cryptography

In a wireless network composed of multiple access points, a long delay during roaming from one access point to another may cause a disruption for streaming traffic. Roaming in wireless LAN is generally composed of two parts, 1) searching for a new access point and 2) performing authentication at the new access point. To reduce the second part delay, we propose an innovative lightweight authentication scheme called SFRIC (secure fast /foaming using ID-based cryptography). SFRIC employs ID-based cryptography to simplify the authentication process. It performs mutual authentication for the mobile client and AP with a 3-way handshake, then generates a PTK (pairwise transient key) directly without pre-distributing PMK (pairwise master key). It does not require contacting an authentication server or exchanging certificates. SFRIC is composed of two phases. In the first phase (the preparation phase), each mobile client obtains a temporary private key from the PKG (private key generator). In the second phase (the roaming authentication phase), mutual authentication and key distribution are performed. Our preliminary analysis indicates that SFRIC can complete the roaming authentication within a period much less than the critical 20 ms threshold, required for maintaining streaming traffic, when the cryptographic operations are performed in hardware.

[1]  Anand R. Prasad,et al.  Roaming key based fast handover in WLANs , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[2]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[3]  Anand R. Prasad,et al.  Fast authentication methods for handovers between IEEE 802.11 wireless LANs , 2004, WMASH '04.

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  N. Rajendran,et al.  Reducing delay during handoff in multi-layered security architecture for wireless LANs in the corporate network , 2005, Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005..

[6]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[7]  Lars Richter,et al.  Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[8]  Kaoru Sezaki,et al.  2005 2nd International Conference on Mobile Technology, Applications and Systems , 2005 .

[9]  Yanghee Choi,et al.  FAST INTER-AP HANDOFF USING PREDICTIVE AUTHENTICATION SCHEME IN A PUBLIC WIRELESS LAN , 2002 .

[10]  William A. Arbaugh,et al.  Improving the latency of 802.11 hand-offs using neighbor graphs , 2004, MobiSys '04.

[11]  William A. Arbaugh,et al.  Proactive key distribution using neighbor graphs , 2004, IEEE Wireless Communications.

[12]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13]  Frederik Vercauteren,et al.  A Fault Attack on Pairing-Based Cryptography , 2006, IEEE Transactions on Computers.

[14]  Dan Page,et al.  Hardware Acceleration of the Tate Pairing in Characteristic Three , 2005, CHES.

[15]  Stefan Savage,et al.  SyncScan: practical fast handoff for 802.11 infrastructure networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[16]  William A. Arbaugh,et al.  Context caching using neighbor graphs for fast handoffs in a wireless network , 2004, IEEE INFOCOM 2004.

[17]  C. Yap,et al.  Issues with real-time streaming applications roaming in QoS-based secure IEEE 802.11 WLANs , 2005, 2005 2nd Asia Pacific Conference on Mobile Technology, Applications and Systems.

[18]  Paulo S. L. M. Barreto,et al.  Efficient Hardware for the Tate Pairing Calculation in Characteristic Three , 2005, CHES.