A Novel Compromise-Resilient Authentication System for Wireless Mesh Networks

User authentication is essential in service-oriented communication networks to identify and reject any unauthorized network access. The state-of-the-art practice in securing wireless networks is based on the technique of authentication, authorization and accounting (AAA) framework where an AAA server is adopted to authenticate mobile users (MUs), handle authorization requests, and collect accounting data. However, the traditional AAA framework is by way of a single authentication server, and cannot tolerate AAA server failure due to various malicious attacks such as denial-of-service (DoS) attack, or any other failure event such that the authentication server is compromised due to misuse, misconfiguration and malicious access, etc. Thus, a more resilient approach is to adopt multiple authentication servers, where any authentication request is handled by more than one authentication servers in order to resist any compromise event of an authentication server. To meet this design objective, we introduce a novel compromise-resilient authentication system based on (t, n) threshold signature technique. With the proposed system, only t or more out of n authentication servers can cooperatively allow a MU to have network access, and any t-1 or less cannot. Case study of reliability analysis is conducted to demonstrate the effectiveness of the system. The proposed authentication system is expected to particularly contribute to wireless mesh networking (WMN) in metropolitan areas where thousands of nodes may coexist and are managed under a single control plane such that duplicated AAA servers are necessary.

[1]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[2]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[3]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[4]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[5]  Bernard Aboba,et al.  RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP) , 2003, RFC.

[6]  Xuemin Shen,et al.  Multiple Key Sharing and Distribution Scheme With$(n,t)$Threshold for NEMO Group Communications , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[8]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[9]  Leon Gommans,et al.  Generic AAA Architecture , 2000, RFC.

[10]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[11]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[12]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[16]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Zhenfu Cao,et al.  Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.