A new tunnelled EAP based authentication method for WiMAX networks

Despite well-defined and commercially viable security standards for WiMAX networks, vulnerability in current system design and other inherent characteristics expose the network to various types of security attacks. These attacks are commonly related to network access security, authentication of users, validation of data transmission, and confidentiality issues. In order to provide better protection to WiMAX users, several improvements in the security mechanism have been provided. One notable solution is by using a more secure protocol, namely the Privacy Key Management (PKM), which later being revised into PKMv2 (PKM version 2). In this protocol, authentication (as well as mutual authentication) plays an important role since it must be completed in order to establish a secure connection between the network entities. PKMv2 uses either RSA-based or EAP-based authentication modes. While there are variations of authentication modes exist in the literature, some of them prone to man-in-the-middle (MITM) attack and significant overheads. This paper proposes a new method called EAP-TTLS-ISRP which embeds the transmission of security messages in a secure tunnel. This authentication method is proposed for a single EAP based authentication to achieve both user and device authentications between Mobile Station (MS) and Authentication Server (AS) by using strong and fast authentication methods. The proposed method outperforms other methods in the number of messages exchanged and thus it has less overhead cost, it also satisfies the EAP requirement for secure and efficient data exchange, as well as robust to MITM attacks. Automated Validation of Internet Security Protocols and Applications (AVISPA) verification tools are used to verify the security performance of the proposed EAP-TTLS-ISRP method.

[1]  V. Kumar,et al.  An efficient password authenticated key exchange protocol for WLAN and WiMAX , 2011, ICWET.

[2]  Simon Blake-Wilson,et al.  Funk Request for Comments : 5281 Unaffiliated Category : Informational , 2008 .

[3]  D. K. Mishra,et al.  4G Revolution: WiMAX technology , 2012, 2012 Third Asian Himalayas International Conference on Internet.

[4]  Hamid Sharif,et al.  WiMAX Security and Quality of Service: An End-to-End Perspective , 2010 .

[5]  Mohammad Esmail Kalantari,et al.  Improving Security Levels of IEEE 802.16e Authentication By Diffie-Hellman Method , 2012, ArXiv.

[6]  Joo-Seok Song,et al.  An Improved Password Authentication Key Exchange Protocol for 802.11 Environment , 2003, ICCSA.

[7]  Thomas Wu,et al.  The SRP Authentication and Key Exchange System , 2000, RFC.

[8]  Yang Fan,et al.  An EAP_TTLS_SPEKEY Method for Single EAP_Based Auth Mode of IEEE 802.16e PKMv2 , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[9]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs , 2005, RFC.

[10]  David Johnston,et al.  Overview of IEEE 802.16 security , 2004, IEEE Security & Privacy Magazine.

[11]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[12]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[13]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[14]  Shivendu Mishra,et al.  Strong Password Based EAP-TLS Authentication Protocol for WiMAX , 2010 .