The Design of Efficient Internetwork Authentication for Ubiquitous Wireless Communications

A variety of wireless technologies have been standardized and commercialized, but no single solution is considered the best to satisfy all communication needs due to different coverage and bandwidth limitations. Therefore, internetworking between heterogeneous wireless networks is extremely important for ubiquitous and high performance wireless communications. The security problem is one of the major challenges in internetworking. To date, most research on internetwork authentication has focused on centralized authentication approaches, where the home network participates in each authentication process. For high latency between the home and visiting networks, such approaches tend to be inefficient. In this paper, we describe chained authentication, which requires collaboration between adjacent networks without involvement of the home network. After categorizing chained protocols, we propose a novel design of chained authentication methods under 3G-WLAN internetworking. The experiments show that proactive context transfer and ticket forwarding reduce the 3G authentication latency to 36.8% and WLAN EAP-TLS latency to 23.1% when RTT between visiting and home networks is 200 ms.

[1]  Randy H. Katz,et al.  Secure Authentication System for Public WLAN Roaming , 2005, Mob. Networks Appl..

[2]  Kaveh Pahlavan,et al.  Handoff in hybrid mobile data networks , 2000, IEEE Wirel. Commun..

[3]  William A. Arbaugh,et al.  Context caching using neighbor graphs for fast handoffs in a wireless network , 2004, IEEE INFOCOM 2004.

[4]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[5]  G. Tsudik,et al.  Authentication of mobile users , 1994, IEEE Network.

[6]  James Kempf,et al.  Problem Description: Reasons For Performing Context Transfers Between Nodes in an IP Access Network , 2002, RFC.

[7]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[8]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[9]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[10]  Seung-Jae Han,et al.  Design and implementation of a WLAN/cdma2000 interworking architecture , 2003, IEEE Commun. Mag..

[11]  Charles E. Perkins,et al.  Context Transfer Protocol (CXTP) , 2005, RFC.

[12]  J Arkko,et al.  Network Working Group Extensible Authentication Protocol Method for Umts Authentication and Key Agreement (eap-aka) , 2004 .

[13]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[14]  Glen Zorn,et al.  DIAMETER Framework Document , 2001 .

[15]  Apostolis K. Salkintzis,et al.  WLAN-GPRS integration for next-generation mobile data networks , 2002, IEEE Wirel. Commun..

[16]  Hahnsang Kim,et al.  Improving mobile authentication with new AAA protocols , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[17]  Hossam Afifi,et al.  Toward Ecient Mobile Authentication in Wireless Inter-domain , 2003 .

[18]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[19]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[20]  Christos Politis,et al.  AAA context transfer for seamless and secure multimedia services over All-IP infrastructures , 2004 .

[21]  William A. Arbaugh,et al.  Proactive key distribution using neighbor graphs , 2004, IEEE Wireless Communications.

[22]  Jouni Mikkonen,et al.  Wireless LAN access network architecture for mobile operators , 2001 .

[23]  Charles E. Perkins,et al.  Fast handovers and context transfers in mobile networks , 2001, CCRV.

[24]  Sarvar Patel,et al.  Efficient authentication and key distribution in wireless IP networks , 2003, IEEE Wireless Communications.

[25]  Seung-Jae Han,et al.  Integration of 802.11 and third-generation wireless data networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[26]  Simon Blake-Wilson,et al.  EAP Tunneled TLS Authentication Protocol (EAP-TTLS) , 2004 .

[27]  William A. Arbaugh,et al.  Improving the latency of 802.11 hand-offs using neighbor graphs , 2004, MobiSys '04.

[28]  Aruna Seneviratne,et al.  A comparison of mechanisms for improving mobile IP handoff latency for end-to-end TCP , 2003, MobiCom '03.

[29]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[30]  Geir M. Køien,et al.  Access security in CDMA2000, including a comparison with UMTS access security , 2004, IEEE Wireless Communications.

[31]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.