论文信息 - An authentication scheme for fast handover between WiFi access points

An authentication scheme for fast handover between WiFi access points

In this paper, we propose an authentication scheme that is designed to reduce the authentication delay during a WiFi handover process. We observe that the largest part of the delay is due to the remote communications between the access point and the AAA server that authorizes the access to the network. In order to eliminate remote communications, our scheme uses pre-authorization, and it pre-distributes authentication information to the access points that are the potential targets of a future handover. This ensures that only local communications (between the mobile station and the access point) take place during the handover itself. We describe the design of our scheme, as well as report on a proofof-concept implementation. Our validation results show that our scheme breaks the dependency of the authentication delay on the round-trip time between the access point and the AAA server. This makes our scheme applicable in real time applications such as telephony and video streaming for WiFi users.

[1] Bernard Aboba,et al. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP) , 2003, RFC.

[2] Bernard Aboba,et al. Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs , 2005, RFC.

[3] Henry Haverinen,et al. Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[4] Stefan Lindskog,et al. Providing Tunable Security Services: An IEEE 802.11i Example , 2006, 2006 Securecomm and Workshops.

[5] Dino Farinacci,et al. Generic Routing Encapsulation (GRE) , 2000, RFC.

[6] Michael Roe,et al. Reducing Reauthentication Delay in Wireless Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[7] Yanghee Choi,et al. SNC , 2005, ACM SIGMOBILE Mob. Comput. Commun. Rev..

[8] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[9] Larry J. Blunk,et al. PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[10] Bernard Aboba,et al. Extensible Authentication Protocol (EAP) , 2004, RFC.

[11] William A. Arbaugh,et al. Context caching using neighbor graphs for fast handoffs in a wireless network , 2004, IEEE INFOCOM 2004.