USIM-based EAP-TLS authentication protocol for wireless local area networks

Due to the rapid growth in popularity of Wireless Local Area Network (WLAN), wireless security has become one of many important research issues. For the WLAN security, the IEEE 802.1X standard provides an authentication framework that is based on the Extensible Authentication Protocols (EAP). In the EAP framework, there are many authentication protocols that have been proposed, in which each authentication protocol has some strengths and weaknesses, respectively. Most EAP authentication protocols lack two features: identity protection and withstanding man-in-the-middle attacks. In this paper, we first propose a novel symmetric-key based certificate distribution scheme based on Universal Subscriber Identity Module (USIM) cards in a cellular network. The symmetric-key based certificate distribution scheme allows mobile subscribers to obtain temporary certificates from the corresponding cellular network. Combining the proposed certificate distribution scheme with the EAP-TLS (Transport Layer Security) protocol, we present a new EAP authentication protocol called USIM-based EAP authentication protocol. The new EAP authentication protocol combining with USIM cards is an extension of the EAP-TLS protocol and also follows the EAP framework in the IEEE 802.1X standard. Compared to other EAP authentication protocols, the proposed protocol provides mutual authentication, strong identity protection and roaming capability between the cellular network and the WLAN networks.

[1]  Yoichi Maeda QoS standards for ip-based networks , 2003, IEEE Communications Magazine.

[2]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1994, EUROCRYPT.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Geir M. Køien,et al.  Security aspects of 3G-WLAN interworking , 2003, IEEE Commun. Mag..

[5]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunnelled Authentication Protocols , 2003, Security Protocols Workshop.

[6]  Yuh-Min Tseng,et al.  Authentication and Billing Protocols for the Integration of WLAN and 3G Networks , 2004, Wirel. Pers. Commun..

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[9]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[10]  Vipul Gupta,et al.  Experiments in wireless Internet security , 2002, 2002 IEEE Wireless Communications and Networking Conference Record. WCNC 2002 (Cat. No.02TH8609).

[11]  Shirley M. Radack Updated Digital Signature Standard Approved as Federal Information Processing Standard (FIPS)186-3 | NIST , 2009 .

[12]  Victor Fajardo,et al.  Diameter Base Protocol , 2003, RFC.

[13]  Stephen McCann,et al.  Hiperlan/2 Public Access Interworking with 3G Cellular Systems , 2004, Wirel. Networks.

[14]  Bharat K. Bhargava,et al.  Integrating Heterogeneous Wireless Technologies: A Cellular Aided Mobile Ad Hoc Network (CAMA) , 2004, Mob. Networks Appl..

[15]  Phone Lin,et al.  GPRS-based WLAN authentication and auto-configuration , 2004, Comput. Commun..