1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks

Research Article

Improving Cross-domain Authentication overWireless Local Area Networks

  • @INPROCEEDINGS{10.1109/SECURECOMM.2005.24,
        author={ Hahnsang Kim and  K.G. Shin and  W.   Dabbous},
        title={Improving Cross-domain Authentication overWireless Local Area Networks},
        proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2006},
        month={3},
        keywords={},
        doi={10.1109/SECURECOMM.2005.24}
    }
    
  • Hahnsang Kim
    K.G. Shin
    W. Dabbous
    Year: 2006
    Improving Cross-domain Authentication overWireless Local Area Networks
    SECURECOMM
    IEEE
    DOI: 10.1109/SECURECOMM.2005.24
Hahnsang Kim1, K.G. Shin1, W. Dabbous1
  • 1: INRIA, France

Abstract

As mobile users cross the border of two adjacent domains with on-going sessions, their re-authentication causes a significant impact on inter-domain handoff latency as it requires remote contact with the authentication server across domains, making it difficult to employ current authentication protocols. This paper focuses on the cross-domain authentication over wireless local area networks (WLANs) that minimizes the need for remote access. We analyze the security requirements suggested by the IEEE 802.11i authentication standard, and consider additional requirements to help reduce the authentication latency without compromising the level of security. We propose an enhanced protocol called the Mobility-adjusted Authentication Protocol (MAP) that performs mutual authentication and hierarchical key derivation with minimal handshakes, relying on symmetric cryptographic functions. We also present security context nodes (SCNs) that handle security contexts in conjunction with MAP, which allows for avoiding continuous remote contact with the home authentication server. In contrast to Kerberos which favors inter-realm authentication, MAP achieves a 26% reduction of authentication latency without degrading the level of security.