Browse > Article

Efficient and Practical Appraoch to Check Certificate Revocation Status of the WLAN Authentication Server's Public Key  

Park DongGook (순천대학교 정보통신공학부)
Cho Kyung-Ryong (순천대학교 정보통신공학부)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.9, no.5, 2005 , pp. 958-964 More about this Journal
Abstract
WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.
Keywords
CRL; EAP-TTLS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 The International Engineering Consortium, 'EAP Methods for 802.11 Wireless LAN Security', Web ProForum Tutorials, http://www.iec.org/online/ tutorials/eap_methods/to pic04.html
2 T. Dierks and C. Allen, 'The TLS Protocol', IETF RFC 2246, 1999
3 B. Schneier, Applied Cryptography, 2nd Ed. Wiley, 1996, pp. 171-173
4 L. Blunk and J. Vollbrecht, 'PPP Extensible Authentication Protocol (EAP),' IETF RFC 2284, March 1998
5 A. Palekar, et al., 'Protected EAP Protocol (PEAP)', IETF draft, July 2004
6 S. Bosworth and M.E. Kabay (editors), Computer Security Handbook, Wiley, 4th Ed., 2002
7 IETF Public-Key Infrastructure (X.509) charter: www.ietf.org/html.charters/pkix-ch arter.html
8 W. Simpson, 'PPP Challenge Handshake authentication Protocol (CHAP)', IETF RFC 1994, Aug. 1996
9 P. Funk and S. Blake-Wilson, 'EAP Tunneled TLS Authentication Protocol (EAP-TTLS)', IETF draft, July 2004