• Title/Summary/Keyword: 802.1X and EAP

Search Result 20, Processing Time 0.029 seconds

EAP Using Split Password-based Authenticated Key Agreement Protocol for IEEE Std 802.1x User Authentication (IEEE Std 802.1x 사용자 인증을 위한 분할된 패스워드 인증 기반 EAP)

  • Ryu, Jong-Ho;Seo, Dong-Il;Youm, Heung-Youl
    • Journal of Internet Computing and Services
    • /
    • v.6 no.5
    • /
    • pp.27-43
    • /
    • 2005
  • EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.

  • PDF

Wireless LAN System based on IEEE 802.1x EAP-TLS Authentication Mechanism (IEEE 802.1x EAP-TLS 인증 메커니즘 기반 Wireless LAN 시스템)

  • Hong, Seong-Pyo;Han, Seung-Jo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.16 no.9
    • /
    • pp.1983-1989
    • /
    • 2012
  • The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS(Denial of Service), the session hijacking and the MiM(Man in the Middle) attack due to caused by structural of authentication protocol. In this paper, we propose a WLAN system which can offer safety communication by complement of IEEE 802.1x vulnerabilities. The WLAN system accomplishes mutual authentications between authentication servers, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by the Dynamic WEP key distribution between clients and the AP.

The Analysis and implementation of Wireless LAN Connection Authentication system Based on IEEE 802.1X EAP-TLS (IEEE 802.1X EAP-TLS에 따른 인증서 기반의 무선 랜 접속 인증 시스템 분석과 구현)

  • 박정현;김원규;김석우;서창호
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.160-165
    • /
    • 2003
  • 최근 들어 무선 랜에 대한 사람들의 인식이 높아지고, KT의 NESPOT과 같은 공중망 사업자들에 의한 핫스팟 서비스가 제공되면서 무선 랜의 수요 또한 급증하고 있다. 무선 랜의 사용자가 증가하면서 무선 랜 보안의 중요성 역시 증가하고 있으며, 실제로 무선 랜에서의 안전한 네트워킹을 위하여 여러 단체들이 다양한 방향에서 연구를 진행 중에 있다. 그 한 예가 802.1X인데, 이것은 인증 서버를 따로 두어 AP를 통해 네트워크에 접속하려는 사용자들을 인증하여 주는 것이다. 이 논문에서는 802.1X 인증 방법 중 X.509 기반의 인증서를 사용하여 서버와 클라이언트간의 상호 인증을 가능하게 하여 주는 EAP-TLS 환경을 분석하고, LINUX 환경에서 공개 소스로 구축하여, 실제로 무선 랜을 사용하는 환경에 적용하는 과정을 기술한다.

  • PDF

Authentication & Accounting Mechanism on IEEE802.1x with Mobile Phone

  • Lee, Hyung-Woo;Cho, Kwang-Moon
    • International Journal of Contents
    • /
    • v.2 no.4
    • /
    • pp.12-18
    • /
    • 2006
  • The number of wireless public network user is increasing rapidly. Security problem for user authentication has been increased on existing wireless network such as IEEE802.11 based Wireless LAN. As a solution, IEEE802.1x (EAP-MD5, EAP-TLS, EAP-TTLS), X.509, protocol or security system was suggested as a new disposal plan on this problem. In this study, we overview main problem on existing EAP-MD5 authentication mechanism on Wireless LAN and propose a SMS(Short Message Service) based secure authentication and accounting mechanism for providing security enhanced wireless network transactions.

  • PDF

Advanced WLAN Authentication Mechanism using One-time Session Key based on the Vulnerability Analysis in Nespot Wireless Lan System (Nespot 무선랜 사용자 인증 취약점 분석 및 일회용 세션키 기반 무선랜 인증 기법)

  • Lee, Hyung-Woo
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.8
    • /
    • pp.1101-1110
    • /
    • 2008
  • Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

  • PDF

A Study on Intensified scheme to WLAN Secure based on IEEE 802.1x Framework (IEEE 802.1x 프레임워크 기반에서의 무선랜 보안 강화 방안에 관한 연구)

  • Lee Joon;Hong Seong-pyo;Shin Myeong-sook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.1
    • /
    • pp.136-141
    • /
    • 2006
  • The IEEE 802.1x can be using various user authentication mechanisms: One-Time Password, Certificate-Based TLS, Challenge/Response and Keberos through EAP(Extended Authentication Protocol). But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a safety secure communication and a user authentications by intensified the vulnerability of spoofing and DoS attacks. The suppose system offers a safe secure communication because it offers sending message of integrity service and also it prevents DoS attack at authentication initial phase.

Design of Accounting and Security Sessions for IEEE 802.11 Network (무선랜 정보보호를 위한 accounting 및 보안 세션의 설계)

  • 양대헌;오경희;강유성;함영환;정병호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.85-96
    • /
    • 2003
  • Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

Design and Implementation of User authentication and Roaming Schemes in public WLAN environments (WLAN 서비스에서 사용자 인증과 로밍방식의 설계)

  • Kim, Dong-Ok;Kang, Dong-Jin
    • 한국정보통신설비학회:학술대회논문집
    • /
    • 2009.08a
    • /
    • pp.208-210
    • /
    • 2009
  • Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAN access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802.1x standards and related protocols like EAPOL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG. (Intelligent Wireless Internet Gateway). For the network security and user authenti -cation purposes, a supplicant who wants to access Internet should be authorized to access the AP port using the EAPOL.

  • PDF

An Authentication Interworking Mechanism between Multiple Wireless LANs for Sharing the Network Infrastructure (망 인프라 공유를 위한 무선랜 시스템들간의 상호 인증 연동 방법)

  • Lee Wan Yeon
    • The KIPS Transactions:PartA
    • /
    • v.11A no.6
    • /
    • pp.451-458
    • /
    • 2004
  • The previous studies focussed on the security problem and the fast re-authentication mechanism during handoffs in a single wireless LAN system. When the multiple wireless LAN systems share their network infrastructure one another, we propose an authentication mechanism allowing the subscriber to Perform the authentication procedure with the authentication server of its own wireless LAN system even in areas of other wireless LAN systems as well as in areas of its own wireless LAN system. In the proposed mechanism, the access point or the authentication server of other wireless LAN systems plays a role of the authentication agent between the subscriber and the authentication server of the subscriber's wireless LAN system. The proposed authentication mechanism is designed on the basis of the 802.1X and EAP-MD5 protocols.

The design of AAA server for Wireless LAN with 802.1x

  • Ham, Young-Hwan;Chung, Byung-Ho
    • Proceedings of the IEEK Conference
    • /
    • 2002.07c
    • /
    • pp.1944-1947
    • /
    • 2002
  • The importance of security in WLAN(Wireless LAN) service is very critical, so IEEE organization has made the IEEE 802.1x standard. The IEEE 802.1x standard uses the EAP as authentication protocol which requires AAA(Authentication, authorization, and Accounting) server for authentication & accounting. for the reliable and scalable AAA service, the Diameter protocol has more advanced characteristics than existing radius protocol. So the Diameter protocol can be used for WLAN service provider who has large scale WLAN system and a large number of subscriber. This paper proposes the design of Diameter AAA server for the authentication and accounting of WLAN system which is adopting IEEE 802.1x standard.

  • PDF