• Title/Summary/Keyword: Wireless LAM Security

Search Result 10, Processing Time 0.029 seconds

Design of Wireless LAM Authentication Mechanism for Fast Handoff Service based on PKI (공개키 기반구조에서 빠른 핸드오프를 위한 무선랜 인증 기법 설계)

  • 정종민;이주남;이구연
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.3
    • /
    • pp.45-55
    • /
    • 2003
  • Wireless LAM has the advantage of extension, flexibility and easiness of installation and maintenance. However, due to the characteristics of wireless media, it is vulnerable to security attacks. PKI(Public Key Infrastructure) is estimated to be a good solution offering security function to wireless LAM including global roaming. It offers high security functions as authentication confidentiality and digital signature while it generates big overheads such as CRL search and certificate verification. The overheads can not be avoided during the initial authentication. However, when we consider the case of handoff, it can be minimized through the fast handoff. In this paper, we design a fast handoff authentication mechanism based on PKI in the wireless LAM and analyze the performance of the scheme.

Design of Accounting and Security Sessions for IEEE 802.11 Network (무선랜 정보보호를 위한 accounting 및 보안 세션의 설계)

  • 양대헌;오경희;강유성;함영환;정병호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.85-96
    • /
    • 2003
  • Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

A Survey on Hybrid Wireless Mesh Protocol Security

  • Tan, Whye-Kit;Lee, Sang-Gon;Lam, Jun-Huy
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2012.05a
    • /
    • pp.81-82
    • /
    • 2012
  • Wireless Mesh Network (WMN) functionality had been included into IEEE 802.11s. For WMN, the routing message is one of the most important parts that need to be protected. Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for WMN. In this paper, the attacks and vulnerabilities of HWMP had been identified and the requirements needed to protect HWMP had also been discussed. Existing HWMP security had been compared with the requirements.

  • PDF

A Lightweight Key Management for Wireless LANs with the Fast Re-authentication (무선 랜에서 빠른 재 인증을 이용한 간소화된 키 관리 기법)

  • Lee Jae-Hyoung;Kim Tae-Hyong;Han Kyu-Phil;Kim Young-Hak
    • Journal of KIISE:Information Networking
    • /
    • v.32 no.3
    • /
    • pp.327-338
    • /
    • 2005
  • Since the IEEE 802.11 wireless LANs were known to have several critical weaknesses in the aspect of security, a lot of works have been done to reduce such weaknesses of the wireless LAN security, Among them IEEE 802.lli may be the ultimate long-term solution that requires new security platform with new wireless LAM products. However, it might not be the best solution for small organizations due to its high cost where the cost is a critical issue. This paper proposes FR-WEP, a light-weight key management for wireless LANs that can be used with small changes of the existing Products. FR-WEP is an extension to a lightweight key management, WEP'(9), which was proposed lately. It makes up for the weak points of WEP' by providing lightweight mutual authentication with both host keys and user keys, and seamless key-refresh for authenticated users with fast re-authentication. It would be a good alternative to the heavy standards for wireless LAN security, especially to small organizations hoping for better security.

Wireless PKI for Reducing Certificate Acquisition Time According to Authentication Path

  • Choi Seung-Kwon;Cho Yong-Hwan;Shin Seung-Soo;Jang Yoon-Sik
    • International Journal of Contents
    • /
    • v.1 no.1
    • /
    • pp.29-34
    • /
    • 2005
  • In this paper, we proposed an advanced authentication structure for reducing the certificate acquisition time which is one of the factors that should be improved in a conventional wireless PKI. A conventional key exchange method simply performs the key exchange setup step based on discrete algebraic subjects. But the mutual-authentication procedure of wireless PKI for reducing authentication time uses an elliptical curve for a key exchange setup step. We simulated and compared the authentication structure proposed by Sufatrio, K. Lam[4] and proposed authentication structure in terms of the authentication time. Simulation results show that the proposed method reduces the authentication time compared to the conventional wireless PKI authentication method.

  • PDF

Secure Handover Using Inter-Access Point Protocol in Wireless LAN (무선 LAN에서 Inter-Access Point Protocol을 이용한 안전한 핸드오버)

  • DaeHun Nyang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.107-112
    • /
    • 2003
  • Handover in IEEE 802.11 requires repeated authentication and key exchange procedures, which are an obstacle to seamless services of wireless LAM. We propose a fast authentication and key exchange mechanism using IEEE 802.11f. Especially, by proposing a modified version of the 4-way handshake of IEEE 802.11i, we solve the perfect forward secrecy problem that arises when the pre-authentication is adopted. The scheme can be implemented only using the Context Block of IEEE 802.11f and the 4-way handshake of IEEE 802.11i without involving authentications server's interaction or non-standard behavior between access points. Our scheme is applicable to devices not supporting the us-authentication of IEEE 802.11i and also, it can substitute the pre-authentication when the pre-authentication is failed.

Survey on the Authentication and Key Management of 802.11s

  • Lam, Jun Huy;Lee, Sang-Gon;Tan, Whye Kit
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2012.05a
    • /
    • pp.89-92
    • /
    • 2012
  • Wireless Mesh Network expanded the capability of the conventional wireless networking by allowing the nodes to operate in proactive mode, reactive mode or the combination of both, the hybrid mode in the multi-hopping nature. By doing so, the links between the nodes become much more robust and reliable because of the number of paths to reach a destination node from a source node can be more than 1 and do not need to rely on the access point (AP) alone to relay the messages. As there may be many possible ways to form an end-to-end link between 2 nodes, the routing security becomes another main concern of the 802.11s protocol. Besides its reliance on the 802.11i for the security measures, 802.11s also includes some new features such as the Mesh Temporal Key (MTK) and the Simultaneous Authentication of Equals (SAE). The authentication and key management (AKM) process of 802.11s were observed in this paper.

  • PDF

Design and Implementation of User Authentication Schemes for Roaming in Public Wireless LAM Systems (공중 무선랜 시스템에서 로밍을 고려한 사용자 인증방식의 설계 및 구현)

  • Lee, Hyun-Woo;Kim, Jeong-Hwan;Ryu, Won;Yoon, Chong-Ho
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.8B
    • /
    • pp.755-761
    • /
    • 2004
  • Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAM access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802. 1x standards and related protocols likeEAPoL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG.(Intelligent Wireless Internet Gateway).

Research of Real Time Mutual Authentication System in Wireless Network (무선 네트워크상에서 실시간 상호인증시스템에 관한 연구)

  • Jung, Don-Chul;Han, Seung-Jo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.11
    • /
    • pp.1996-2001
    • /
    • 2006
  • Open System Authentication Method, Shared Key Method, Mac Based Authentication Method are very hard to use in wireless network that needs security. So now, many researches have been performed about 802.1x and user authentication method applying PKI. but certificate verification protocol has been used abolished list called CRL since it's first usage of PKI, there were still has a problem about distribution point. This paper applied CVS to use CA direct not to use CRL and OSCP server in order to improve this problems. Also It suggested the system that can make authentication steps more shorter using authentication server and Mutual authentication system by public certificate(small size/low speed wireless terminal can access to wireless network fast and safely)

A Design of AES-based CCMP Core for IEEE 802.11i Wireless LAN Security (IEEE 802.11i 무선 랜 보안을 위한 AES 기반 CCMP Core 설계)

  • Hwang Seok-Ki;Lee Jin-Woo;Kim Chay-Hyeun;Song You-Soo;Shin Kyung-Wook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.4
    • /
    • pp.798-803
    • /
    • 2005
  • This paper describes a design of AES(Advanced Encryption Standard)-based CCMP core for IEEE 802.1li wireless LAN security. To maximize its performance, two AES cores ate used, one is for counter mode for data confidentiality and the other is for CBC(Cipher Block Chaining) mode for authentication and data integrity. The S-box that requires the largest hardware in AES core is implemented using composite field arithmetic, and the gate count is reduced by about $20\%$ compared with conventional LUT(Lookup Table)-based design. The CCMP core designed in Verilog-HDL has 13,360 gates, and the estimated throughput is about 168 Mbps at 54-MHz clock frequency. The functionality of the CCMP core is verified by Excalibur SoC implementation.