• Title/Summary/Keyword: fast re-authentication

Search Result 11, Processing Time 0.024 seconds

A STUDY ON IMPROVED PKMv2 FRAMEWORK FOR FAST MOBILITY IN 802.16e NETWORKS

  • Suh, Gi-Jun;Yun, Seung-Hwan;Yi, Ok-Yeon;Lee, Sang-Jin
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2009.01a
    • /
    • pp.400-403
    • /
    • 2009
  • EAP (Extensible Authentication Protocol) is often used as an authentication framework for two-party protocol which supports multiple authentication algorithms known as "EAP method". And PKMv2 in 802.16e networks use EAP as an authentication protocol. However, this framework is not efficient when the EAP peer executing handover. The reason is that the EAP peer and EAP server should re-run EAP method each time so that they authenticate each other for secure handover. This makes some delays, so faster re-authentication method is needed. In this paper, we propose a new design of the PKMv2 framework which provides fast re-authentication. This new framework and usage of the keys which used as a short-term credential bring better performance during handover process.

  • PDF

A Study on USIM-based Authentication Testbed for UMTS-WLAN Handover (UMTS-WLAN간 핸드오버를 위한 USIM 기반의 인증 테스트베드에 관한 연구)

  • Ro, Kwang-Hyun;Kwon, Hye-Yeon
    • Journal of the Institute of Convergence Signal Processing
    • /
    • v.10 no.1
    • /
    • pp.66-71
    • /
    • 2009
  • In view of mutual complementary feature of wide coverage and high data rate, the interworking between 3G cellular network and WLAN is a global trend of wireless communications. This paper introduces the analytic result of an authentication mechanism for 3GPP-WLAN seamless mobility under the USIM-based authentication test-bed. In a handover process between heterogeneous networks, authentication is the main factor of handover delay. So authentication processing time should be firstly reduced. This paper describes an USTM-based EAP-AKA test-bed implemented for handover in UMTS and WLAN interworking systems. Experimental result has shown that the fast re-authentication mechanism during handover has reduced the handover delay by about 48.6%.

  • PDF

A Lightweight Key Management for Wireless LANs with the Fast Re-authentication (무선 랜에서 빠른 재 인증을 이용한 간소화된 키 관리 기법)

  • Lee Jae-Hyoung;Kim Tae-Hyong;Han Kyu-Phil;Kim Young-Hak
    • Journal of KIISE:Information Networking
    • /
    • v.32 no.3
    • /
    • pp.327-338
    • /
    • 2005
  • Since the IEEE 802.11 wireless LANs were known to have several critical weaknesses in the aspect of security, a lot of works have been done to reduce such weaknesses of the wireless LAN security, Among them IEEE 802.lli may be the ultimate long-term solution that requires new security platform with new wireless LAM products. However, it might not be the best solution for small organizations due to its high cost where the cost is a critical issue. This paper proposes FR-WEP, a light-weight key management for wireless LANs that can be used with small changes of the existing Products. FR-WEP is an extension to a lightweight key management, WEP'(9), which was proposed lately. It makes up for the weak points of WEP' by providing lightweight mutual authentication with both host keys and user keys, and seamless key-refresh for authenticated users with fast re-authentication. It would be a good alternative to the heavy standards for wireless LAN security, especially to small organizations hoping for better security.

An Authentication Interworking Mechanism between Multiple Wireless LANs for Sharing the Network Infrastructure (망 인프라 공유를 위한 무선랜 시스템들간의 상호 인증 연동 방법)

  • Lee Wan Yeon
    • The KIPS Transactions:PartA
    • /
    • v.11A no.6
    • /
    • pp.451-458
    • /
    • 2004
  • The previous studies focussed on the security problem and the fast re-authentication mechanism during handoffs in a single wireless LAN system. When the multiple wireless LAN systems share their network infrastructure one another, we propose an authentication mechanism allowing the subscriber to Perform the authentication procedure with the authentication server of its own wireless LAN system even in areas of other wireless LAN systems as well as in areas of its own wireless LAN system. In the proposed mechanism, the access point or the authentication server of other wireless LAN systems plays a role of the authentication agent between the subscriber and the authentication server of the subscriber's wireless LAN system. The proposed authentication mechanism is designed on the basis of the 802.1X and EAP-MD5 protocols.

An Enhanced Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services

  • Xiong, Ling;Peng, Daiyuan;Peng, Tu;Liang, Hongbin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.12
    • /
    • pp.6169-6187
    • /
    • 2017
  • With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

Design of a Secure Session Key Exchange Method for tow Latency Handoffs (Low Latency Handoffs를 위한 안전한 세션 키 교환 기법 설계)

  • Kim Hyun-Gon;Park Chee-Hang
    • Journal of Internet Computing and Services
    • /
    • v.5 no.3
    • /
    • pp.25-33
    • /
    • 2004
  • Mobile IP Low Latency Handoffs(l) allow greater support for real-time services on a Mobile IP network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authentication the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring further involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that performs a trusted thirty party. The proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation.

  • PDF

A Mobility Management Scheme for Fast Handover between Heterogeneous Networks (이종망 간 빠른 핸드오버를 위한 이동성 관리 방안)

  • Yu, Myoung-Ju;Choi, Seong-Gon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.04a
    • /
    • pp.607-610
    • /
    • 2011
  • 본 논문은 WiMAX 와 WLAN 네트워크 간 빠른 핸드오버를 위한 이동성 관리 방안을 제안한다. 제안방안은 MPLS 네트워크 환경을 기반으로 하고, 공용 인증키로써 MA ID(Mobility Agent Identifier)를 할당하여 핸드오버 시 재인증(Re-authentication) 및 IP 재구성을 위한 시그널링 메시지를 간소화시킨다. 따라서 이동노드가 핸드오버 할 때마다 반복적으로 요구되는 두 동작에 대한 처리가 보다 신속히 이뤄지면서 핸드오버 지연 감소의 효과를 보인다. 제안방안에 의한 성능 향상을 검증하기 위해 수식을 이용하여 기존방안과 제안방안의 핸드오버 지연을 분석하였다. 그 결과 제안방안에서의 핸드오버 지연이 기존방안 보다 더 낮음을 확인하였다.

Design of a Secure and Fast Handoff Method for Mobile If with AAA Infrastructure (AAA 기반 Mobile IP 환경에서 안전하고 빠른 핸드오프 기법 설계)

  • 김현곤
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.1
    • /
    • pp.79-89
    • /
    • 2004
  • Mobile IP Low Latency Handoffs allow greater support for real-time services on a Mobile W network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authenticate the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring funker involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that Performs a ousted thirty party. The Proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation

Reduction of Authentication Cost Based on Key Caching for Inter-MME Handover Support (MME 도메인간 핸드오버 지원을 위한 키캐싱 기반 인증비용의 감소기법)

  • Hwang, Hakseon;Jeong, Jongpil
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.13 no.5
    • /
    • pp.209-220
    • /
    • 2013
  • Handover is the technology to minimize data lose of mobile devices and make continuous communication possible even if the device could be moved from one digital cell site to another one. That is, it is a function that enables the mobile user to avoid the disconnection of phone conversations when moving from a specific mobile communication area to another. Today, there are a lot of ongoing researches for fast and efficient hand-over, in order to address phone call's delay and disconnection which are believed to be the mobile network's biggest problems, and these should essentially be resolved in all mobile networks. Thanks to recent technology development in mobile network, the LTE network has been commercialized today and it has finally opened a new era that makes it possible for mobile phones to process data at high speed. In LTE network environment, however, a new authentication key must be generated for the hand-over. In this case, there can be a problem that the authentication process conducted by the hand-over incurs its authentication cost and delay time. This essay suggests an efficient key caching hand-over method which simplifies the authentication process: when UE makes hand-over from oMME to nMME, the oMME keeps the authentication key for a period of time, and if it returns to the previous MME within the key's lifetime, the saved key can be re-used.

Proposal of a mobility management scheme for sensor nodes in IoT(Internet of Things) (사물인터넷(IoT)환경에서 센서 노드들의 이동성 관리 방안에 관한 제안)

  • Park, Seung-Kyun
    • Journal of Convergence Society for SMB
    • /
    • v.6 no.4
    • /
    • pp.59-64
    • /
    • 2016
  • 6LoWPAN (IPv6 over Low Power Wireless Sensor Network) standardized by IETF does not support the mobility of wireless sensor nodes. Since the wireless sensor node, subject to a lot of constraints in the CPU, memory, a battery is not easy to apply to existing protocols such as Mobile IPv6. In this paper, we propose a novel mobility management architecture and methods to work with 6LoWPAN based on the analysis on FPMIPv6 (Fast PMIPv6) the host is not a handover procedure performed in order to support the mobility of such sensor nodes. It was suggested the use of a dispatch code pattern that is not currently used in 6LoWPAN for inter-working, MAG and MAC, MAC in order to reduce packet loss caused as the authentication delay in the handover process to minimize the power consumption of a sensor node that is caused by the re-transmission the new concept of temporary guarantee (temporary guarantee) and trust relationships (trust relationship) between AAA and introduced.