Handover mechanisms in next generation heterogeneous wireless ...

More documents

Recommendations

Info

SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS RES K � f 2 ( RAND) , and sends it back to the serving network (STEP 5). The serving network verifies the identity of the MH by comparing the user’s response RES with the expected response XRES. If the two values are identical, the MH will be accepted for accessing the network. Figure 3.2 Authentication procedures in UMTS network 3.2.3 Authentication in IEEE 802.11 IEEE 802.11 standard [46] has defined two security services: the authentication service and the Wired Equivalent Privacy (WEP) mechanism. Both of the services have been classified as pre-RSNA (Robust Security Network Association) security mechanisms, and proved to be vulnerable [42]. To eliminate the security flaws of its ancestor 802.11, a new standard IEEE 802.11i [42] has been developed. In addition to providing the legacy security services of 802.11, e.g. WEP, 802.11i enhances key management and encryption algorithms by incorporating IEEE 802.1X [47], a port-based network control mechanism. IEEE 802.1X defines a means of authentication and authorisation at link layer for IEEE 802 Local Area Network (LAN). As described in the 802.1X standard [47], both the supplicant and the authenticator have a Port Access Entity (PAE), through which the authentication between the two parties can be performed. The PAEs operate the algorithms and protocols associated with the authentication mechanisms. The - 40 -
SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS authenticator PAE exchanges 802.1X messages with the supplicant PAE through the uncontrolled port before the supplicant is authenticated. The exchange of data traffic is allowed through the controlled port after the supplicant is authenticated successfully. The 802.1X utilises Extensible Authentication Protocol (EAP) [18] to provide a variety of authentication mechanisms. The EAP does not have an addressing mechanism and has its messages encapsulated over EAP Over LAN (EAPOL) protocol between the supplicant and the authenticator. The 802.11i defines two classes of security algorithms for IEEE 802.11 networks: Robust Security Network Association (RSNA) and pre-RSNA. A Robust Security Network (RSN) is a security network that allows the creation of robust security network associations, RSNAs, between all stations [48]. The RSNA security comprises two security algorithms: IEEE 802.11 entity authentication and WEP. The 802.11i standard suggests that pre-RSNA methods that have already been included in IEEE 802.11 [46] will be implemented to aid migration to RSNA methods. The key management defined for RSNA authentication will be presented here for further elaboration on the enhanced authentication mechanism in 802.11 WLAN. When the IEEE 802.1X authentication is used, the supplicant PAE initiates the authentication to the authenticator by sending an EAPOL-Start message to the authenticator. As shown in Figure 3.3, the authenticator replies with an EAP- Request/Identity to obtain the user’s identity. The user then sends back an EAP- Response/Identity containing its identity in response to the received EAP identity request. Upon receiving the EAP Response, the authentication PAE needs to deliver the EAP response message to the authentication server. The communications for authentication between the authenticator and the authentication server can be achieved using the AAA protocols like Remote Access Dial In User Service (RADIUS, RFC 2865 [49]). The authenticator encapsulates the EAP-Response/Identity message in a RADIUS Access-Request message, and sends it to the RADIUS authentication server. Multi-round authentication message exchanges will be needed to verify the identities of both EAP entities (the supplicant and the authentication server as shown in Figure 3.3). The verification can be carried out by means of Extensible Authentication Protocol- Transport Level Security (EAP-TLS, RFC 2716 [50]) protocol, which is outside the - 41 -
Page 1 and 2: Handover Mechanisms in Next Generat
Page 3 and 4: ACKNOWLEDGMENT First of all, I woul
Page 5 and 6: TABLE OF CONTENTS 4.4.2 Power Save
Page 7 and 8: LIST OF FIGURES LIST OF FIGURES Fig
Page 9 and 10: LIST OF FIGURES Figure 7.2 A generi
Page 11 and 12: ABSTRACT New access technologies su
Page 13 and 14: Chapter 1 INTRODUCTION New access t
Page 15 and 16: INTRODUCTION becomes available. Han
Page 17 and 18: INTRODUCTION The above multipliciti
Page 19 and 20: INTRODUCTION network trust pattern
Page 21 and 22: INTRODUCTION 1.3 Related Publicatio
Page 23 and 24: INTRODUCTION TECHNICAL REPORTS XIII
Page 25 and 26: HANDOVER MANAGEMENT horizontally. H
Page 27 and 28: HANDOVER MANAGEMENT The objective o
Page 29 and 30: HANDOVER MANAGEMENT air interface,
Page 31 and 32: HANDOVER MANAGEMENT proposed archit
Page 33 and 34: HANDOVER MANAGEMENT Access point (A
Page 35 and 36: HANDOVER MANAGEMENT users. Moreover
Page 37 and 38: HANDOVER MANAGEMENT For IEEE 802.11
Page 39 and 40: HANDOVER MANAGEMENT The two schemes
Page 41 and 42: HANDOVER MANAGEMENT When a MH is mo
Page 43 and 44: 3.1 Introduction Chapter 3 HANDOVER
Page 45 and 46: SECURITY FOR HANDOVER ACROSS HETERO
Page 51: SECURITY FOR HANDOVER ACROSS HETERO
Page 69 and 70: DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 93 and 94: Chapter 5 TRUST ASSISTED HANDOVER A
Page 95 and 96: TRUST ASSISTED HANDOVER ALGORITHM F
Page 103 and 104:
TRUST ASSISTED HANDOVER ALGORITHM F
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Chapter 6 PROXY BASED AUTHENTICATIO
Page 125 and 126:
PROXY BASED AUTHENTICATION LOCALISA
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
MULTI-INTERFACE MOBILE MODEL FOR ME
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
CONCLUSIONS AND FUTURE RESEARCH WOR
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
ABBREVIATIONS 3G 3rd Generation Wir
Page 177 and 178:
ABBREVIATIONS LS Location Server MH
Page 179 and 180:
ABBREVIATIONS THOA Trust Assisted H
Page 181 and 182:
REFERENCES [12] C. Politis, T. Oda,
Page 183 and 184:
REFERENCES [37] Wi-Fi Alliance, "Wi
Page 185 and 186:
REFERENCES presented at IEEE Intern
Page 187 and 188:
REFERENCES [90] R. Verdone and A. Z
Page 189:
REFERENCES [116] K. E. Malki and H.
show all

Handover mechanisms in next generation heterogeneous wireless ...

Create successful ePaper yourself

Delete template?

Save as template?