Handover mechanisms in next generation heterogeneous wireless ...

More documents

Recommendations

Info

SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS scope of this thesis. If the authentication is successful, some keying materials such as Pairwise Master Key (PMK) will be delivered to the authenticator from the authentication server. A four-way handshake follows the 802.1X EAP authentication to negotiate the pairwise cipher suites for the local transmission to the AP. The authenticator issues an Authenticator Nounce (ANounce) in an EAPOL-Key message sent to the supplicant. The ANounce is essentially a random or pseudo-random value. After receiving the EAPOL-Key, the supplicant generates a Supplicant Nounce (SNounce). By using a Pseudo-Random Function (PRF) algorithm with the ANounce, SNounce, PMK, and other information as inputs, the supplicant derives a Pairwise Transient Key (PTK). The supplicant then sends an EAPOL-Key message containing the SNounce and Message Integrity Code (MIC) (Note: MIC is a cryptographic digest used to provide integrity service.) back to the authenticator. The authenticator uses the same PRF algorithm to derive the PTK. The PTK is a session key shared between the supplicant and the authenticator. Later, the authenticator can start the group key handshake for configuring a Group Temporal Key (GTK) on the supplicant to protect the broadcast/multicast messages. - 42 -
SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS Figure 3.3 Example: an exchange of RSNA authentication messages The derivation of PTK for session protection is described below. The pseudo-random function PRF uses the PMK and the nonces provided by the two entities, and generates a PTK. PTK � PRF � X ( PMK, " pke" , Min( AA, SPA) || Max( AA, SPA) || Min( ANounce, SNounce) || Max( ANounce, SNounce)) where the output PRF-X can be 384 or 512 bits depending on the confidentiality algorithms utilised, and AA and SPA represents the MAC addresses of the authenticator and the supplicant respectively. The addresses are converted to positive integers first, and then compared for the Min and Max operations. The pairwise key expansion “pke” is a fixed character string. The PTK is split into three portions: EAPOL-Key Confirmation Key (KCK), EAPOL-Key Encryption Key (KEK), and Temporal Key (TK) shown in Figure 3.4. The KCK and KEK are used by 802.1X to provide data origin authenticity and confidentiality respectively in the four-way handshake and group key handshake. As indicated in Figure 3.4, the derivation of the corresponding key value is conducted using the L(Str, F, L) function, which extract bits F through F+L-1 from Str starting from the left. All the temporal keys can be refreshed to prevent key reuse. This provides dynamic key distribution that significantly enhances the security provided by WEP [48]. Figure 3.4 Pairwise transient key structure - 43 -
Page 1 and 2:
Handover Mechanisms in Next Generat
Page 3 and 4: ACKNOWLEDGMENT First of all, I woul
Page 5 and 6: TABLE OF CONTENTS 4.4.2 Power Save
Page 7 and 8: LIST OF FIGURES LIST OF FIGURES Fig
Page 9 and 10: LIST OF FIGURES Figure 7.2 A generi
Page 11 and 12: ABSTRACT New access technologies su
Page 13 and 14: Chapter 1 INTRODUCTION New access t
Page 15 and 16: INTRODUCTION becomes available. Han
Page 17 and 18: INTRODUCTION The above multipliciti
Page 19 and 20: INTRODUCTION network trust pattern
Page 21 and 22: INTRODUCTION 1.3 Related Publicatio
Page 23 and 24: INTRODUCTION TECHNICAL REPORTS XIII
Page 25 and 26: HANDOVER MANAGEMENT horizontally. H
Page 27 and 28: HANDOVER MANAGEMENT The objective o
Page 29 and 30: HANDOVER MANAGEMENT air interface,
Page 31 and 32: HANDOVER MANAGEMENT proposed archit
Page 33 and 34: HANDOVER MANAGEMENT Access point (A
Page 35 and 36: HANDOVER MANAGEMENT users. Moreover
Page 37 and 38: HANDOVER MANAGEMENT For IEEE 802.11
Page 39 and 40: HANDOVER MANAGEMENT The two schemes
Page 41 and 42: HANDOVER MANAGEMENT When a MH is mo
Page 43 and 44: 3.1 Introduction Chapter 3 HANDOVER
Page 45 and 46: SECURITY FOR HANDOVER ACROSS HETERO
Page 53: SECURITY FOR HANDOVER ACROSS HETERO
Page 69 and 70: DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 93 and 94: Chapter 5 TRUST ASSISTED HANDOVER A
Page 95 and 96: TRUST ASSISTED HANDOVER ALGORITHM F
Page 105 and 106:
TRUST ASSISTED HANDOVER ALGORITHM F
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Chapter 6 PROXY BASED AUTHENTICATIO
Page 125 and 126:
PROXY BASED AUTHENTICATION LOCALISA
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
MULTI-INTERFACE MOBILE MODEL FOR ME
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
CONCLUSIONS AND FUTURE RESEARCH WOR
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
ABBREVIATIONS 3G 3rd Generation Wir
Page 177 and 178:
ABBREVIATIONS LS Location Server MH
Page 179 and 180:
ABBREVIATIONS THOA Trust Assisted H
Page 181 and 182:
REFERENCES [12] C. Politis, T. Oda,
Page 183 and 184:
REFERENCES [37] Wi-Fi Alliance, "Wi
Page 185 and 186:
REFERENCES presented at IEEE Intern
Page 187 and 188:
REFERENCES [90] R. Verdone and A. Z
Page 189:
REFERENCES [116] K. E. Malki and H.
show all

Handover mechanisms in next generation heterogeneous wireless ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?