Handover mechanisms in next generation heterogeneous wireless ...

More documents

Recommendations

Info

SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS but provides a mean for the communications between a supplicant and its authentication server in a challenge-response manner. The specific authentication methods such as EAP-TLS [50] can be easily introduced by extending the EAP framework. The message flow of the EAP negotiations between the supplicant and the authentication server in the three-party authentication model is described in Sec. 3.2.1. The transmission of EAP messages on the client side (between the supplicant and the authenticator) can run directly on link layer without requiring a network layer protocol. This section would focus on the AAA protocols that carry EAP messages for authentication and key exchanges on the AAA server side (between the authenticator and the AAA server). Remote Access Dial-In User Service (RADIUS) Remote Access Dial-In User Service (RADIUS) is a client/server protocol that enables a remote Network Access Server (NAS, as a RADIUS client) to communicate with a central RADIUS server to authenticate users and authorise their access to the requested resources. A RADIUS client is responsible for passing user information in the form of requests to the designated RADIUS server, and waits for a response from the server. The RADIUS server is responsible for receiving user requests, authenticating users, and then returning all configuration information necessary for the RADIUS client to deliver service to the user. The RADIUS server can acts as a proxy client to other RADIUS servers in a proxy chaining architecture that will be discussed later. The type of RADIUS message is identified by the Code field in a RADIUS message shown in Figure 3.8. According to the RADIUS specification (RFC 2865 [49]), eight messages are defined. The Access-Request, Access-Accept, Access-Reject, and Access- Challenge are of particular interest to this study. RADIUS carries information (e.g. specific authentication, authorisation, and configuration details) in the form of attributes, which are of variable length. New attribute values can be readily added to extend the functionality of RADIUS server to interact with other entities. Transactions between RADIUS client and server are protected through the use of a shared secret. In addition, any user passwords sent over RADIUS has to be encrypted. This is done by utilising the RSA Message Digest Algorithm 5 (MD5). As indicated in Figure 3.8, an authenticator field of 16 octets is added to all RADIUS messages. This - 48 -
SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS value is used to authenticate the reply from the RADIUS server, and is used in the password hiding algorithm. The IETF specification for RADIUS [49] suggests that the response authenticator that is included in Access-Accept, Access-Reject, and Access- Challenge messages can be calculated using one-way MD5 hash: ResponseAuth = MD5(Code, ID, Length, Request Authenticator, Attributes, Shared secret) Figure 3.8 RADIUS message format The transmission of EAP messages over a AAA protocol can be supported by another specification - RADIUS support for EAP (RFC 3579, [59]). The EAP-RADIUS framework allows EAP messages to be embedded inside RADIUS attributes. Two new attributes, EAP-Message and Message-Authenticator, have been introduced in the EAP- RADIUS specification [59] for such purpose. The basic mechanism of carrying EAP messages over RADIUS is explained as follows. The EAP request from a RADIUS server to a supplicant is included in a RADIUS Access-Challenge message by encapsulation. The NAS decapsulates the RADIUS Access-Challenge, and obtains the EAP request, which is then sent to the supplicant through link layer protocols. The EAP response can be delivered to the RADIUS server using a RADIUS Access-Request message in the same manner. - 49 -
Page 1 and 2:
Handover Mechanisms in Next Generat
Page 3 and 4:
ACKNOWLEDGMENT First of all, I woul
Page 5 and 6:
TABLE OF CONTENTS 4.4.2 Power Save
Page 7 and 8:
LIST OF FIGURES LIST OF FIGURES Fig
Page 9 and 10: LIST OF FIGURES Figure 7.2 A generi
Page 11 and 12: ABSTRACT New access technologies su
Page 13 and 14: Chapter 1 INTRODUCTION New access t
Page 15 and 16: INTRODUCTION becomes available. Han
Page 17 and 18: INTRODUCTION The above multipliciti
Page 19 and 20: INTRODUCTION network trust pattern
Page 21 and 22: INTRODUCTION 1.3 Related Publicatio
Page 23 and 24: INTRODUCTION TECHNICAL REPORTS XIII
Page 25 and 26: HANDOVER MANAGEMENT horizontally. H
Page 27 and 28: HANDOVER MANAGEMENT The objective o
Page 29 and 30: HANDOVER MANAGEMENT air interface,
Page 31 and 32: HANDOVER MANAGEMENT proposed archit
Page 33 and 34: HANDOVER MANAGEMENT Access point (A
Page 35 and 36: HANDOVER MANAGEMENT users. Moreover
Page 37 and 38: HANDOVER MANAGEMENT For IEEE 802.11
Page 39 and 40: HANDOVER MANAGEMENT The two schemes
Page 41 and 42: HANDOVER MANAGEMENT When a MH is mo
Page 43 and 44: 3.1 Introduction Chapter 3 HANDOVER
Page 45 and 46: SECURITY FOR HANDOVER ACROSS HETERO
Page 59: SECURITY FOR HANDOVER ACROSS HETERO
Page 69 and 70: DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 93 and 94: Chapter 5 TRUST ASSISTED HANDOVER A
Page 95 and 96: TRUST ASSISTED HANDOVER ALGORITHM F
Page 111 and 112:
TRUST ASSISTED HANDOVER ALGORITHM F
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Chapter 6 PROXY BASED AUTHENTICATIO
Page 125 and 126:
PROXY BASED AUTHENTICATION LOCALISA
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
MULTI-INTERFACE MOBILE MODEL FOR ME
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
CONCLUSIONS AND FUTURE RESEARCH WOR
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
ABBREVIATIONS 3G 3rd Generation Wir
Page 177 and 178:
ABBREVIATIONS LS Location Server MH
Page 179 and 180:
ABBREVIATIONS THOA Trust Assisted H
Page 181 and 182:
REFERENCES [12] C. Politis, T. Oda,
Page 183 and 184:
REFERENCES [37] Wi-Fi Alliance, "Wi
Page 185 and 186:
REFERENCES presented at IEEE Intern
Page 187 and 188:
REFERENCES [90] R. Verdone and A. Z
Page 189:
REFERENCES [116] K. E. Malki and H.
show all

Handover mechanisms in next generation heterogeneous wireless ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?