Classification of EAP methods and Some Major Attacks on EAP

This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

A New Pre-authentication Scheme for IEEE 802.11i Wireless LAN Network

As 802.11 Wireless LAN network is vulnerable to many security attacks, a complicated authentication mechanism was developed in IEEE 802.11i to enhance the WLAN network security. Unfortunately, the original 802.11i authentication procedure takes some time to complete and it will significantly affect the quality of service offered to mobile users who may handover between several access points. The existing pre-authentication scheme can shorten the authentication time remarkably, but it suffers from the unnecessary signalling overhead which may be a heavy burden to the network. In this paper, we propose to improve the preauthentication mechanism via reducing the signalling overhead. In our scheme, the mobile user will initiate the pre-authentication with a neighbouring access point only when he is really approaching that particular access point. Therefore, many unnecessary preauthentication signalling overheads can be avoided. Preliminary simulation results show that signalling overhead can be reduced by 50% while still maintaining short authentication delay

A security architecture for personal networks

Abstract Personal Network (PN) is a new concept utilizing pervasive computing to meet the needs of the user. As PNs edge closer towards reality, security becomes an important concern since any vulnerability in the system will limit its practical use. In this paper we introduce a security architecture designed for PNs. Our aim is to use secure but lightweight mechanisms suitable for resource constrained devices and wireless communication. We support pair-wise keys for secure cluster formation and use group keys for securing intra-cluster communication. In order to analyze the performance of our proposed mechanisms, we carry out simulations using ns-2. The results show that our mechanisms have a low overhead in terms of delay and energy consumption

Securing a wireless network with EAP-TLS: perception and realities of itsimplementation

In the arena of wireless security, EAP-TLS is considered one of the most secure protocols. However since its inception the uptake has been poor and the investigation into the reasons for this are sparse. There is an industry perception that EAP-TLS is complex as well as difficult to configure and manage. One of the major barriers is in the use of public key infrastructure and the perceived difficulties in its application. The paper discusses why it is seemingly difficult to implement and how this may differ from the reality of its implementation. This premise is investigated using Windows Server 2003 to provide an argument that is in contradiction to the perception. This paper demonstrates that the processes with which the technology can now be applied have significantly improved through automation of public key infrastructure configuration and deployment

A Method for Authentication Services in Wireless Networks

With the widespread use of wireless network services and applications, security is a major concern. From wireless network security aspects, authentication for services is very important especially in Internet banking. In this paper, an authentication method for wireless networks using dynamic key theory is presented. The dynamic key theory is used to produce “one time keys” for authentication. These one time keys will improve the efficiency and security of wireless authentication. It can be applied for Internet banking and services in wireless networks

Untraceable Authentication Protocol for IEEE802.11s Standard

In the current paper, a new handover authentication protocol for IEEE802.11s Wireless mesh networks is presented. The new protocol divides the network into a number of cells, each cell contains a number of access points and based on the concept of ticket authentication, the mesh user takes a new ticket when enters the region of a new cell which decreases the handover latency. Moreover, in the current paper, a new idea for ticket generation is proposed, called Chain Ticket Derivation Function (CTDF), which uses the concept of a chain. Using CTDF in our proposed protocol raises the level of privacy for the users. The security analysis presented in the paper showed more strengths in our proposed scheme. Two formal verification tools, AVISPA and BAN logic are used to test the proposed protocol