Fast Re-authentication of Mobile Users

Minor Thesis

Qasim Al-Mamari

Agenda

Introduction Related Work Protocol Specification Implementation Results Future Work Q & A

Introduction

As a mobile user, the attributes of the device in use changes as the user traverse different networks or even sub-networks.

The loss of an authenticated session means that the user needs to undergo the authentication process again to continue their effort.

Performance and reliability of mobile networks is dependent on the capability of the access point providing the connectivity and on the movement of the mobile user where signals fade away when the user travels away from the access point

Related Work

The current EAP implementation [RFC3748] does not support fast re-authentication of mobile nodes

Other extensions such as EAP-TTLS PEAP pre-authentication has to be based on a concreted algorithm that

defines the mobile node’s next point of association. Yoshihiro et al addresses these issues and provides a Keberized

Handover Keying (KHK) mechanism based on Kerberos ticketing

technology. The use of Kerberos introduces the issue of clock

synchronization.

Protocol Specification

X Z : [{Nx X}kprx] kpuz ; Z X: [{Nx Z} kprz] kpux. X Y : [{Nx Z}kprx] kpuy ; Z Y : [{Nx Z} kprz] kpuy.

Notations: X: home access point. Y: neighbouring access point. Z: mobile user. Kpr* : indicates the private key of participant * Kpu*: indicates the public key of participant *. Nx: indicates the nonce produced by participant x.

Results

Strand Spaces proofs protocol’s authenticity and secrecy.

FDR proofs protocol does not have design flaws. Much faster than existing protocols because the mobile

node is not required to produce a nonce. The mobile node does not need to authenticate the

current access point.

Future Work

Use of less power consuming cryptography algorithms such as AES will be invistigated.

Q & A

Questions, Comments, Concerns!