Abstract
Handoffs must be fast for wireless mobile nodes (MN) without sacrificing security between the MN and the wireless access points in the access networks. We describe and analyze our new secure Session Keys Context (SKC) scheme which has all the good features, like mobility and security optimization, of the currently existing key distribution proposals, namely key-request, pre-authentication, and pre-distribution. We analyze these solutions together, and provide some conclusions on possible co-operative scenarios and on which level of the network to implement them. Finally before conclusions we provide some handoff delay simulation results with SKC and key request schemes with corresponding example handoff scenarios with a next generation radio link layer.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Extensible authentication protocol (EAP). RFC 3748 (Proposed Standard). [Online]. Available: http://www.ietf.org/rfc/rfc3748.txt.
Aboba, B., Simon, D., Arkko, J., Eronen, P., & Levkowetz, H. (2006). Extensible authentication (EAP) key management framework. Internet-Draft (work in progress), draft-ietf-eap-keying-15.txt. [Online]. Available: http://www.ietf.org/internet-drafts/draft-ietf-eap-keying-15.txt.
Arbaugh, W., & Aboba, B. (2003). Handoff extension to RADIUS. Internet-Draft (work in progress, expired), draft-irtf-aaaarch-handoff-04. [Online]. Available: http://tools.ietf.org/html/draft-irtf-aaaarch-handoff-04.
Balfanz, D., Smetters, D. K., Stewart, P., & Chi Wang, H. (2002). Talking to strangers: Authentication in ad-hoc wireless networks. In symposium on network and distributed systems security (NDSS ’02). San Diego, CA. http://citeseer.ist.psu.edu/balfanz02talking.html.
European Commission 5th framework project SEACORN (http://seacorn.ptinovacao.pt/), “EURANE - Enhanced UMTS Radio Access Network Extensions for NS-2,” referenced 2006-11-30. [Online]. Available: http://www.ti-wmc.nl/eurane/.
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., & Yegin, A. (2005). PANA mobility optimizations. Internet-Draft (work in progress), draft-ietf-pana-mobopts-01.txt. [Online]. Available: http://www.ietf.org/internet-drafts/draft-ietf-pana-mobopts-01.txt.
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., & Yegin, A. (2006). Protocol for carrying authentication for network access (PANA), Internet-Draft (work in progress), draft-ietf-pana-pana-12.txt. [Online]. Available: http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-12.txt.
Hoeper, K., & Gong, G. (2003). Models of authentication in ad hoc networks and their related network properties. Department of Electrical and Computer Engineering University of Waterloo, CACR, Technical Report.
Housley, R., & Aboba, B., AAA key management. Internet-Draft (work in progress), draft-housley-aaa-key-mgmt-04.txt. [Online]. Available: http://www.ietf.org/internet-drafts/draft-housley-aaa-key-mgmt-04.txt.
IETF Working Group, “Handoff Keying (hokey),” (2006). [Online]. Available: http://www.ietf.org/html.charters/hokey-charter.html.
Institute of Electrical and Electronics Engineers, “802.11r: Transition Acceleration Protocol (TAP),” IEEE, proposal 802.21-04/xxxr1, 2004.
Institute of Electrical and Electronics Engineers, “802.11r: Justintime reassociation (jit),” IEEE, proposal 802.21-04/xxxr1, 2004.
Institute of Electrical and Electronics Engineers, “Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation,” IEEE, Tech. Rep. IEEE 802.11F, 2003.
Kempf, J. (2002). Problem description: Reasons for performing context transfers between nodes in an IP access network. RFC 3374 (Informational). [Online]. Available: http://www.ietf.org/rfc/rfc3374.txt.
Koodli R., Perkins C. (2001) Fast handovers and context transfers in mobile networks. ACM SIGCOMM Computer Communication Review 31(5): 37–47. ISSN: 0146–4833.
Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-hashing for message authentication. RFC 2104 (Informational). [Online]. Available: http://www.ietf.org/rfc/rfc2104.txt.
Loughney, J., Nakhjiri, M., Perkins, C., & R. (2005). Context transfer protocol (CXTP). RFC 4067 (Experimental). [Online]. Available: http://www.ietf.org/rfc/rfc4067.txt.
Mishra A., Shin M., Arbaugh W. (2004) Pro-active key distribution using neighbor graphs. IEEE Wireless Communications Magazine 11(1): 26–36
Mishra, A., Shin, M., Arbaugh, W., Lee, I., & Jang, K. (2003). Proactive key distribution to support fast and secure roaming. IEEE 802.11 Working Group, Tech. Rep. IEEE-03-084r1-I. [Online]. Available: http://www.ieee802.org/11/Documents/DocumentHolder/3-084.zip.
Pack, S., & Choi, Y. (2002). Pre-authenticated fast handoff in a public wireless LAN based on IEEE 802.1x Model. In Proceedings of the IFIP TC6 personal wireless communications 2002. In proceedings of the IFIP TC6/WG6.8 Working Conference on personal wireless communications, IFIP Conference Proceedings, vol. 234, 175–182.
Pack, S., & Choi, Y. (2002). Fast inter-AP handoff using predictive-authentication scheme in a public wireless LAN. Networks 2002 (Joint ICN 2002 and ICWLHN 2002). Atlanda, USA, August 2002, pp. 15–26
Steiner, J. G., Neuman, C., & Schiller, J. I. (1988). Keyberos: An authentication service for open network systems. In USENIX conference proceedings Winter 1988, pp. 191–200, http://citeseer.ist.psu.edu/steiner88kerberos.html.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Forsberg, D. Protected session keys context for distributed session key management. Wireless Pers Commun 43, 665–676 (2007). https://doi.org/10.1007/s11277-007-9271-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-007-9271-6