Analysis of Handover Key Management schemes under IETF perspective
Introduction
Faced with increasing user demand for new communication and network services, telecommunication operators are providing network access through different access technologies. Additionally, the operators need to manage and control subscribers, independently of access technologies. This has usually been achieved through authenticated network access with the support of Authentication, Authorization and Accounting (AAA) infrastructures [1]. Furthermore, thanks to the deployment of these infrastructures, it has been possible to establish roaming agreements which allow mobile subscribers to access the network services in different administrative domains, including the home domain where the users have their subscription and visited domains that have roaming relationships with the home domain.
In order to provide a flexible way to carry out the authentication process required for network access, the standardization body Internet Engineering Task Force (IETF) has designed the Extensible Authentication Protocol (EAP) [2], which allows different authentication mechanisms through the so-called EAP methods. Additionally, the protocol has been conceived to be technology independent and to allow an easy integration in deployed AAA infrastructures [3]. These features have promoted its use in different wireless technologies such as IEEE 802.11 [4] or IEEE 802.16e [5] and different protocols used for network access authentication (e.g. PANA [6], IKEv2 [7]).
However, EAP has shown some drawbacks when mobility is taken into consideration. In particular, EAP authentication is usually a time-consuming process [8], [9] and it usually takes place each time the mobile moves to a new EAP authenticator, regardless of whether the mobile has been previously authenticated or owns unexpired keying material. Additionally, EAP messages are exchanged between the mobile in the visited domain and the EAP server in the home domain. These two issues, which have generally been called the handover keying problem, are known to be major contributors to the handover latency that negatively affects session continuity during handover.
To solve these problems, the Handover Keying Working Group (HOKEY WG) has been designated within the IETF, to produce a collection of solutions that reduce the latency introduced during an EAP authentication. In this paper, we survey and analyze the work in progress in HOKEY WG, mainly from a security standpoint. From the analysis, we also provide possible solutions and alternatives to solve different problems found in the current specifications.
The remainder of the paper is organized as follows: in Section 2 we analyze EAP, since it is the basis for understanding the problem space associated to handover keying. Additionally, we describe the problems that HOKEY WG is trying to solve. Section 3 describes the different documents submitted and currently discussed within the group. In Section 4, we make a critical analysis of some issues found in the HOKEY WG documents and propose possible alternatives. Finally, Section 5 summarizes the related work, and in Section 6, we outline some conclusions and future lines.
Section snippets
The Extensible Authentication Protocol
The Extensible Authentication Protocol (EAP) [2] has been designed to permit different types of authentication mechanisms through the so-called EAP methods. These are performed between an EAP peer and an EAP server, through an EAP authenticator which merely sends EAP packets back and forth between the EAP peer and the EAP server.
Whereas the EAP peer is co-located with the mobile node and the EAP authenticator is commonly placed on the Network Access Server (NAS) (e.g. an access point or an
The on-going work in the handover keying working group
The HOKEY WG has started their tasks with the definition of a key hierarchy specially designed for handover keying purposes, giving a specific usage to the EMSK, whose purpose was not defined in EAP. Additionally, the HOKEY WG has defined an entity, named HOKEY server, which will be in charge of both fast EAP re-authentication and key distribution tasks. These tasks can be carried out by either a server in the peer's home domain, normally co-located in the AAA/EAP server (home HOKEY server); or
Analysis of existing proposals
Having described the on-going work in HOKEY, in this section we make a critical analysis of several security related aspects. Additionally, we propose some alternatives to solve some of the issues found.
Related work
Several alternatives have been proposed to reduce the time dedicated to EAP authentication and network access control. For example, IEEE 802.11 [14] introduced a pre-authentication mechanism at link-layer. Media Independent Framework (MPA) [31] extends the notion of IEEE 802.11 pre-authentication with mechanisms to perform early acquisition of IP address from a network where the mobile may move as well as proactive handover to the network while the mobile terminal is still attached to the
Conclusions and future work
The Extensible Authentication Protocol (EAP) has been promoted within IETF and adopted for different technologies because it provides a flexible authentication process. However, EAP has not been designed with the requirements of low-latency and faster-authentication in mind. The consequence is that, each time a mobile user attaches a new EAP authenticator, a full EAP method authentication is performed. Since it involves several round-trips with a server, which might be located far from the
Acknowledgments
This work has been supported by a Seneca Foundation grant in the Human Resources Researching Training Program 2007. Thanks also to the Funding Program for Research Groups of Excellence with code 04552/GERM/06 also granted by the Seneca Foundation; and the project SEISCIENTOS (TIN2008-06441-C02-02). Authors gratefully thank anonymous reviewers that have helped to improve the quality of this paper.
Rafael Marin Lopez is a full time assistant lecturer in the Department of Information and Communications Engineering at the University of Murcia (Spain). He received B.E., M.E. and Ph.D. degrees in Computer Science from the University of Murcia. He is actively collaborating in IETF (specially HOKEY Working Group), and IEEE 802.21a Task Group. His main research interests include network access authentication, key distribution and security in mobile networks.
References (48)
- et al.
EAP methods for wireless networks
Elsevier Computer Standards & Interfaces
(2007) AAA authorization framework
- et al.
Extensible Authentication Protocol (EAP)
- et al.
Extensible Authentication Protocol key management framework
IEEE 802.11 (2007) Std., Telecommunications and Information Exchange between Systems — Local and Metropolitan Area Network — Specific Requirements — Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications
IEEE 802.16e standard: air interface for fixed and mobile broadband wireless access system
(Feb. 2006)- et al.
Protocol for Carrying Authentication for Network Access (PANA)
Internet Key Exchange (IKEv2) Protocol
- et al.
Hybrid multilayer mobility management with AAA context transfer capabilities for all-IP networks
IEEE Wireless Communications
(2004) - et al.
Network-layer assisted mechanism to optimize authentication delay during handoff in 802.11 networks
RADIUS support for EAP
Diameter Extensible Authentication Protocol (EAP) application
Extensible Authentication Protocol (EAP) method requirements for wireless LANs
The network access identifier
PPP EAP TLS authentication protocol
Handover Key Management and Re-authentication Problem Statement
Specification for the derivation of root keys from an Extended Master Session Key (EMSK)
EAP extensions for EAP Re-authentication Protocol (ERP)
Derivation, delivery and management of EAP based keys for handover and re-authentication
EAP early authentication problem statement
Guidance for Authentication, Authorization, and Accounting (AAA) key management
State machines for Extensible Authentication Protocol (EAP) peer and authenticator
RADIUS attributes for domain-specific key request and delivery
Diameter support for EAP Re-authentication Protocol
Cited by (9)
Improved migration for mobile computing in distributed networks
2014, Computer Standards and InterfacesCitation Excerpt :It is a challenge to dynamically manage the access rights to the resources for mobile nodes and protect them from being disclosed. A key management scheme is a cryptographic technique to manage cryptographic keys used to protect the confidentiality of the sensitive resources [1–4]. It allows only authorized mobile agents to access authorized resources and information with its own cryptographic key(s).
An efficient handover authentication scheme with privacy preservation for IEEE 802.16m network
2012, Computers and SecurityCitation Excerpt :Nevertheless, they demand a trust server to issue and verify the ticket. Moreover, they may require the modification of EAP or link-layer protocols to carry Kerberos messages (Rafa et al., 2010b). In all the symmetrical key-based schemes mentioned above, MS and BS can successfully authenticate with each other once they have the same key material.
Untraceable Authentication Protocol for IEEE802.11s Standard
2021, International Journal of Communication Networks and Information SecurityHandovers in WiMAX technology
2015, 2014 International Conference on Information Communication and Embedded Systems, ICICES 2014EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks
2015, Peer-to-Peer Networking and ApplicationsGHAP: An efficient group-based handover authentication mechanism for IEEE 802.16m networks
2013, Wireless Personal Communications
Rafael Marin Lopez is a full time assistant lecturer in the Department of Information and Communications Engineering at the University of Murcia (Spain). He received B.E., M.E. and Ph.D. degrees in Computer Science from the University of Murcia. He is actively collaborating in IETF (specially HOKEY Working Group), and IEEE 802.21a Task Group. His main research interests include network access authentication, key distribution and security in mobile networks.
Yoshihiro Ohba is a Senior Research Scientist in Toshiba Corporate Research and Development Center. He received B.E., M.E. and Ph.D. degrees in Information and Computer Sciences from Osaka University in 1989, 1991 and 1994, respectively. He is an active member in IEEE 802 and IETF for standardizing security and mobility protocols. He is a main contributor of RFC 5191 (PANA — Protocol for carrying Authentication for Network Access). He is chair of IEEE 802.21a Task Group developing a standard for security extensions to the IEEE 802.21 media-independent handover protocol. He received IEEE Region 1 Technology Innovation Award 2008 for Innovative and Exemplary Contributions to the Field of Internet Mobility and Security related Research and Standards.
Fernando Pereñiguez García is a Ph.D. student granted by a Séneca Foundation within the Human Resources Researching Training Program 2007 at the Department Information and Communications Engineering, University of Murcia. His research interests are focused in the definition of fast and secure mechanisms which enable seamless handoff between heterogeneous wireless networks.
Antonio F. Gomez Skarmeta is a full professor at the University of Murcia, Spain. His research interests include advanced networking services and applications over IP networks, network security and mobility. He received an MSc in computer science from the University of Granada and a PhD in computer science from the University of Murcia.