高级检索

    WLAN Mesh漫游接入认证协议

    An Authentication Protocol for Station Roaming in WLAN Mesh

    • 摘要: IEEE 802.11s WLAN Mesh没有定义客户端的漫游认证协议,并且其初始接入认证协议EMSA中,申请者和认证者的认证密钥是通过认证服务器产生的,所以申请者和认证者之后的所有通信完全可以被认证服务器获取.同时该协议中的基于共享密钥的认证方式不能保证前向保密性,一旦长期密钥丢失,由其保护的所有通信内容都将被泄露.在EMSA的基础上,利用三方Diffie-Hellman密钥交换和单独认证载荷技术提出了客户端漫游接入认证协议.该协议不但克服了上述缺陷,而且只需要4轮的协议交互便可以实现上述三者之间的相互认证和密钥确认,不需要4步握手进行密钥确认.并且新的协议将基于签名的认证方式和基于共享密钥的认证方式统一于单独的认证载荷,这样认证方式的改变并不影响认证协议的结构.最后对新的协议进行了可证明安全分析和NS2性能仿真,结果表明:新的协议是通用可组合安全的,并且性能优于现有协议.

       

      Abstract: There is a lack of an authentication protocol for station roaming in IEEE 802.11s WLAN Mesh. And the shared key between the supplicant and the authenticator is generated by the authentication server in the current authentication protocol EMSA of IEEE 802.11s WLAN Mesh, so all the messages between them are learned by the authentication server. Moreover, the authentication mode based on the shared-key can not provide the perfect forward secrecy, which results in that all the keys generated by the shared-key are exposed. Based on EMSA, through the technique of the three-party Diffie-Hellman key exchange and separate authentication payload, a new authentication protocol is proposed, which can overcome the above shortcomings for station roaming. The new authentication protocol only needs four rounds to realize the mutual authentication and key confirmation among supplicant, authenticator and authentication server. Therefore, the four-way handshake, which is necessary in EMSA, is not required in the new solution. Furthermore, two different authentication modes, the shared-key based mode and the signature based mode, can be expressed by a single protocol in virtue of the separate authentication payload technique. When a different authentication mode is adopted, the protocol remains unchanged. Finally, the security and performance of the new protocol are analyzed. The results show that the new protocol is universally composable-secure, and has a much better performance than the current solutions.

       

    /

    返回文章
    返回