EAP Extensions for EAP Re-authentication Protocol (ERP)

Narayanan, Vidya; Dondeti, Lakshminath

doi:10.17487/rfc5296

Cited by 69 publications

(100 citation statements)

References 12 publications

Supporting

Mentioning

100

Contrasting

Order By: Relevance

“…In common scenarios, an EAP peer and an EAP server authenticate each other through an EAP authenticator. Successful authentication results in a derivation of a Transient Session Key (TSK) by the EAP peer using the MSK [15]. To avoid unnecessary delays and roundtrips, it is desirable to avoid full EAP authentication when a peer moves from one authenticator to another.…”

Section: Hokeymentioning

confidence: 99%

“…The main idea behind ERP is to permit a peer and the server to verify the possession of keying material which has been previously obtained from an EAP method [15]. And more importantly, this EAP is a single-round trip exchange between peer and server.…”

Section: Hokeymentioning

confidence: 99%

“…As a result, MSK is available to the EAP authenticator at this point and the peer and server also derive EMSK. EMSK or DSRK (Domain Specific Root key) is used to derive re-authentication Root Key (rRK) which is available both at the peer and the server [15]. Furthermore, an additional key: re-authentication Integrity Key (rIK) is derived from rRK which is used to prove the possession of keying material during ERP exchange.…”

Section: Hokeymentioning

confidence: 99%

“…The authenticator uses the keyName-NAI field to send the message to the appropriate server. Server uses the keyName-NAI to look up the rIK [15]. After successful verification of rIK, server derives rMSK (re-authentication MSK) from the rRK and a sequence number supplied by the peer with the previous response.…”

Section: Fig 3 Erp Exchangementioning

confidence: 99%

See 3 more Smart Citations

Wireless Handoff Optimization: A Comparison of IEEE 802.11r and HOKEY

Khan

Rehana

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. IEEE 802.11 or Wi-Fi has long been the most widely deployed technology for wireless broadband Internet access, yet it is increasingly facing competition from other technologies such as packet-switched cellular data. End user expectations and demands have grown towards a more mobile and agile network. At one end, users demand more and more mobility and on the other end, they expect a good QoS which is sufficient to meet the needs of VoIP and streaming video. However, as the 4G technologies start knocking at doors, 802.11 is being questioned for its mobility and QoS (Quality of Service). Unnecessary handoffs and reauthentication during handoffs result in higher latencies. Recent research shows that if the handoff latency is high, services like VoIP experience excessive jitter. Bulk of the handoff latency is caused by security mechanisms, such as the 4-way handshake and, in particular, EAP authentication to a remote authentication server. IEEE 802.11r and HandOver KEY (HOKEY) are protocol enhancements that have been introduced to mitigate these challenges and to manage fast and secure handoffs in a seamless manner. 802.11r extends the 802.11 base specification to support fast handoff in the MAC protocol. On the other hand, HOKEY is a suite of protocols standardized by IETF to support fast handoffs. This paper analyzes the applicability of 802.11r and HOKEY solutions to enable fast authentication and fast handoffs. It also presents an overview of the fast handoff solutions proposed in some recent research.

show abstract

Section: Hokeymentioning

confidence: 99%

Section: Hokeymentioning

confidence: 99%

Section: Hokeymentioning

confidence: 99%

Section: Fig 3 Erp Exchangementioning

confidence: 99%

See 2 more Smart Citations

Wireless Handoff Optimization: A Comparison of IEEE 802.11r and HOKEY

Khan

Rehana

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In particular, [RFC5295] defines how to create a usagespecific root key (USRK) for bootstrapping security in a specific application, a domain-specific root key (DSRK) for bootstrapping security of a set of services within a domain, and a usage-specific DSRK (DSUSRK) for a specific application within a domain. [RFC5296] defines a re-authentication root key (rRK) that is a USRK designated for re-authentication.…”

Section: Introductionmentioning

confidence: 99%

Distribution of EAP-Based Keys for Handover and Re-Authentication

Nakhjiri¹,

Ohba²,

Hoeper³

2010

View full text Add to dashboard Cite

This document describes an abstract mechanism for delivering root keys from an Extensible Authentication Protocol (EAP) server to another network server that requires the keys for offering security protected services, such as re-authentication, to an EAP peer. The distributed root key can be either a usage-specific root key (USRK), a domain-specific root key (DSRK), or a domain-specific usagespecific root key (DSUSRK) that has been derived from an Extended Master

show abstract

Secure fast WLAN handoff using time‐bound delegated authentication

Chien

Hsu

2008

Int J Communication

View full text Add to dashboard Cite

SUMMARYTo support multimedia applications with good quality of services for roaming wireless local area network users, it is imperative to reduce the long re-authentication latency that users experience during handoff among access points (APs). Athough a great deal of research resources have been put into the reduction of the re-authentication latency, these schemes developed so far seem to either suffer from heavy overhead problems or have weak security. In this paper, we propose a novel approach to reducing the re-authentication latency. With the authentication server (AS) periodically delegating its authentication authority to the authenticated APs, the APs can authenticate the roaming users on behalf of the AS. As our performance analysis and simulation results demonstrate, our new approach is capable of greatly reducing the latency and overhead while achieving a high security level. Furthermore, it does not increase the complexity on the AP side because only the already existing four-way handshake with new keying mechanism is required.

show abstract

EAP Extensions for EAP Re-authentication Protocol (ERP)

Cited by 69 publications

References 12 publications

Wireless Handoff Optimization: A Comparison of IEEE 802.11r and HOKEY

Wireless Handoff Optimization: A Comparison of IEEE 802.11r and HOKEY

Distribution of EAP-Based Keys for Handover and Re-Authentication

Secure fast WLAN handoff using time‐bound delegated authentication

Contact Info

Product

Resources

About