Secure Fast Handover in an Open Broadband Access Network using Kerberos-style Tickets

Abstract: In an Open Broadband Access Network consisting of multiple Internet Service Providers, delay due to multi-hop processing of authentication credentials is a major obstacle to fast handover between access points, effectively preventing delay-sensitive interactive applications such as Voice over IP. By exploiting existing trust relationships between service providers and access points, it is possible to pre-authenticate a mobile terminal to an access point, creating a Kerberos-style ticket that can be evaluated l… Show more

“…Jaatun, et al [10] presented a ticket method for achieving fast, secure handover in wireless OBAN (Open Broadband Access Network) consisting of multiple Internet service providers. According to their method, a ticket can be seen as a sort of letter of recommendation, where the recipient (RGW, Residential Gateway) of the ticket does not know the sender (STA); but since the recipient trusts the entity (MB, mobility broker) that created the ticket, it can also trust the sender.…”

“…We can borrow the results in [10] to estimate the latency of re-authentication of the schemes. According to [10], the 2-way handshake between the STA and the AP takes about 5 ms in the best case, and 20 ms in the worst case. We list the comparison results in Table 2.…”

“…To reduce the re-authentication latency of WLAN handover, many fast handover schemes were proposed from different aspects [8,6,9,7,[1][2][3][4][10][11][12]. Besides short re-authentication latency, further desirable requirements such as low burden on the authentication server, low keying message overhead and high security level should be met altogether.…”

A novel re-authentication scheme based on tickets in wireless local area networks

“…Jaatun, et al [10] presented a ticket method for achieving fast, secure handover in wireless OBAN (Open Broadband Access Network) consisting of multiple Internet service providers. According to their method, a ticket can be seen as a sort of letter of recommendation, where the recipient (RGW, Residential Gateway) of the ticket does not know the sender (STA); but since the recipient trusts the entity (MB, mobility broker) that created the ticket, it can also trust the sender.…”

“…We can borrow the results in [10] to estimate the latency of re-authentication of the schemes. According to [10], the 2-way handshake between the STA and the AP takes about 5 ms in the best case, and 20 ms in the worst case. We list the comparison results in Table 2.…”

“…To reduce the re-authentication latency of WLAN handover, many fast handover schemes were proposed from different aspects [8,6,9,7,[1][2][3][4][10][11][12]. Besides short re-authentication latency, further desirable requirements such as low burden on the authentication server, low keying message overhead and high security level should be met altogether.…”

A novel re-authentication scheme based on tickets in wireless local area networks

“…Among the related works, we found that most reauthentication mechanisms based on the Kerberos protocol [27]- [29] have the same issues regarding the modification of access points. In these approaches, the access points are modified to support processing of Kerberos credentials.…”

EAP-Kerberos: A Low Latency EAP Authentication Method for Faster Handoffs in Wireless Access Networks

Multi-service traffic profiles to realise and maintain QoS guarantees in wireless LANs