Komarova, Maryna (2008) Fast authentication and trust-based access control in heterogeneous wireless networks. PhD thesis Informatique et Réseaux, Computer Science and Networks (INFRES), ENST p.212.

Full text available as: - thesis_Maryna_Komarova.pdf ( 2602 Kb )

Licence: Copyright

Alternative Locations: http://www.infres.enst.fr/~komarova/publications.html

Abstract

The development of wireless technologies grants a user equipped with a portable wireless device the possibility to access services any time and anywhere. Different network access technologies have been designed for different purposes. Today’s digital universe is heterogeneous in various meanings of the word. Multiple IP-based services are offered for users who subscribe to multiple service providers, and have multiple roles and identities. These users are equipped with multi-interface, handheld devices with different capabilities and thus they are able to access a wide range of services over multiple access networks managed by multiple authorities. The limited scope of each access technology forces a user to gain connectivity through a verity of network technologies. For the same reasons, different technologies coexist in the same geographical areas. There is a great need for new paradigms and approaches to manage this heterogeneous universe and to deliver to users services adapted to their current terminals and access modes.

In this thesis, we study the current situation and trends in wireless technologies development. We discuss the problems related to security mechanisms specific to each technology, and in particular the possibilities for integration and interworking. Security solutions always have trust models beneath them. In the modern, dynamic, wireless world there is a strong need for trust establishment procedures. Security mechanisms to be implemented under ubiquitous mobility scenarios should be flexible and independent of operator, infrastructure and the underlying wireless technology. The key challenges to ubiquitous, secure mobility have been identified and the advantages and shortcomings of existing solutions have been analyzed.

We first study the possibility of authentication latency decreasing in a scenario where the network access authentication is decoupled from the service access authentication. An authorized user is granted network and service access as a result of a single authentication process that combines 802.1X and PANA operations.

Then we introduce the Fast re-Authentication Protocol (FAP) for inter-domain roaming, which aims to reduce the authentication delay for a mobile user in a visited administrative domain. The approach eliminates the need for communication between the target and the user’s home networks for credentials verification. We develop the Fast re-Authentication Protocol by suggesting a ticket distribution scheme for inter-domain roaming. This method decreases the number of tickets sent and consequently the overhead and delay of the ticket acquisition phase of the protocol. Numerical results obtained from experiments on a test-bed and a series of simulations show that the proposed scheme enhances inter-domain handover parameters such as authentication latency and signalling cost.

To improve the access control to network resources we propose the adjustable trust model. The purpose of this work is to provide the network with the opportunity to react to user behaviour. The network is able to observe the activity of each user and to calculate corresponding trust. Clients having low trust due to illicit behaviour are not allowed to access the network. Users are motivated to gain higher trust because trusted users have access to a larger set of services with higher quality of service. Validation of the proposed trust-based access control method has been done via simulations.

Finally, we discuss how the proposed solutions can be implemented in a single framework.

References

[1] IEEE Standard 802.11, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”, 1999 Editions, 1999.

[2] IEEE Standard 802.16, “Air Interface for Fixed Broadband Wireless Access Systems”, 2004 Edition, 2004

[3] IEEE Standard 802.16e, „Air Interface for Fixed Broadband Wireless Access Systems. Amendment 2: Physical and Medium Access Control layers for Combined Fixed and Mobile Operations in Licensed Bands and Corrigendum 1“.

2006 Edition.

[4] GSM 01.02 (ETR 99): "European digital cellular telecommunications system (Phase 2); General Description of a GSM PLMN". 1999

[5] ETSI GSM 04.60 “Digital Cellular Telecommunications System: General Packet Radio Service (GPRS): (phase 2+): Overall description of the GPRS Radio Interface (Um)”, ver 0.9.0, 18 September 1996.

[6] ETSI TS 123 101 V7.0.0. “Universal Mobile Telecommunications System (UMTS);General UMTS Architecture (3GPP TS 23.101 version 7.0.0 Release 7)”

2007

[7] International Telecommunication Union website: http://www.itu.int

[8] European Telecommunications Standards Institute specifications : http://www.etsi.org

[9] IMS – IP Multimedia Subsystem, Ericsson White Paper, 2004 (Retrieved from http://www.ericsson.com/technology/whitepapers/ims_ip_multimedia_subsystem.

pdf)

[10] “Methods for subjective determination of transmission quality”. ITU Recommendation P.800. 1996

[11] Perceptual Evaluation of Speech Quality (PESQ). ITU-T recommendation P.862, May 2000

[12] The E-model, a computational model for use in transmission planning.. ITU-T Recommendation G.107, March 2003

[13] Héctor Velayos, Gunnar Karlsson. “Techniques to Reduce IEEE 802.11b MAC Layer Handover Time”. In: IEEE International Conference on Communication (ICC), June 2003.

[14] IEEE Standard 802.11i “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 6: Medium Access Control (MAC) Security Enhancements”. 2004 Edition. 2004

[15] S. Thomson, T. Narten. “IPv6 Stateless Address Autoconfiguration”. Request for Comments 2462. December 1998

[16] R. Droms. “Dynamic Host Configuration Protocol”. Request for Comments 2131. March 1997

[17] C. Perkins “IP Mobility Support”, Request for Comments 2002, October 1996

[18] J. Risenberg, H. Schulzrinne. “SIP: Session Initiation Protocol”. Request for Comments 3261. June 2002

[19] Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, and Jens B. Schmitt: “Measurement and Analysis of Handover Latencies in IEEE 802.11i Secured Networks”. In Proceedings of the 13th European Wireless Conference (EW2007),

Paris, France. April 2007.

[20] Arunesh Mishra, Minho Shin, William Arbaugh. “An Empirical Analysis of the IEEE 802.11 MAC Layer Handoff Process”. In: ACM Computer Communication

Review, Apr. 2003, 33(2): 93~102

[21] Jon-Olov Vatn. “An experimental study of IEEE 802.11b handover performance and its effect on voice traffc”, Technical Report TRITA-IMIT-TSLAB R 03:01, Telecommunication Systems Laboratory, Department of Microelectronics and Information Technology, KTH, Royal Institute of Technology, Stockholm, Sweden 2003

[22] IETF “Requirements for Internet hosts”. Request for Comments 1122. October 1989

[23] ITU-T, "General Characteristics of International Telephone Connections and International Telephone Circuits: One-Way Transmission Time", ITU-T

Recommendation G.114 1998.

[24] J. Manner, M. Kojo. “Mobility Related Terminology”. Request for Comments: 3753, June 2004

[25] S. Hares, D. Katz. “Administrative Domains and Routing Domains: A model for routing in the Internet”. Request for Comments 1136 1989

[26] IEEE P802.11r “Fast Roaming/ Fast BSS Transition”. Draft D0.9.January 2008

[27] IEEE Trial-Use Recommendation Practice for Multi-Vendor Access Point 802.11f “Interoperability via an Inter-Access Point Protocol Across Distribution System Supporting IEEE 802.11 Operation”. 2003 Edition

[28] IEEE P802.11u “Interworking with External Networks”. Draft D2.0. January 2008

[29] IEEE P802.11e “MAC Enhancement for Quality of Service”. Draft D13.0. July 2005

[30] IEEE P802.21 “Media Independent Handover Services”. Draft D7.1. August 2007

[31] C. Perkins, “IP Mobility Support for IPv4”, Request for Comments 3344, August 2002

[32] D. Johnson, C. Perkins, J. Arkko , “Mobility Support in IPv6”, Request for Comments 3775, June 2004

[33] C.Blondia at al, “Performance evaluation of Layer 3 Low Latency Handoff Mechanisms”, Mobile Networks and Applications 9, 2004

[34] R. Koodli, “Fast Handovers for Mobile IPv6”, Request for Comments: 4068. July 2005

[35] H. Soliman et al., “Hierarchical Mobile IPv6 Mobility Management (HMIPv6),” Internet draft, IETF, draft-ietfmipshop-hmipv6-02.txt, June 2004, work in

progress.

[36] S.Das et al., “IDMP: An Intra-Domain Mobility Management Protocol for Next Generation Wireless Networks”, IEEE Wireless Magazine, October 2002

[37] A. Campbell et al., “Cellular IP,” draft-ietf-mobileip-cellularip-00.txt, IETF, January 2000,Work in Progress

[38] R. Ramjee et al., “IP micro-mobility support using HAWAII,” draft-ietfmobileip-hawaii-01.txt, July 2000, Work in Progress

[39] R. Moskowitz, “Host Identity Protocol Architecture”, draft-ietf-hip-arch-03, August 1, 2005, work in progress.

[40] ANSI T1.244-1995 -- Operations, Administration, Maintenance, and Provisioning (OAM&P)-Interface Standards for Personal Communications Services

[41] The NIST Handbook, Special Publication 800-12, An Introduction to Computer Security.

[42] Compact Oxford English Dictionary of Current English. ISBN-13: 978-0-19-861022-9. 1264 pages, 2005.

[43] Gambetta, Diego (2000) ‘Can We Trust Trust?’, in Gambetta, Diego (ed.) Trust:Making and Breaking Cooperative Relations, electronic edition, Department of Sociology, University of Oxford, chapter 13, pp. 213-237

[44] S. Marsh, ”Trust and reliance in Multi-agent systems: a preliminary report”, MAAMAW’92, Italy, 1992

[45] Yahalom, R.; Klein, B.; Beth, T. “Trust relationships in secure systems-a distributed authentication perspective“,Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on 24-26 May 1993 Page(s):150 - 164

[46] T. Beth, M. Borcherding and B. Klein, “Valuation of Trust in Open Networks”, In: Proceedings of European Symposium on Research in Computer Security (ESORICS), pp. 3-18, 1994, Springler-Verlag

[47] Lea Viljanen, “Towards an Ontology of Trust”. In: Proceedings of Second International Conference, TrustBus 2005, Copenhagen, Denmark, August. Pp. 185-174 2005

[48] Nikita Borisov, Ian Goldberg and David Wagner. “Intercepting Mobile Communications: The Insecurity of 802.11.” 7th Annual International Conference

on Mobile Computing and Networking, ACM Mobicon 2001

[49] William A. Arbaugh, “An Inductive Chosen Plaintext

Attack against WEP/WEP2”, doc IEEE802.11-01/230, 2001

[50] CNN.com, “'Off-the-shelf' hack breaks wireless encryption”, August 11, 2001

[51] IEEE, Standards for local and metropolitan area networks: Standard for port based network access control, IEEE Standard P802.1X, October 2001

[52] B. Aboba et al., “Extensible Authentication Protocol (EAP)”, Request for Comments 3748, June 2004

[53] Rigney, C., Willens, S., Rubens, A., Simpson, W. (June 2000). Remote Authentication Dial In User Service (RADIUS). RFC 2865. Retrieved from www.ietf.org.

[54] R. Housley, W. Ford, W. Polk, D. Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”. Request for Comments 2459. January 1999

[55] ETSI. TS 33.102 V 7.1.0: Universal Mobile Telecommunication system (UMTS); 3G Security; Security Architecture (3GPP TS 33.102 Version 7.1.0 Release 7),

from http://www.3gpp.org/ftp/Specs/html-info/33102.htm. 2006

[56] ETSI GSM 03.20: "Digital cellular telecommunications system (Phase 2+); Security related network functions". February 1992

[57] 3GPP TS 33 105 V 7.0.0: Universal Mobile Telecommunication system (UMTS); Cryptographic Algorithms Requirements (3GPP TS 33.105 version 7.0.0 Release 7). 2007

[58] J. Franks et al, “HTTP Authentication: Basic and Digest Access Authentication”. Request for Comments: 2617. June 1999.

[59] Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin, “Protocol for Carrying Authentication for Network Access (PANA)”. draft-ietfpana-

pana-18.txt. 2005

[60] E. Damiani, S. D. C. di Vimercati, and P. Samarati, "Managing multiple and dependable identities," IEEE Internet Computing, vol. 7, no. 6, pp. 29--37, November/December 2003.

[61] A. Jøsang, J. Fabre, B. Hay, J. Dalziel and S. Pope. Trust Requirements in Identity Management. Proceedings of the Australasian Information Security Workshop (AISW'05), Newcastle, Australia, January-February 2005

[62] Abhilasha Bhargav-Spantzel, Anna C. Squicciarini and Elisa Bertino. “Trust Negotiation in Identity Management”. In: IEEE Security & Privacy, Volume 5, Issue 2, pp. 55-63. March-April 2007

[63] Mo Li, Kumbesan Sandrasegaran, Xiaoan Huang: Identity Management in Vertical Handovers for UMTS-WLAN Networks. In: IEEE ICMB 2005: 479-484

[64] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004.

[65] T. Berners-Lee, R. Fielding , L. Masinter. “Uniform Resource Identifier (URI): Generic Syntax”. IETF Request for Comments: 3986. January 2005

[66] D.Halasz, “IEEE 802.11i and wireless security”, august 2004 //www.Embedded.com

[67] “Secure Computer Systems,” ESD-TR-73-278, Mitre Corporation; v I and II (Nov 1973), v III (Apr 1974).

[68] K Biba, Integrity Considerations for Secure Computer Systems, Mitre Corporation MTR-3153 (1975).

[69] Ross J. Anderson. “Security Engineering: A Guide to Building Dependable Distributed Systems”. Willey Edition, ISBN: 978-0-471-38922-4, 640 p., 2001

[70] “Identity based control”, ConSentry networks White paper, 2006

[71] Sandhu, R.S.; Coyne, E.J.; Feinstein, H. L.; Youman, C.E.;” Role-based access control models”. In IEEE Computer, Volume 22, Issue 9: 38-47, Feb.1996

[72] David F.Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli. “Proposed NIST Standard for Role-Based Access Control”. In: ACM Transactions on Information and System Security, Vol. 4, No.

3, August 2001, Pages 224–274.

[73] Ninghui Li, Mahesh V. Tripunitara. “Security analysis in role-based access control”. In: ACM Transactions on Information and System Security, Vol. 9, No.4, November 2006, Pages 391–420.

[74] Gail-Joon Ahn, Hongxin Hu. “Towards realizing a formal RBAC model in real systems”. In: Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT’07), June 2007

[75] A. Josang, “The Beta Reputation system”, Proceedings of the 15th Bled Conference on Electronic Commerce, Bled, Slovenia, 17-19 June 2002.

[76] M. Srivasta, Li Xiong, Ling Liu, “Trust Guard: Countering Vulnerabilities in Reputation Management for decentralized Overlay Networks”, WWW 2005

[77] Nathan Griffits, “Task Delegation using Experience-Based Multi-Dimensional trust”, AAMAS’05.

[78] S. Park et al, “Resilient Trust Management for Web Service Integration”. IEEE International Conference on Web Services, 2005. ICWS 2005.

[79] SECURE project’s website: http://www.dsg.cs.tcd.ie/dynamic/?category_id=-30

[80] N.Dimmock et al, “Risk models for Trust-based Access control (TBAC)”. In Proc. 3rd Annual Conference on Trust Management (iTrust), pages 364–371,May 2005. 2004

[81] N.Dimmock et al, “Using Trust and Risk in Role-Based Access Control Polilcies”. In Proc. Symposium on Access Control Models and Technologies (SACMAT), pages 156–162, June 2004.

[82] Huu Tran, Michael Hitchens, Vijay Varadharajan, Paul Watters, “A Trust based Access Control Framework for P2P File-Sharing Systems”. In: 38th Hawaii International Conference on System Sciences (HICSS-38 2005). January 2005

[83] Naouel Ben Salem et al, “Reputation-based Wi-Fi Deployment Protocols and Security Analysis”, WMASH’04, 2004

[84] Trung Dong Huynh et al, “An Integrated Trust and Reputation model for Open Multi-Agent Systems”. Journal of Autonomous Agents and Multi-Agent Systems, 13 (2). pp. 119-154. 2004

[85] K. Krukow, M. Nielsen, V. Sassone, “A Framework for Concrete reputationsystems with Applications to History-Based Access Control”. CCS’05.

[86] Y. Ohba, “EAP pre-Authentication Problem Satement”. draft-ietf-hokey-preauthps-02. Work in progress February 2008

[87] IEEE 802.21 Technical Requirements document for MIH Security 21-08-0012-00-0sec_MIH_Security_Technical_Report). January 2008

[88] MIPSHOP WG “mobility Services Transport protocol Design”. draft-meliamipshop-mstp-solution-01. Work in progress. November 2007.

[89] Mattheß, M., C.O. Krauß, K.M. Bayarou, C. Eckert, A.R. Prasad and P. Schoo: Identification of Security Requirements in WLAN-WLAN Inter-Domain Handovers. In: The 8th International Symposium on Wireless Personal

Multimedia Communications WPMC 2005, Aalborg, Denmark, September 17-22 2005

[90] B. Aboba, M. Beadles. “The Network Access Identifier”. IETF Request for Comments: 2486. January 1999

[91] 3GPP Technical Specification 35.202: Design of the KASUMI Block Cipher.

[92]] R. Housley, W. Ford, W. Polk and D. Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, Request for Comments 2459, April 2002

[93] OpenID project website http://openid.net/

[94] Liberty alliance website: http://www.projectliberty.org/

[95] Shibboleth project website: http://shibboleth.internet2.edu/

[96] L. Reznik, “Which models should be applied to measure computer security and information assurance?”. In: The IEEE International conference of Fuzzy Systems, 2003

[97] D. Stanley, J. Walker, B. Aboba. “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs”. IETF Request for comments 4017. 2005

[98] H. Koshutanski, F. Martinelli, P. Mori and A. Vaccarelli, “Fine-grained and History-based Access Control with Trust Management for Autonomic Grid Services”. 2006

[99] Michael Chuang, Suronapee Phoomvuthisam, James B. D. Joshi “An Integrated Framework for Trust-Based Access Control for Open Systems”. International Conference on Collaborative Computing: Networking, Applications and

Worksharing, pages 1-12. 2006

[100] Guo Ya-Jun, Hong Fan, Zhang Qing-Guo, Li Rong. “An Access Control Model for Ubiquitous Computing Application”, Mobile Technology, Applications and Systems, 2005 2nd International Conference, 15-17 Nov. 2005 Page(s):1 - 6

[101] Tchepnda, C., Riguidel, M. “Distributed Trust Infrastructure and Trust-Security Articulation: Application to Heterogeneous networks”. In: Proceedings of Advanced Information networking and Applications. AINA 2006

[102] T. Beth, M. Borcherding, B. Klein, “Valuation of Trust in Open Networks”. In D.Gollmann, editor, ESORICS 94, Brighton, UK, November 1994.

[103] Ajay Ravichandran, Jongpil Yoon, “Trust management with delegation in grouped peer-to-peer communities”. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, Pages: 71 – 80. 2006

[104] A. Hecker, H.Labiod, “Pre-authentication signalling in Wireless LANs using 802.1X access control”. IEEE GLOBECOM 2004, Dallas, TX, USA.

[105] Mobile and Wireless Systems beyond 3G. Project “Ambient Networks Phase 2“. D7-A.2 Draft System Description. FP6-CALL4-027662-AN P2/D07-A2. 2007.

[106] Unlicensed Mobile Access (UMA); Architecture (Stage 2). Technical Specification R1.0.1.2004

[107] J. Arkko, H. Haverinen. “Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)”. Informational Request for Comments 4187. January 2006

[108] H. Haverinen, J. Salowey. “Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules

(EAP-SIM)”. Informational Request for Comments 4186. January 2006

[109] S.Pack and Y. Choi, “Fast Inter-AP handover using predictive authentication scheme in a Public wireless LAN”. In/ Proc. Of Networks 2002, Aug. 2002

[110] S.Pack et al, “A Selective Neighbour Caching Scheme for fast handoff in IEEE 802.11 Wireless Networks”, ACM SIGMOBILE Mobile Computing and Communications Review, 2005

[111] A.Mishra et al, “Proactive key Distribution Using Neighbour Graphs”, IEEE Wireless communications, February 2004

[112] Kassab, M., Belghith, A., Bonnin, J.-M., Sassi, S. (2005, October, 13). Fast Pre-Authentication Based on Proactive Key Distribution for 802.11 Infrastructure Networks. WMuNeP’05. The ACM Digital Library.

[113] Kassab, M., Bonnin, J.-M, Belghith, A. “Fast and Secure Handover in WLANs: An evaluation of the signalling overhead”. In: IEEE CCNC 2008 proceedings.

[114] M.S.Bargh at al, “Fast authentication Methods for handovers between IEEE 802.11 Wireless LANs”, WMASH’04, October 1, 2004

[115] J. Loughney, C. Perkins and R. Koodli. “Context transfer Protocol (CXTP)”. Experimental Request for Comments 4067. July 2005

[116] N. Aboudagga, M. Eltoweissy and J.-J Quisquater, “Fast Roaming Authentication in Wireless LANs”, 1st Benilux Workshop on Information and System Security,

Antwerpen, Belgium, November 2006

[117] IETF HOKEY Working Group webpage http://www.ltsnet.net/ietf/hokey/

[118] M. Nakhjiri. “Use of EAP-AKA, IETF HOKEY and AAA mechanisms to provide access and handover security and 3G-802.16m interworking”. In: Proceedings of

PIMRS’07. 2007

[119] IETF Seamoby working group website: http://merlot.tools.ietf.org/wg/seamoby/

[120] B. Gaabab, D. Binet and J.-M. Bonnin. “Authentication Optimization for Seamless Handovers”. 10th IFIP/IEEE International Symposium on Integrated Network Management, 2007.

[121] Yegin, A., Ed., Ohba, Y., Penno, R., Tsirtsis, G., and C. Wang, "Protocol for Carrying Authentication for Network Access (PANA) Requirements and Terminology", Work in Progress, August 2004.

[122] D. Forsberg, J. Bournelle, R. Marin Lopez. “PANA Mobility Optimizations with Session Keys Context (SKC)”. draft-forsberg-pana-skc-00. 2005

[123] J. Kohl, C. Neuman, “The Kerberos Network Authentication Service V.5”. Request for Comments 1510. September 1993

[124] Z. Hong , H. Rui, Y. Man, K. Zhigang, Q. Hualin, “A Novel Fast Authentication Method for Mobile Network Access”, International Conference for Young Computer Scientists (ICYCS), Harbin, October, 2003

[125] H. Wang, A. R. Prasad, “Fast Authentication for Inter-domain Handover”, in Proc. of International Conference on Telecommunications (ICT’04), Fortaleza,

Brazil, August 1-7, 2004.

[126] M. Long, Ch.-H. “John” Wu, J. D. Irwin, “Localized Authentication for Wireless LAN Inter-network Roaming”, Communications, IEEE Proceedings-Volume

151, Issue 5, 24 Oct. 2004 Page(s):496 – 500

[127] S. G. Polito, H.Schulzrinne, “Authentication and Authorization Method in Multidomain, Multi-provider Networks”.In/ Proceedings of Next Generation Internet

Networks, 3rd EuroNGI Conference. 2007

[128] Y. Ohba, S. Das and A. Dutta, “Kerberized Handover Keying: A mediaindependent handover key management architecture”. In: Proceedings of MobiArch’07, August 2007, Japan

[129] Pho Duc Giang, Le Xuan Hung, Sungyoung Lee, Young-Koo Lee and Heejo Lee. “A Flexible Trust-Based Access Control Mechanism for Security and Privacy

Enhancement in Ubiquitous Systems”. IEEE MUE'07, April 2007

[130] Sudip Chakraborty, Indrajit Ray, “TrustBAC - Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems”, Proceedings of the eleventh ACM symposium on Access control models and technologies, 2006, Pages: 49 - 58

[131] Y.Matsunaga et al, “Secure Authentication System for Public WLAN Roaming”, WMASH’03, California, USA, - September 2003

[132] Matsunaga, Y., Merino, A.S., Suzuki, T., Katz, R.H. (September 2003). Secure Authentication System for Public WLAN Roaming. WMASH’03. Retriewed

from http:\\berkeley.edu/paper

[133] Das, S., Patil, B., Soliman, H., Yegin, A. (2003, April, 28). Problem Statement and Usage Scenarios for PANA. draft-ietf-pana-usage-scenarios-06.txt. Retrieved

from www.ietf.org

[134] Bargh, M.S., Hulsebosch, R.J., Eertink, E.H., Prasad, A., Wang, H., Schoo, P. (2004, October, 1). Fast authentication Methods for handovers between IEEE

802.11 Wireless LANs. WMASH’04. The ACM Digital Library.

[135] Patil, B., Tschofenig, H., Yegin, A. (2005, October, 21) PANA mobility optimizations. draft-ietf-pana-mobopts-01. Retrieved from www.ietf.org.

[136] Parthasarathy, M. (March 2005). Protocol for Carrying Authentication and Network access (PANA) Threats Analysis and Security requirements. RFC 4016.

Retrieved from www.ietf.org

[137] Loughney, J., Nakhjiri, Ed.M., Perkins, C., Koodli, R. (July 2005). Context Transfer Protocol (CXTP). RFC 4067. Retrieved from www.ietf.org

[138] Aboba, B., Beadles, M.(January 1999). The Network Access Identifier. RFC 2486. Retrieved from www.ietf.org

[139] D. Whiting, R. Housley and N. Ferguson. “Counter with CBC-MAC (CCM)”.Request for Comments 3610. September 2003

[140] Secure Hash Signature Standard (SHS) (FIPS PUB 180-2), Federal Information Processing Standards Publication 180-2, August 2002

[141] D. Stanley, J. Walker and B. Aboba, “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs”, Request for Comments 4017, March

2005

[142] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[143] FreeRadius.org

[144] open1x.sourceforge.net

[145] www.wireshark.org

[146] Luis Cabaral, Ali Hortaçsu. “The dynamics of seller reputation: evidence from eBay”. In: eScholarship Repository, University of California.

http://repositories.cdlib.org/berkeley econ221/fall2005/4. 2005

[147] www.omnetpp.org

[148] 21-07-0122-04-0000-Security_proposal.ppt, “Security Optimization During Handovers: 802.21 SG Proposal”.

[149] B. Aboba, “RADIUS Attributes for WLAN” . IETF draft draft-aboba-radextwlan-00, work in progress, July 2005

[150] Mipshop WG “Mobility Services Transport Protocol Design”. IETF draft draftmelia-mipshop-mstp-solution-01, work in progress. November 2007

Table of content

TABLE OF CONTENTS

Table of Contents 21

List of tables 25

List of illustrations 26

Index 28

Chapter I Introduction 29

I.1 Background and motivation 29

I.2 Problem statement 30

I.3 Summary of contribution 31

I.4 Organization of the Thesis 32

Chapter II Current situation in the world of wireless communications 35

II.1 Service access organization over wireless mobile access networks 35

II.1.1 Wireless network types 35

II.1.2 Service delivery approaches 38

II.1.3 Portable Device developments 39

II.2 Mobility: the handover and roaming problem 39

II.2.1 Mobility classification 40

II.2.2 Handover 41

II.2.2.1 Reasons for handover 42

II.2.2.2 Handover phases 43

II.2.2.3 Application requirements 45

II.2.2.4 Roaming 46

II.3 Mobility management 46

II.3.1 Link-layer mobility optimization 47

II.3.2 Network-layer mobility optimizations 48

II.3.3 User and session mobility support 50

II.4 Chapter summary 50

Chapter III Trust and security considerations 53

III.1 Risks and challenges in wireless environment 53

III.2 Introducing the Trust concept 55

III.3 Overview of Security mechanisms implemented in wireless networks 57

III.3.1 Security in WLAN: the IEEE 802.11 example 57

III.3.2 Security in WMAN: the IEEE 802.16 example 59

III.3.3 Security in WWAN: the UMTS example 60

III.3.4 Security mechanisms in public access networks 61

III.4 Security versus mobility 62

III.4.1 Security challenges introduced by mobility 62

III.4.2 Identity management problems 64

III.4.3 Trust establishment during handover 65

III.4.4 Security impact on mobility performance 66

III.5 Access control developments 67

III.6 Trust models overview 69

III.6.1 Choosing a reliable partner for collaboration 69

III.6.2 Memory models 70

III.7 Chapter Summary 72

Chapter IV Towards secure ubiquitous networking 73

IV.1 Expectations and everyday use-cases 74

IV.2 Key challenges to secure ubiquitous mobility in a heterogeneous environment 75

IV.2.1 Network selection problem 75

IV.2.2 Security level maintenance and security matching 76

IV.2.3 Dynamic trust establishment 77

IV.2.4 Fast mutual authentication 78

IV.2.5 User authorizations and access control in visited networks 79

IV.2.6 Secure redirection of a session with a corresponding node 80

IV.3 Existing solutions and associated issues 80

IV.3.1 Heterogeneous network IDs and user IDs management 80

IV.3.2 Security mapping 81

IV.3.3 Secure network selection and handover decision 81

IV.3.4 Dynamic trust establishment and trust delegation 82

IV.3.5 Fast authentication and handover performance 83

IV.3.5.1 Intra-domain handover 83

IV.3.5.2 Technology-independent fast authentication methods 85

IV.3.5.3 Inter-domain fast authentication solutions 86

IV.3.6 Access control in open environments 90

IV.4 Chapter summary 90

Chapter V Fast inter-domain authentication 95

V.1 Compound user authentication to a wireless LAN: the first step to handover optimization 95

V.1.1 Purpose of the work 95

V.1.2 Model and assumptions 97

V.1.3 Authentication process 99

V.1.4 Performance analysis 100

V.1.5 Summary 103

V.2 Fast re-authentication protocol: a solution for inter-domain authentication 103

V.2.1 Assumptions apply 104

V.2.2 Roaming scenarios 104

V.2.3 Architecture overview 105

V.2.4 Ticket acquisition 106

V.2.5 Re-authentication protocol 109

V.2.6 Implementation of the fast re-authentication protocol 111

V.2.7 Experiment results for FAP implementation 112

V.2.7.1 Test-bed setup 112

V.2.7.2 Implementation Details 113

V.2.7.3 Experiment results 114

V.3 Optimal credentials distribution for inter-domain authentication 115

V.3.1 Neighbour table construction 115

V.3.2 Formal validation of the model 116

V.3.2.1 Reactive mode 117

V.3.2.2 Proactive mode 118

V.3.3 Performance analysis 119

V.4 Fast re-authentication protocol analysis 121

V.4.1 Security considerations 121

V.4.2 Comparison with standard methods 122

V.4.3 Compared to ticket-based authentication proposals 123

V.4.4 Summary 124

V.5 Chapter summary 124

Chapter VI Trust-based access control architecture 127

VI.1 Motivation and requirements 128

VI.1.1 User Perspective 129

VI.1.2 Network perspective 129

VI.2 Concepts and notions 130

VI.2.1 Our understanding of trust 130

VI.2.2 The agents 131

VI.2.3 Sources of trust 132

VI.3 Requirements, Assumptions and limitations 133

VI.4 Model for service access control 134

VI.5 Trust in a user: generalized model 135

VI.5.1 Computing general trust 137

VI.5.2 Trust development 140

VI.6 Adjustable observation-based trust model 143

VI.6.1 Model description 144

VI.6.2 Trust formula 146

VI.6.3 Optimism and tendency 147

VI.6.4 The memory model and forgiving (past interactions history) 150

VI.6.5 Adapting access policies 153

VI.7 Analysis and comparison 155

VI.8 User’s trust in a network 159

VI.9 Trust-based Access Control Framework Implementation 162

VI.9.1 System architecture 162

VI.9.2 A use-case scenario 164

VI.9.3 Authentication and authorization 165

VI.10 Chapter summary 166

Conclusions and perspectives 169

VI.11 Conclusions 169

VI.12 Research Perspectives 170

Annex A Optimal ticket distribution: Simulation model description 173

Annex B Validation of trust-based access control model 175

Annex C Contributions to IEEE 802.21 (Media Independent Handover) Security Task Group 185

Related publications 197

Bibliography 199

Statistiques de consultation

Repository Staff Only: edit this item