Radio LAN security access method based on roaming key exchange authentication protocal

Abstract

The method includes following steps: the H-AS (authentication sever at home end) is replaced by the F-AS (authentication server at far end) to originate an authentication challenge to MN (mobile node), the mutual identifications are made between MN and AP (access point) to build the shared cipher key; the network access identification of the MN is userarealm, 'user' is identification of user, realm is user's domain; the 'user' and 'realm' are separated, user is random encrypted to implement user's ID protection. By using the invention the interaction time between F-AS and H-AS is one, so that the performance is increased.

Description

technical field [0001] The invention belongs to the technical field of wireless communication security, in particular to a wireless local area network security access method (EAP-RKE) based on roaming key exchange authentication protocol, which provides security guarantee for local access and roaming access of mobile nodes. [0002] the term [0003] EAP-Extensible Authentication Protocol (Extensible Authentication Protocol) [0004] NAI-Network Access Identifier [0005] RADIUS-Remote Authentication Dial In User Service (Remote Authentication Dial In User Service) [0006] AAA-Authentication, Authorization, and Auditing (Authentication, Authorization, Accounting) [0007] TLS-Transport Layer Security [0008] TTLS-Tunneled Transport Layer Security (Tunneled TLS) [0009] PEAP - Protected Extensible Authentication Protocol (Protected EAP Protocol) [0010] RKE-Roaming Key Exchange (Roaming Key Exchange) [0011] MN-Mobile Node (Mobile Node) [0012] AP-Access Point (Ac...

AI Technical Summary

Problems solved by technology

[0028] 2) The protocol requires both parties to have public key certificates, which is difficult to operate in practice when the public key infrastructure is not widely deployed;

[0029] 3) The protocol does not protect user identities, and the number of protocol interaction rounds is 5

[0036] 2) The protocol does not have the security properties of forward secrecy PFS and non-key leakage camouflage N-KCI, and the number of protocol interaction rounds must be greater than 5;

[0045] 2) The agreement does not have the nature of identity protection;

[0046] 3) The mobile node MN and the wireless access point AP may generate inconsistent session keys

Although EAP-TLS has high security, it cannot provide identity protection; EAP-TTLS and PEAP change the use of TLS and provide identity protection, but lose some security properties and increase the number of protocol interaction rounds; WAI Although the number of interactive rounds of the protocol is small, the number of public key calculations performed by WAI on the access node AP is too large, which affects the performance of the AP, and cannot provide identity protection and session key consistency; in a wireless network environment, users The security threat is greater than that of the wired network, so security cannot be sacrificed to obtain other benefits; but for wireless mobile users, their identities need to be kept secret

To sum up, the current existing technologies can neither fully meet the security requirements of the wireless environment nor the performance requirements of roaming protocols.

Images