A New Ticket-Based Authentication Mechanism for Fast Handover in Mesh Network

Yan-Ming Lai, Pu-Jen Cheng, Cheng-Chi Lee, Chia-Yi Ku, Muhammad Khurram Khan
2016 PLoS ONE  
Due to the ever-growing popularity mobile devices of various kinds have received worldwide, the demands on large-scale wireless network infrastructure development and enhancement have been rapidly swelling in recent years. A mobile device holder can get online at a wireless network access point, which covers a limited area. When the client leaves the access point, there will be a temporary disconnection until he/she enters the coverage of another access point. Even when the coverages of two
more » ... hboring access points overlap, there is still work to do to make the wireless connection smoothly continue. The action of one wireless network access point passing a client to another access point is referred to as the handover. During handover, for security concerns, the client and the new access point should perform mutual authentication before any Internet access service is practically gained/provided. If the handover protocol is inefficient, in some cases discontinued Internet service will happen. In 2013, Li et al. proposed a fast handover authentication mechanism for wireless mesh network (WMN) based on tickets. Unfortunately, Li et al.'s work came with some weaknesses. For one thing, some sensitive information such as the time and date of expiration is sent in plaintext, which increases security risks. For another, Li et al.'s protocol includes the use of high-quality tamper-proof devices (TPDs), and this unreasonably high equipment requirement limits its applicability. In this paper, we shall propose a new efficient handover authentication mechanism. The new mechanism offers a higher level of security on a more scalable ground with the client's privacy better preserved. The results of our performance analysis suggest that our new mechanism is superior to some similar mechanisms in terms of authentication delay. known communication network architectures. It consists of mesh clients and mesh points. Mesh clients can be static hosts (e.g., desktops, servers) or mobile hosts (e.g., smart phones, laptops, and tablets), and they can access the Internet through mesh points. Due to its low cost, large-scale coverage, and high reliability, WMN is widely used nowadays. Several working groups (e.g., IETF) focus their attention on the development of WMN technologies, and corresponding specifications are being standardized (e.g., IEEE 802.12, 802.15 and 802.16). Before accessing the Internet, a client must be authenticated by a mesh access point (MAP). When roaming from a mesh access point to another [1], as illustrated in Fig 1, the client needs to be re-authenticated to receive further Internet services. To keep real-time applications going and thus to offer the best user experience, the overall handover latency should not exceed 50ms [2] . However, the current wireless mesh networking standard IEEE 802.16m needs about 1000ms to process a full Extensible Authentication Protocol (EAP) for the overlong round trip between the client and the EAP server [3] . To make things worse, this same procedure has to be performed each time when a client moves to a new MAP (e.g. from MAP 1 to MAP 2 ) although the current EAP authentication has not yet expired. Obviously, there is plenty of room for improvement. In order to reduce the latency during client roaming, quite a number of handover authentication protocols have been developed [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] . Among them, the earlier works focused on accelerating the full authentication mechanism with the authentication process still having to be repeated every time. Later on, some protocol developers decided that, after the first thorough authentication procedure, neighboring MAPs should pre-recognize the client, and thus the same client can later have a rapid pass by presenting a ticket when entering the realm of a new MAP. These ticket-based protocols mainly fall into three categories, which are handover single authentication, group key authentication, and broadcast authentication. Details of different types of ticket-based protocols will be elaborated in Section 2. Recently, Li et al. proposed a fast handover authentication mechanism based on tickets for mesh network [22] . In spite of the efficiency and convenience it brings, Li et al.'s mechanism still has some weaknesses. In this paper, we shall present an efficient and secure authentication Fig 1. Wireless Mesh Network.
doi:10.1371/journal.pone.0155064 pmid:27171160 pmcid:PMC4865210 fatcat:76yhnvss2jdpvjx6y7tki7gjwi