Improved EAP keying framework for a secure mobility access service

Rafa Marin Lopez; Antonio Gomez Skarmeta; Julien Bournelle; Maryline Laurent-Maknavicus; Jean Michel Combes

doi:10.1145/1143549.1143587

Improved EAP keying framework for a secure mobility access service

Rafa Marin Lopez, Antonio Gomez Skarmeta, Julien Bournelle, Maryline Laurent-Maknavicus, Jean Michel Combes

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Users roaming is an important feature to be provided by current ISPs. The goal is to allow users to access to the Internet from everywhere without the need to have multiple subscriptions. A suitable authentication and key distribution mechanism between different domains involved is required to provide a secure network access service. The IETF solution for this is the Extensible Authentication Protocol (EAP) which supports various authentication methods while defining a keying framework. However, this framework suffers from some limitations in roaming scenario, specially in a mobility context. The reason is that each time the visited network needs to reauthenticate the client, the home domain must be contacted. This may introduce some consequent delay if the client is far from it. This paper proposes a new design which improves the current EAP keying distribution framework. The basic idea is to allow the visited domain to play a more active role in the key distribution. For this, we introduce a new level in the key hierarchy defined in the EAP keying framework. Thanks to this one, a new key can be used between the mobile and the visited network. This brings better performance during reauthentication as the home domain is no longer solicited.

Original language	English
Title of host publication	IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference
Pages	183-188
Number of pages	6
DOIs	https://doi.org/10.1145/1143549.1143587
Publication status	Published - 1 Dec 2006
Externally published	Yes
Event	IWCMC 2006 - 2006 International Wireless Communications and Mobile Computing Conference - Vancouver, BC, Canada Duration: 3 Jul 2006 → 6 Jul 2006

Publication series

Name	IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference
Volume	2006

Conference

Conference	IWCMC 2006 - 2006 International Wireless Communications and Mobile Computing Conference
Country/Territory	Canada
City	Vancouver, BC
Period	3/07/06 → 6/07/06

Keywords

Access control
Authentication
EAP
Key hierarchy
Key management
Mobility
Roaming

Access to Document

10.1145/1143549.1143587

Cite this

Lopez, R. M., Skarmeta, A. G., Bournelle, J., Laurent-Maknavicus, M., & Combes, J. M. (2006). Improved EAP keying framework for a secure mobility access service. In IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference (pp. 183-188). (IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference; Vol. 2006). https://doi.org/10.1145/1143549.1143587

Lopez, Rafa Marin ; Skarmeta, Antonio Gomez ; Bournelle, Julien et al. / Improved EAP keying framework for a secure mobility access service. IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference. 2006. pp. 183-188 (IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference).

@inproceedings{03e6203056f34ec5a693c3ed82beee37,

title = "Improved EAP keying framework for a secure mobility access service",

abstract = "Users roaming is an important feature to be provided by current ISPs. The goal is to allow users to access to the Internet from everywhere without the need to have multiple subscriptions. A suitable authentication and key distribution mechanism between different domains involved is required to provide a secure network access service. The IETF solution for this is the Extensible Authentication Protocol (EAP) which supports various authentication methods while defining a keying framework. However, this framework suffers from some limitations in roaming scenario, specially in a mobility context. The reason is that each time the visited network needs to reauthenticate the client, the home domain must be contacted. This may introduce some consequent delay if the client is far from it. This paper proposes a new design which improves the current EAP keying distribution framework. The basic idea is to allow the visited domain to play a more active role in the key distribution. For this, we introduce a new level in the key hierarchy defined in the EAP keying framework. Thanks to this one, a new key can be used between the mobile and the visited network. This brings better performance during reauthentication as the home domain is no longer solicited.",

keywords = "Access control, Authentication, EAP, Key hierarchy, Key management, Mobility, Roaming",

author = "Lopez, \{Rafa Marin\} and Skarmeta, \{Antonio Gomez\} and Julien Bournelle and Maryline Laurent-Maknavicus and Combes, \{Jean Michel\}",

year = "2006",

month = dec,

day = "1",

doi = "10.1145/1143549.1143587",

language = "English",

isbn = "1595933069",

series = "IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference",

pages = "183--188",

booktitle = "IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference",

note = "IWCMC 2006 - 2006 International Wireless Communications and Mobile Computing Conference ; Conference date: 03-07-2006 Through 06-07-2006",

}

Lopez, RM, Skarmeta, AG, Bournelle, J, Laurent-Maknavicus, M & Combes, JM 2006, Improved EAP keying framework for a secure mobility access service. in IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference. IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference, vol. 2006, pp. 183-188, IWCMC 2006 - 2006 International Wireless Communications and Mobile Computing Conference, Vancouver, BC, Canada, 3/07/06. https://doi.org/10.1145/1143549.1143587

Improved EAP keying framework for a secure mobility access service. / Lopez, Rafa Marin; Skarmeta, Antonio Gomez; Bournelle, Julien et al.
IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference. 2006. p. 183-188 (IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Improved EAP keying framework for a secure mobility access service

AU - Lopez, Rafa Marin

AU - Skarmeta, Antonio Gomez

AU - Bournelle, Julien

AU - Laurent-Maknavicus, Maryline

AU - Combes, Jean Michel

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Users roaming is an important feature to be provided by current ISPs. The goal is to allow users to access to the Internet from everywhere without the need to have multiple subscriptions. A suitable authentication and key distribution mechanism between different domains involved is required to provide a secure network access service. The IETF solution for this is the Extensible Authentication Protocol (EAP) which supports various authentication methods while defining a keying framework. However, this framework suffers from some limitations in roaming scenario, specially in a mobility context. The reason is that each time the visited network needs to reauthenticate the client, the home domain must be contacted. This may introduce some consequent delay if the client is far from it. This paper proposes a new design which improves the current EAP keying distribution framework. The basic idea is to allow the visited domain to play a more active role in the key distribution. For this, we introduce a new level in the key hierarchy defined in the EAP keying framework. Thanks to this one, a new key can be used between the mobile and the visited network. This brings better performance during reauthentication as the home domain is no longer solicited.

AB - Users roaming is an important feature to be provided by current ISPs. The goal is to allow users to access to the Internet from everywhere without the need to have multiple subscriptions. A suitable authentication and key distribution mechanism between different domains involved is required to provide a secure network access service. The IETF solution for this is the Extensible Authentication Protocol (EAP) which supports various authentication methods while defining a keying framework. However, this framework suffers from some limitations in roaming scenario, specially in a mobility context. The reason is that each time the visited network needs to reauthenticate the client, the home domain must be contacted. This may introduce some consequent delay if the client is far from it. This paper proposes a new design which improves the current EAP keying distribution framework. The basic idea is to allow the visited domain to play a more active role in the key distribution. For this, we introduce a new level in the key hierarchy defined in the EAP keying framework. Thanks to this one, a new key can be used between the mobile and the visited network. This brings better performance during reauthentication as the home domain is no longer solicited.

KW - Access control

KW - Authentication

KW - EAP

KW - Key hierarchy

KW - Key management

KW - Mobility

KW - Roaming

U2 - 10.1145/1143549.1143587

DO - 10.1145/1143549.1143587

M3 - Conference contribution

AN - SCOPUS:34247376050

SN - 1595933069

SN - 9781595933065

T3 - IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference

SP - 183

EP - 188

BT - IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference

T2 - IWCMC 2006 - 2006 International Wireless Communications and Mobile Computing Conference

Y2 - 3 July 2006 through 6 July 2006

ER -

Lopez RM, Skarmeta AG, Bournelle J, Laurent-Maknavicus M, Combes JM. Improved EAP keying framework for a secure mobility access service. In IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference. 2006. p. 183-188. (IWCMC 2006 - Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference). doi: 10.1145/1143549.1143587

Improved EAP keying framework for a secure mobility access service

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this