Kerberized handover keying: a media-independent handover key management architecture

Authors:
Yoshihiro Ohba;Subir Das;Ashutosh Dutta
Affiliations:
Toshiba America Research, Inc, Piscataway, New Jersey;Telcordia Technologies Inc, Piscataway, New Jersey;Telcordia Technologies Inc, Piscataway, New Jersey
Venue:
Proceedings of 2nd ACM/IEEE international workshop on Mobility in the evolving internet architecture
Year:
2007

Citing 2
Cited 7

MPA assisted Optimized Proactive Handoff Scheme

MOBIQUITOUS '05 Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services
Network-Layer Assisted Mechanism to Optimize Authentication Delay during Handoff in 802.11 Networks

MOBIQUITOUS '07 Proceedings of the 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking&Services (MobiQuitous)

A transport-based architecture for fast re-authentication in wireless networks

SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Analysis of Handover Key Management schemes under IETF perspective

Computer Standards & Interfaces
Secure three-party key distribution protocol for fast network access in EAP-based wireless networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
A kerberized architecture for fast re-authentication in heterogeneous wireless networks

Mobile Networks and Applications
A fast handover authentication mechanism based on ticket for IEEE 802.16m

IEEE Communications Letters
A wide-adapted bantam protocol for roaming across wireless areas

Wireless Networks
GHAP: An Efficient Group-based Handover Authentication Mechanism for IEEE 802.16m Networks

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a media-independent handover key management architecture that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. With the proposed architecture, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for proactive mode of operation. It is also optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node. This paper discusses how the proposed architecture is applicable to the existing link-layer technologies including IEEE 802.11 and 802.16 and across multiple AAA domains. This paper also describes how Kerberos is bootstrapped from initial access authentication using an EAP method.