MPA assisted Optimized Proactive Handoff Scheme
MOBIQUITOUS '05 Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services
Network-Layer Assisted Mechanism to Optimize Authentication Delay during Handoff in 802.11 Networks
MOBIQUITOUS '07 Proceedings of the 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking&Services (MobiQuitous)
A transport-based architecture for fast re-authentication in wireless networks
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Analysis of Handover Key Management schemes under IETF perspective
Computer Standards & Interfaces
Secure three-party key distribution protocol for fast network access in EAP-based wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A kerberized architecture for fast re-authentication in heterogeneous wireless networks
Mobile Networks and Applications
A fast handover authentication mechanism based on ticket for IEEE 802.16m
IEEE Communications Letters
A wide-adapted bantam protocol for roaming across wireless areas
Wireless Networks
GHAP: An Efficient Group-based Handover Authentication Mechanism for IEEE 802.16m Networks
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
This paper proposes a media-independent handover key management architecture that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. With the proposed architecture, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for proactive mode of operation. It is also optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node. This paper discusses how the proposed architecture is applicable to the existing link-layer technologies including IEEE 802.11 and 802.16 and across multiple AAA domains. This paper also describes how Kerberos is bootstrapped from initial access authentication using an EAP method.