Professional Documents
Culture Documents
An Efficient EAP-Based Pre-Authentication For Inter-WRAN Handover in TV White Space
An Efficient EAP-Based Pre-Authentication For Inter-WRAN Handover in TV White Space
ABSTRACT The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at
the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports
extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key
cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable
for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-
WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme,
the customer premises equipment and the target secondary user base station can accomplish a seamless
handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal
verification by automated validation of Internet security protocols and applications, we conclude that the
proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to
attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments.
The results show that the EPW scheme provides a lower computation delay than that mandated by the security
scheme regulation of the IEEE 802.22 standard.
INDEX TERMS Pre-authentication, TV white space, WRAN, handover, EAP, key secrecy.
2169-3536
2017 IEEE. Translations and content mining are permitted for academic research only.
VOLUME 5, 2017 Personal use is also permitted, but republication/redistribution requires IEEE permission. 9785
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
C. Wang et al.: Efficient EAP-Based Pre-Authentication for Inter-WRAN Handover in TV White Space
optional authentication phase after the PPP link has been roams to, which is not efficient. Junbeom et al. [14] apply
established. The EAP framework supports more than one public key cryptography in the pre-authentication scheme.
authentication scheme and can be used in a particular scheme, Public key cryptography consumes massive computational
such as EAP-based transport layer security protocol (EAP- resources, which is undesirable. Nguyen and Ma [13] propose
TLS), to achieve mutual authentication [5]. The flexibility of an enhanced EAP-based pre-authentication scheme (EEP) to
the EAP-TLS authentication protocol makes it a good choice improve the security level and the efficiency of the EPA.
for WRAN. An inter-WRAN handover is a CPE handover The EEP scheme can defend against replay attacks and DoS
from one SUBS to another SUBS in the same WRAN cell. attacks, but the MS and AS cannot obtain key agreement in
Before the handover, the CPE completes a full EAP-TLS the pre-authentication process.
authentication with the SUBS through the AS, in which Normally, a security mechanism consists of an authenti-
the CPE performs a security association’s traffic encryption cation mechanism and a key management mechanism. The
key (SA-TEK) 3-way handshake with the SUBS. The han- EAP-TLS authentication scheme could be used in WRAN
dover procedure in WRAN must be very efficient and fast to defined by the IEEE 802.22 standard. However, a full
effectively maintain a security association. A full EAP-TLS EAP-TLS authentication process needs 50 ms [15] to com-
authentication requires roughly 50 ms due to time-consuming plete, which is unacceptable for WRAN. The EAP-based
public key cryptography operations and the latency of infor- authentication protocol is inefficient in the WRAN handover
mation exchange over the several round-trips between the process. In addition, CPEs must vacate a spectrum needed by
CPE and the AS. PUs. CPEs are more mobile in WRAN, and their handovers
For the sake of reducing handover delay, WRAN may are consequently more frequent, than in other wireless net-
support the optimization of the handover procedure by works. The IEEE 802.22 standard also presents a public key
recycling key information from previous authentication certificate based authentication scheme that is vulnerable to
processes [3], which, however, results in successful man- interleaving attacks [16]. The certificate based authentication
in-the-middle (MITM) attacks and replay attacks due to its scheme requires the participation of a third party, which is not
lack of a secure entity authentication protocol. Alternative efficient for WRAN. To the best of our knowledge, there are
solutions [6]–[9] focus on decreasing the latency of the few works focusing on handover optimization for WRAN in
EAP-based authentication scheme without considering secu- TVWS.
rity functions. The currently popular schemes proposed for To design an efficient and secure handover protocol
handover optimization generally include a pre-authentication for WRAN in TVWS with less latency and strong secu-
scheme by which the AS distributes a new secret CPE han- rity functionality, we propose an efficient EAP-based pre-
dover key for the next handover before the handover occurs. authentication for inter-WRAN handovers (EPW) in TVWS
Thus, the handover latency can be decreased to the amount in this paper. The outstanding contribution of our proposal
of time required by a 3-way handshake protocol, result- is the distribution, before the handover, of the pre-master
ing in the shortest possible authentication latency [10]–[14]. secret (PMS) by the AS to the CPE using a pre-authentication
The pre-authentication scheme does not reuse the cryp- scheme, resulting in the AS and the CPE having PMS agree-
tographic key materials directly, which achieves greater ment. When a handover occurs, the target SUBS requests
security. An EAP-based pre-authentication scheme has been the master session key for authenticating the CPE from
proposed by the Handover Keying working group in [9]. The the AS. Then the target SUBS and the CPE can pro-
scheme, known as the handover early authentication (HOEA) ceed directly with the 3-way handshake protocol and key
protocol, is applied to the mobile IPv6 network [11]. The agreement. Using Burrows, Abadi, and Needham (BAN)
HOEA protocol completes a full EAP authentication pro- logic and formal verification by Automated Validation of
cess before the Mobile Station (MS) handover occurs, then Internet Security Protocols and Applications (AVISPA),
uses proactive signaling to find a potential access network we can conclude that the EPW scheme can provide mutual
for the MS handover. The HOEA protocol, however, only authentication and key secrecy with strong attack resis-
operates when the link layer supports proactive signaling. tance via pre-authentication. Additionally, the performance
Worse, the pre-authentication process may not be complete of the EPW scheme in terms of authentication delay has
before the handover process is triggered, which leads to been evaluated by simulation experiments, with the results
a failure of pre-authentication. Sun et al. [12] propose an demonstrating that the EPW scheme is much more effi-
EAP-based pre-authentication scheme (EPA) in WiMax to cient, requiring less computation and fewer communication
decrease the authentication latency for inter-base station (BS) resources.
handovers by which an MS is authenticated with neighboring The rest of the paper is organized as follows. We briefly
BSs for handover. The EPA does not require proactive sig- describe the background of the WRAN system in Section II.
naling, which is an advantage over the HOEA protocol. The Then, we present the proposed EPW scheme in Section III.
EPA, however, is susceptible to replay attacks and Denial In Section IV, we validate the EPW scheme using BAN
of Service (DoS) attacks [13], which will degrade its level logic and AVISPA, followed by performance evaluation
of security. The EPA also wastes effort on superfluous key in Section V. Section VI presents the conclusion of the
exchanges between the MS and those BSs that the MS never paper.
TABLE 1. Notations used in EPW scheme. TABLE 2. Message exchange in pre-authentication phase.
B → S : {A| ∼ (SID, NA , IDA )}KBS By using NA with the freshness rule, we infer (15)
PMS
PREAUTH _RSP : AS → B : SID, NA , NS , IDA , A ↔ S K A| ≡ # (NA )
BS PMS (15)
A| ≡ # A ↔ S
n PMS
o
B → A : S| ∼ SID, NA , NS , IDA , A ↔ S
KAB
PREAUTH _ACK : A → B : {SID, NS }PMS Using the nonce-verification rule, we can infer (16)
B → S : {A| ∼ (SID, NS )}PMS
PMS PMS
(7) A| ≡ # A ↔ S , A| ≡ S| ∼ A ↔ S
In the idealized form, we neglect the message specifics (16)
PMS
without providing the recipient’s beliefs. A and B share KAB , A| ≡ S| ≡ A ↔ S
and B and S share KBS . We assume that each participant Using the jurisdiction rule, we can also derive (17)
believes his own nonce to be fresh. Additionally, the PMS PMS PMS
is generated by the AS for the next handover. The following A| ≡ S| ⇒ A ↔ S , A| ≡ S| ≡ A ↔ S
assumptions are provided to analyze the protocol: (17)
PMS
A| ≡ A ↔ S
KAB KBS KAB KBS
A| ≡ A ↔ B, B| ≡ B ↔ S, B| ≡ A ↔ B, S| ≡ B ↔ S; From the PREAUTH_ACK message, via the message-
A| ≡ # (NA ) , B| ≡ # (SID) , S| ≡ # (NS ) ; meaning rule, we can obtain (18)
PMS PMS
A| ≡ S| ⇒ A ↔ B , S| ≡ S| ⇒ A ↔ B
PMS
(8) S| ≡ S| ⇒ A ↔ B
The following presents the formal analysis of the EPW (18)
S G A| ∼ (SID, NS )
scheme.
S compares the NS received with the NS previously gener-
From the PREAUTH_INT message, via the message-
ated by S itself. If the two random numbers match, then we
meaning rule, we obtain (9) PMS
KAB
conclude S| ≡ A| ≡ A ↔ S, which indicates S can believe
A| ≡ A ↔ B that A has received the PMS. By the jurisdiction rule, we can
(9)
A G SID conclude (19)
From the PREAUTH_REQ message, via the message- PMS PMS
meaning rule, we get (10) S| ≡ S| ⇒ A ↔ S , S| ≡ A| ≡ A ↔ S
(19)
KAB PMS
B| ≡ A ↔ B S| ≡ A ↔ S
(10)
B G SID, NA , IDA PMS
We have obtained two results, A| ≡ A ↔ S and S| ≡
B checks whether the received SID is the same as the PMS
A ↔ S, indicating that A and S have mutual authentication
SID sent in the PREAUTH_INT message. By the message- and PMS key agreement, which are also the goals of EPW.
meaning rule, we get (11)
KBS B. SECURITY ANALYSIS
S| ≡ B ↔ S
(11) In this subsection, the security properties of the proposed
S| ≡ A| ∼ (SID, NA , IDA )
EPW scheme, including mutual authentication, session key
S checks whether the SID is larger the SID used in the last agreement and the ability to resist replay attacks and MITM
session. IF so, then S believes this message is fresh, that is attacks, are analyzed.
S| ≡ # (SID). Using the freshness rule, we get (12)
S| ≡ # (SID) 1) MUTUAL AUTHENTICATION AND SESSION KEY
(12)
S| ≡ # (SID, NA , IDA ) AGREEMENT
From the PREAUTH_RSP message, via the message- The messages exchanged in the pre-authentication phase are
meaning rule, we get (13) all encrypted with a symmetric key, which guarantees that
KBS S
only one who has the corresponding symmetric key can
B| ≡ B ↔ view the message. The symmetric key KhSUBS,CPE is only
(13)
PMS
B G SID, NS , NA , IDA , A ↔ S shared by the CPE and hSUBS; KhSUBS,AS is only shared
by hSUBS and the AS. In response to the PREAUTH_REQ
B checks whether the SID and NA received in
message, the AS sends a randomly generated nonce NAS and
PREAUTH_RSP are the same as the SID sent in the
the PMS encrypted with KhSUBS,AS , which can only be read
PREAUTH_INT message and NA sent in the PREAUTH_REQ
by hSUBS. hSUBS relays the NAS and the PMS encrypted
message, respectively. Using the message-meaning rule,
with KhSUBS,CPE , which can only be read by the CPE. When
we infer (14)
the AS receives the nonce NAS encrypted with the PMS,
KAB then the AS can verify this message has been sent by the
A| ≡ A ↔ B
(14) CPE, authenticating the CPE and confirming that the CPE has
PMS
A| ≡ S| ∼ SID, NS , NA , IDA , A ↔ S gotten the PMS for further handover. The CPE authenticates
FIGURE 8. The AVISPA Results. (a) OFMC. (b) CL-AtSe. (c) SATMC. (d) TA4SP.
achieve mutual authentication and preserve the secrecy of IEEE 802.22 standard, the EEP scheme and the EPW
sensitive data from a passive intruder. scheme. To improve comparison accuracy, we classify the
required cryptographic operations into five basic types. The
V. PERFORMANCE EVALUATION basic cryptographic operation types are 1) Cert verifica-
In this section, we will compare the EPW scheme with tion (CEV), 2) Rivest, Shamir and Adleman (RSA) public
the EAP-TLS authentication scheme suggested in the IEEE key encryption (RPE), 3) RSA public key decryption (RPD),
802.22 standard [3] and the EEP scheme [12] proposed in 4) symmetric encryption/decryption (SED), and 5) bilinear
the IEEE 802.16 standard in terms of the number of crypto- pairing (PAR). Table 3 shows the results of the cryptographic
graphic operations and the authentication delay. This com- operation comparisons among the TLS scheme, the EEP
parison reveals that the EPW scheme can not only provide scheme and the EPW scheme. Table 3 clearly shows that the
security functionality but also efficiently decrease computa- EPW scheme needs far fewer basic cryptographic operations
tional costs and delay. than does the TLS scheme, except in the number of symmet-
ric encryption/decryption operations performed in the pre-
A. NUMBER OF CRYPTOGRAPHIC OPERATIONS authentication phase. It is important to note that symmetric
We compare the number of cryptographic operations exe- encryption/decryption can significantly reduce the authenti-
cuted by the CPE and the SUBS in the pre-authentication cation delay. The EEP scheme uses fewer RSA public key
process in the EAP-TLS scheme (TLS) regulated by the encryption and decryption operations than those of the TLS
REFERENCES
[1] J. P. Knapp, ‘‘Unlicensed operation in the TV broadcast band,’’ Federal
Register, Rules Regulations, vol. 77, no. 96, pp. 29236–29247, 2012.
[2] Small Entity Compliance Guide: Part 15 TV Band Devices, Third
Memorandum Opinion and Order, FCC, Washington, DC, USA,
Apr. 2013. CONG WANG was born in Hunan, China, in 1988.
[3] Information Technology—Local and Metropolitan Area Networks— She received the B.E. degree majoring in wireless
Specific Requirements—Part 22: Cognitive Wireless RAN Medium Access network from the School of Computer Science and
Control (MAC) and Physical Layer (PHY) Specifications: Policies and Technology, Tianjin University, in 2012, where she
Procedures for Operation in the TV Bands, IEEE Standard 802.22, is currently pursuing the Ph.D. degree with the
Jul. 2011, pp. 1–680. Computer Science and Technology, on Design and
[4] Extensible Authentication Protocol (EAP), document RFC 3748, Enhancement of Security Functionality in TVWS
Jun. 2004. Network. Her research interest includes TVWS
[5] The Transport Layer Security (TLS) Protocol Version 1.2, document RFC security and authentication protocol design.
5246, Aug. 2008.
MAODE MA (SM’09) received the B.E. degree LEI ZHANG received the Ph.D. degree in
from Tsinghua University, Beijing, China, in 1982, computer science from Auburn University,
the M.E. degree from Tianjin University, Tianjin, Auburn, AL, USA, in 2008. She was an Assis-
China, in 1991, and the Ph.D. degree from The tant Professor with the Computer Science Depart-
Hong Kong University of Science and Technology, ment, Frostburg State University, Frostburg, MD,
Hong Kong, in 1999. USA, from 2008 to 2011. She is currently an
He is currently an Associate Professor with the Associate Professor with the School of Com-
School of Electrical and Electronic Engineering, puter Science and Technology, Tianjin Univer-
Nanyang Technological University, Singapore. He sity, Tianjin, China. Her current research interests
has authored or co-authored about 200 interna- include computer networks, wireless communica-
tional academic publications, including overn 80 journal papers, over tions, distributed algorithms, and network security.
140 conference papers and/or book chapters, and three academic books. His
research interests are wireless networking and wireless network security.
Dr. Ma is a member of a few technical committees in the IEEE Communi-
cation Society. He has been a member of the technical program committees
for over 100 international conferences. He has been a General Chair, Tech-
nical Symposium Chair, Tutorial Chair, Publication Chair, Publicity Chair,
and Session Chair for over 50 international conferences. He serves as an
Editor-in-Chief/Associate Editor for six international journals.