DESIGN OF A PASSWORD-BASED AUTHENTICATION METHOD FOR WIRELESS NETWORKS
Andrea Manganaro, Mingyur Koblensky, Michele Loreti
2007
Abstract
In recent years, amendments to IEEE standards for wireless networks added support for authentication algorithms based on the Extensible Authentication Protocol (EAP). Available solutions generally use digital certificates or pre-shared keys but the management of the resulting implementations is complex or unlikely to be scalable. In this paper we present EAP-SRP-256, an authentication method proposal that relies on the SRP-6 protocol and provides a strong password-based authentication mechanism. It is intended to meet the IETF security and key management requirements for wireless networks.
References
- Aboba, B., Blunk, L., Vollbrecht, J., and Carlson, J. (2004). Extensible authentication protocol (EAP). RFC 3748. (Obsoletes RFC 2284).
- Aboba, B. and Simon, D. (1999). PPP EAP TLS authentication protocol. RFC 2716.
- Bellare, M., Pointcheval, D., and Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. Lecture Notes in Computer Science, 1807:139.
- Bellare, M. and Rogaway, P. (2000). The AuthA protocol for password-based authenticated key exchange. Technical report. Contribution to the IEEE P1363 study group for Future PKC Standards.
- Bernard Aboba, e. a. (2006). Extensible authentication protocol (EAP) key management framework. IETF Internet draft (Work in Progress).
- Bersani, F. and Tschofenig, H. (2007). The EAP-PSK protocol: A pre-shared key extensible authentication protocol (EAP) method. RFC 4764.
- Daemen, J. and Rijmen, V. (2002). The Design of Rijndael. Springer-Verlag New York, Inc., Secaucus, NJ, USA. ISBN 3540425802.
- Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654.
- Dobbertin, H., Knudsen, L. R., and Robshaw, M. J. B. (2004). The cryptanalysis of the AES - a brief survey. In AES Conference, pages 1-10.
- Dolev, D. and Yao, A. C. (1981). On the security of public key protocols. Technical report, Stanford, CA, USA.
- Dworkin, M. (2001). Recommendation for block cipher modes of operation - methods and techniques. NIST Special Publication 800-38A, National Institute of Standards and Technology.
- Eastlake, D., Schiller, J. I., and Crocker, S. (2005). Randomness requirements for security. RFC 4086.
- Ferguson, N. and Schneier, B. (2003). Practical Cryptography. Wiley Publishing Inc. ISBN 0-471-22894-X.
- Funk, P. (2005). EAP tunneled TLS authentication protocol version 0 (EAP-TTLSv0). IETF Internet draft (Work in Progress).
- Gilbert, H. (2003). The security of one-block-to-many modes of operation. Springer-Verlag LNCS , FSE 03(2287):376-395. ISBN 3-540-20449-0.
- Heintze, N. and Tygar, J. D. (1996). A model for secure protocols and their compositions. Software Engineering, 22(1):16-30.
- Hoffman, P. and Schneier, B. (2005). Attacks on cryptographic hashes in internet protocols. RFC 4270.
- Keller, S. S. (2005). NIST-Recommended random number generator based on ANSI X9.31 Appendix A.2.4 using the 3-key triple DES and AES algorithms. NIST Information Technology Laboratory - Computer Security Division, National Institute of Standards and Technology.
- Koblensky, M. (2006). Implementazione del protocollo di autenticazione EAP-SRP-256. Master Thesis at the Dipartimento di Sistemi e Informatica, Universita' di Firenze, Italy.
- Krawczyk, H., Bellare, M., and Canetti, R. (1997). HMAC: Keyed-hashing for message authentication. RFC 2104.
- Luby, M. and Rackoff, C. (1988). How to construct pseudorandom permutations from random functions. SIAM J. Computing, Vol. 17 No. 2.
- Manganaro, A. (2005). Studio di un metodo di autenticazione per le reti wireless basato sul protocollo SRP6. Master Thesis at the Dipartimento di Sistemi e Informatica, Universita' di Firenze, Italy.
- Millen, J. and Shmatikov, V. (2003). Symbolic protocol analysis with products and diffie-hellman exponentiation. In Proceedings of the 16th IEEE Computer Security Foundations Workshop., Asilomar, USA.
- Palekar, A., Simon, D., Salowey, J., Zhou, H., Zorn, G., and Josefsson, S. (2004). Protected EAP protocol (PEAP) version 2. IETF Internet draft (Work in Progress).
- Skoudis, E. (2002). Counter Hack - A step-by-step Guide to Computer Attacks and Effective Defenses. Prentice Hall PTR. ISBN 0-13-033273-9.
- Stanley, e. a. (2005). EAP method requirements for WLAN. RFC 4017.
- Taylor, D., Wu, T., Mavrogiannopoulos, N., and Perrin, T. (2006). Using SRP for TLS authentication. IETF Internet draft (Work in Progress).
- Wagner, D. and Schneier, B. (1996). Analysis of the SSL 3.0 protocol. In Proceedings of the Second USENIX Workshop on Electronic Commerce, Oakland, California.
- Wu, T. (1997). The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97- 111, San Diego, CA.
- Wu, T. (October 2002). SRP-6: Improvements and refinements to the secure remore password protocol. Submission to the IEEE P1363 Working Group.
- Zhao, Z., Dong, Z., and Wang, Y. (2006). Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theor. Comput. Sci., 352(1):280-287.
Paper Citation
in Harvard Style
Manganaro A., Koblensky M. and Loreti M. (2007). DESIGN OF A PASSWORD-BASED AUTHENTICATION METHOD FOR WIRELESS NETWORKS . In Proceedings of the Second International Conference on Wireless Information Networks and Systems - Volume 1: WINSYS, (ICETE 2007) ISBN 978-989-8111-14-2, pages 9-16. DOI: 10.5220/0002147200090016
in Bibtex Style
@conference{winsys07,
author={Andrea Manganaro and Mingyur Koblensky and Michele Loreti},
title={DESIGN OF A PASSWORD-BASED AUTHENTICATION METHOD FOR WIRELESS NETWORKS},
booktitle={Proceedings of the Second International Conference on Wireless Information Networks and Systems - Volume 1: WINSYS, (ICETE 2007)},
year={2007},
pages={9-16},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002147200090016},
isbn={978-989-8111-14-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the Second International Conference on Wireless Information Networks and Systems - Volume 1: WINSYS, (ICETE 2007)
TI - DESIGN OF A PASSWORD-BASED AUTHENTICATION METHOD FOR WIRELESS NETWORKS
SN - 978-989-8111-14-2
AU - Manganaro A.
AU - Koblensky M.
AU - Loreti M.
PY - 2007
SP - 9
EP - 16
DO - 10.5220/0002147200090016