Password-based authentication in wireless LAN

Abstract

Authentication in wireless LAN can prevent unauthorized parties from gaining access to the network. Preliminary authentication mechanism specified in IEEE 802.11 standard was compromised as the consequence of WEP vulnerabilities. Thus, the wireless LAN enhanced security task group and IETF have introduced the IEEE 802.1X port based network access control and Extensible Authentication Protocol (EAP) to secure wireless LAN authentication session. Re-authentication is another critical issue when a supplicant roams to the neighbouring access point. To retain secure communication session and especially in real time applications, the handoff process must be done within the specified time defined by ITU [50]. The objective of the research is two fields; to propose a password-based public key authentication method and to refine the roaming key management in Inter Access Point Protocol (IAPP) with proactive caching approach for fast and secure handoff process. The proposed authentication method fulfills the mandatory requirements of EAP method for wireless LAN [29]. The authentication methods are compared from the aspects of performance, security and usability. Compared to pre-authentication and proactive key distribution method, the refinement on hand off method provides comparable performance and security with lower computational cost. An experimental test bed was setup to compare the efficiency of the proposed authentication method. The result shows that the proposed authentication execution can be completed at 295ms compared to existing methods like TLS which needs over 1000ms. For hand off process, the result still could not meet the time constraint due to the research scope is only covered roaming key management. Besides, password-based authentication method is inherently ease to deploy, manage and is user friendly.