A Handover Authentication Based On EAP

Recently, with the fast development of mobile communication technology, Wireless Local Area Network(WLAN) has achieved significant progress because of its adavantages, such as high transmission speed, low deployment cost and so on. However, the requirements by users for the support of movement of the network and diversification of services and so on, are nowdays much higher than ever before. Among all these challenges, how to guarantee the quality of service requirement by the services like VOIP during the movement of mobile nodes is one of the most important issues. So a secure and efficient scheme is required to accomplish the handover authentication. Based on the analysis of a handover authentication scheme based on bilinear pairings, we analyze the security defect. According to the defect analysis, we propose a more secure improvement method. Then we design a fast handover authentication scheme by using proxy signature scheme.Firstly, this paper introduces briefly the background and motivations of WLAN security mechanism, and then the basic theory of cryptography such as elliptic curve system, public key cryptography and digital signature. Also it introduces the current authentication mechanisms of WLAN such as IEEE 802.1X, 802.11 i and 802.11 r.This paper then introduces a handover authentication scheme based on bilinear pairings, and analyze the security holes. According to the security analysis, we propose an improvement method which considers security and efficiency as a whole. Also, we make a comparison analysis between the improvement method and the original method in security and efficiency. The proposed improvement method has high efficiency under security. However, the proposed improvement method is still based on bilinear pairings, and one bilinear operation is very time-consuming. Therefore, in order to improve the execution efficiency of the handover authentication protocol, we propose a handover authentication protocol based on proxy signature scheme, which has no bilinear pairings. In this protocol, proxy signature is used to provide mutual authentication between the mobile node and the access point. The original access point issues the proxy signature certificate to the mobile node, which transfers the certificate to the target access point. The target access point authenticates the mobile node by verifying the certificate. At the same time, the original access point encrypts the secret information under the shared key with the target access point, and sends the secret information to the mobile node, which transfers the secret information to the target access point. The target access point decodes the secret information, By using the decoded information, the target access point can prove its own identity to the mobile node which realizes the mutual authentication.Finally, the detailed security analysis of the proposed protocol shows that the protocol can achieve forward/back ward security, privacy protection, cancellation and replay attack. Also, the performance analysis shows that our scheme is relatively efficient in terms of computation.