Roaming Authentication and End-to-End Authentication in Wireless Security

Abstract

With the rapid development of wireless networks, researchers, practitioners, and end users are paying closer attention to the security issues in mobile computing. Authentication is the imperative step to establish security for wireless networking applications. In this dissertation, we propose a comprehensive solution for the authentication issue in wireless networks by tackling the two subproblems: roaming authentication for network access, and end-to-end authentication for applications.

For roaming authentication, existing protocols are inadequate for the vastly increasing scale of networks and users. We present two authentication methods that demonstrate better performance in terms of authentication latency and energy consumption of a mobile terminal, compared to the 3G cellular roaming authentication protocol. The proposed method I, referred to as the minimum home-network-intervention authentication, employs the idea that a mobile terminal and its home network use different cryptographic random number seeds to generate random nonces for authentication. The proposed method II, called localized authentication, explore a new concept of localizing roaming authentication without the intervention of the home network of a mobile terminal. The feature of both methods is that they significantly reduce the number of message transmissions between home and visited networks for roaming authentication. Analytical models and measurement results are provided to indicate the performance superiority of the proposed methods.

For end-to-end authentication, existing methods, based on the traditional adversary model, are not sufficient to defend against attackers with break-in capabilities. Furthermore, the scarcity of energy supply for wireless devices usually conflicts with expensive cryptographic computation. We present a novel authentication protocol that combines the hash chain technique with the symmetric message authentication code (MAC). Firstly, the protocol can defend against the strong adversaries who compromise a protocol participant to obtain the authentication secrets. Secondly, we propose the technique of complementary MACs to enable the intrusion detection of a strong adversary. Thirdly, we introduce the technique of piggyback hash-chain-value-update to increase the number of allowable authentication sessions after the system setup. Finally, we present the technique of optimum hash-chain-iteration-tuning to optimize power consumption of a wireless device. Both analytical and implementation results indicate that the new protocol is among the most efficient ones in terms of authentication latency and energy consumption of a mobile device.