An Improved Password Authentication Key Exchange Protocol for 802.11 Environment
In this paper, we propose a password authentication key exchange protocol for WLANs (Wireless LANs). We call the proposed protocol as the improved EAP-SPEKE (Extensible Authentication Protocol-Simple Password Encrypted Key Exchange). The improved EAP- SPEKE protocol supports mutual authentication and key derivation. The proposed protocol does not require any modification to the IEEE 802.1X and EAP. Before the protocol begins, the server and client compute one modulo exponentiation. Once the protocol begins, the server and client need to compute another exponentiation for mutual authentication. On the contrary, the EAP-SRP needs to compute two modulo exponentiation during the protocol. The client and server authenticate each other with three message exchanges. Therefore, the number of exchanged message decreases by one compared with the EAP-SRP. Besides, the improved EAP-SPEKE protocol works on the the ECC (Elliptic Curve Cryptosystems) base as well as the DH (Diffie-Hellman) base.
KeywordsHash Function Mutual Authentication Extensible Authentication Protocol Client Device Access Control List
Unable to display preview. Download preview PDF.
- 1.Whitepaper: Security for Next Generation Wireless LANs, http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/a350w-ov.htm
- 2.IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Std 802.1x-2001 (2001)Google Scholar
- 4.S. M. Bellovin and M. Merrit: Encrypted key exchange: Password-based protocols secure against dictionary attacks, In Proceedings of the IEEE Symposium on Research in security and Privacy (1992)Google Scholar
- 5.J. Vollbrecht: White Paper:Wireless LAN Access Control and Authentication, Interlink Networks, IncGoogle Scholar
- 6.IEEE Wireless Standards http://standards.ieee.org/wireless/
- 9.T. Wu: The SRP Authentication and Key Exchange System, RFC 2945 (2000)Google Scholar
- 10.D. P. Jablon: Strong Password-only Authenticated Key Exchange, ACM SIGCOMM Computer Communications Review (1996)Google Scholar
- 11.T. Wu: The Secure Remote Password Protocol, In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security, San Diego, CA,(1998)97–111Google Scholar
- 12.D. Taylor: Using SRP for TLS Authentication, IETF draft-ietf-tls-srp-01.txt (work in progress)(2001)Google Scholar
- 13.D. Jablon: The SPEKE Password-Based Key Agreement Methods,IETF draft-jablon-speke-00.txt(2002)Google Scholar