|
|
- 2016
基于Diffie-Hellman的无线Mesh网络快速认证机制
|
Abstract:
摘要: 为了保证无线Mesh网络中移动客户端能够安全快速通过认证,提出了基于Diffie-Hellman算法的快速接入认证和切换认证两种方案。在接入认证方案中,Mesh客户端通过预分发的标签经4次握手完成首次接入认证后,计算用于切换认证的共享密钥,并将密钥预分发给切换的目标接入点。客户端在后续的移动过程中,利用共享密钥经3次握手完成双向认证,认证过程无需认证服务器的参与。对上述两种方案的安全性和性能代价进行了分析,结果表明新提出的两种认证方案的通讯代价和计算代价更小,具有认证时延短、认证效率高的优点,且在网络合法用户可信的前提下是安全的。
Abstract: In order to ensure the celerity and security in mobile client switching process of wireless Mesh networks, the fast login authentication and fast handover authentication scheme based on Diffie-Hellman algorithms were proposed. In login authentication process, the Mesh client is authenticated successfully with 4 rounds of message exchange by predistribution of tickets, followed by calculating their shared handover key and delivering it to any of its neighbor. With the shared key, the handover authentication process takes a 3-message handshake to accomplish mutual authentication when clients move to a new router. During the process, the authentication server does not need to be involved. The analysis of the scheme security show that the proposed schemes have less communication and computation overhead, lower authentication latency and higher authentication efficiency. And it is secure if the user is considered trustworthy
| [1] | HE D, CHEN C, CHAN S, et al. Secure and efficient handover authentication based on bilinear pairing functions[J]. IEEE Transactions on Wireless Communications, 2012, 11(1):48-53. |
| [2] | MISHRA A, SHIN M, CLANCY T, et al. Proactive key distribution using neighbor graphs[J]. IEEE Wireless Communications, 2003, 11(1):26-36 |
| [3] | 彭清泉, 裴庆祺, 庞辽军, 等. 一种WLAN Mesh网络快速切换认证方法[J]. 江苏大学学报, 2010, 31(4):458-463. PENG Qingquan, PEI Qingqi, PANG Liaojun, et al. Fast handover authentication method for Mesh WLAN network[J]. Journal of Jiangsu University, 2010, 31(4):458-463. |
| [4] | JIANG Y, LIN C, SHEN X, et al. Mutual authentication and key exchange protocols for roaming services in wireless mobile networks[J]. IEEE Transactions on Wireless Communications, 2006, 5(9):2569-2577. |
| [5] | BRUNNO R, CONTI M, GREGORI E.Mesh networks: commodity multihop ad hoc networks[J]. IEEE communications Magazine, 2005, 43(3):123-131. |
| [6] | WHITEHEAD P. Mesh networks: a new architecture for broadband wireless access systems[J]. IEEE Conference on Radio and Wireless(RAWCON), 2000:43-46. |
| [7] | BARR K, ASANOVI K. Energy aware lossless data compression[J]. ACM Transactions on Computer Systems(TOCS), 2006, 24(3):231-244. |
| [8] | KASSAB M, BONNIN J M, GUILLOUARD K. Securing fast handover in WLANs: a ticket based proactive authentication scheme[C] // Proceedings of IEEE Globecom Workshops. New York: IEEE, 2007:1-6. |
| [9] | HSIANG H C, SHIH W K. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment[J]. Computer Standards and Interfaces, 2009, 31(6):1118-1123. |
| [10] | HE D J, MA M D, ZHANG Y, et al. A strong user authentication scheme with smart cards for wireless communications[J]. Computer Communications, 2011, 34(3): 367-374. |
| [11] | XU L, HE Y, CHEN X F, et al. Ticket-based handoff authentication for wireless mesh networks[J]. Computer Networks, 2014, 73(C): 185-194. |
| [12] | LI C, NGUYEN U T, NGUYEN H L, et al. Efficient authentication for fast handover in wireless Mesh networks[J]. Computers and Security, 2013, 37(3):124-142. |
| [13] | RIVEST R, SHAMIR A, ADLEMAN L. A method for obtaining digital signatures and public key cryptosystems[J]. Communication of the ACM, 1983, 26(2):96-99. |
| [14] | ECDSA. FIPS186-3 Digital signature standard(DSS)[S]. Gaithersburg: National Institute of Standards and Technology, 2001. |
| [15] | MANUEL S. Classification and generation of disturbance vectors for collision attacks against SHA-1[J]. Designs Codes and Cryptography, 2011, 59(1-3):247-263. |
| [16] | LI G S, MA J F, JIANG Q, et al. A novel re-authentication scheme based on tickets in wireless local area networks[J]. Journal of Parallel and Distributed Computing, 2011, 71(7): 906-914. |
| [17] | PARK C, HUR J, KIM C, et al. Pre-authentication for fast handoff in wireless mesh networks with mobile APs[J]. Lecture Notes in Computer Science, 2006, 4298:349-363. |
| [18] | CHANG C C, LEE C Y, CHIU Y C. Enhanced authentication scheme with anonymity for roaming service in global mobility networks[J]. Computer Communications, 2009, 32(4):611-618. |
| [19] | LIAO Y P, WANG S S. A secure dynamic ID based remote user authentication scheme for multi-server environment[J]. Computer Standards and Interfaces, 2009, 31(1):24-29. |
| [20] | FU A M, ZHANG Y Q, ZHU Z C, et al. A fast handover authentication mechanism based on ticket for IEEE 802.16m[J]. IEEE Communications Letters, 2010, 14(12): 1134-1136. |
