Cross-Realm Authentication Based on Multiple Kerberi in WLAN (IEEE 802.1X)

• Main Authors: Yu-Hung Lai, 賴昱宏
• Other Authors: Shih-Hsiung Twu
• Format: Others
• Language: en_US
• Published: 2003
• Online Access: http://ndltd.ncl.edu.tw/handle/s369np

碩士 === 中原大學 === 電機工程研究所 === 91 === Abstract In this thesis, we propose four new authentication protocols for Single-Realm and Cross-Realm Authentications based on multiple Kerberi authentication technique. Single-Realm authentication is used when user is in the home area. Cross-Realm authentication with multiple Kerberi protocols achieves the goal that users roam anytime around worldwide. The roaming user can be authenticated in the visit area by his home authentication server (AS). Additionally, because of insecure feature of symmetric cryptosystems, we adopt public key cryptosystems to realize the proposed protocols. In the first and third proposed protocols, the actions for user authenticates with access point (AP) is reduced to speed up the authentication time. At first, AS receives the identity from the user and forwards the message to the home AS when the user is roaming subscriber. Then, the user sends ticket-granting ticket (TGT) to Ticket-Granting Server (TGS) to obtain for service-granting ticket. Finally, depending on service-granting ticket, user will access the network service he wants. The main purpose of the second and fourth proposed protocols is to enhance the security of authentication in WLAN. At first, a roaming user obtains the visit TGT form visit AS after a series of authentication steps. Then, the user exchanges service-granting ticket via visit TGT for AP and desirable server, and takes service-granting ticket of AP to authenticate AP. Finally, mutual authentication is achieved by way of the response which is encrypted with session key between the user and desirable server. The contributions of our research are as follows: (1) Four new protocols authentication applied to wireless local area network are given. (2) We combine traditional Kerberos protocol and public key cryptosystems to prevent effectively the replay attack and man-in-middle attack. (3) We can use our original registered information to access the network service worldwide by proposed Cross-Realm Authentication. It is believed that the results of our research in this thesis will be probably practical and efficient on the security of the wireless local area network.