- Open Access
A novel pre-authentication scheme based on fast channel switching in IEEE 802.11 WLANs
© Baek et al; licensee Springer. 2012
- Received: 27 June 2011
- Accepted: 9 February 2012
- Published: 9 February 2012
In the case of a 3G-WLAN interworking architecture, handoff latency is mainly caused by the delays incurred when a mobile station (STA) transfers a current security context to the target access network or establishes connectivity to a new access point (AP). Existing handoff optimization schemes have mostly focused on reducing the scanning time which is to discover nearby access points. Even though the time taken by a mobile STA to authenticate the target APs contributes to the total handoff delay, the schemes to optimize the authentication time have not yet been fully investigated for providing seamless connectivity to mobile users performing handoff in WLANs. As a solution, pre-authentication, a technique performing the authentication of target APs before the completion of the handoff procedure, has attracted considerable attention to reduce the overall delay related with a handoff, which is performed within inter-subnet and/or inter-administrative domain levels. Therefore, in this article, we propose a novel pre-authentication scheme to minimize the handoff delay in 3G-WLAN interworking architecture. The proposed scheme pre-authenticates a new AP directly through a switched channel in a short period of time. Our evaluation shows that the proposed scheme outperforms the existing authentication schemes defined in the IEEE 802.11 standards in terms of authentication delay, signaling cost, and mobility rate. The proposed mechanism offers an additional advantage in that it is easy to implement and deploy by simply modifying the device driver modules of clients' WLAN interfaces.
- Access Point
- Vertical Handoff
- Beacon Frame
- Channel Switching
- Extensible Authentication Protocol
Generally, an HO delay is composed of an access point (AP) scanning delay , authentication delay, and mobile IP registration delay in the case of an L3 HO . AP scanning delay occurs in process when mobile STA searches for and selects a new AP. Authentication delay occurs in the process including establishing the identity of the mobile STA and authorizing its access to the basic service set of the AP. Mobile IP registration delay includes two kinds of delays. First one occurs in the HA registration process. Second one occurs when mobile STA configures a new network care of address in the foreign network. One of the main factors responsible for the HO delay has been reported to be the delay due to the authentication process between the WLAN and the 3G HN [5, 7–9]. Existing HO optimization schemes primarily focus on reducing the delay caused when a mobile STA scans for nearby APs [10–14]. Even though the time taken by a mobile STA to authenticate the target AP (TAP) contributes to the total handoff delay, schemes to optimize the authentication time have not yet been fully investigated to mobile users performing handoff in WLANs. Therefore, we mainly focus on reducing the authentication delay using fast channel switching and a WLAN power saving mode (PSM) buffering function when the STA performs WLANs' HH in 3G-WLAN interworking. The advantages of the proposed scheme are summarized as follows: (a) the proposed scheme ensures a reduction in the authentication delay when a mobile STA moves from one AP to another; (b) it supports inter-extended service set (ESS) and inter-domain HOs without the need for modifying the currently deployed APs on the network side; (c) it prevents loss of data because it takes into account the buffering function of the APs; and (d) it overcomes the limitation of the radio coverage of the currently associated AP (CAP), which the existing authentication schemes suffer from when the moving STA perform authentication with the TAP.
The rest of the article is organized as follows. In Section 2, we provide the background of this study and describe previous related studies on pre-authentication in WLANs, using various protocols such as IEEE 802.11f, 802.11i, and 802.11r. Section 3 provides details of the proposed scheme, including the message flow and flow chart. In Section 4, we compare the performance of the proposed scheme with that of the conventional schemes and present the numerical results. We also analyze issues concerning the quality of service (QoS) and security. Finally, Section 5 presents the conclusions of this study.
The proposed pre-authentication scheme enables the STA to authenticate a pre-determined AP once it has decided to roam. This scheme can minimize the overall HO time, thus effectively mitigates the service disruption of delay-sensitive applications.
An STA trusts the WLAN AAA (WAAA) and the Home AAA (HAAA) with which the STA is associated.
Each WAAA must have a security association and roaming agreements with the HAAA in the 3G network.
An STA can obtain information regarding the TAP, including its current status information such as a Beacon interval (BI), channel rate, and frequency through active and passive scanning schemes (e.g., proactive scanning , SyncScan ) or any other 3rd party entity provided by IEEE 802.21 standard .
3.2 Channel switching period (CSP)
sending of a PS-Poll frame to the CAP with PM = 1 (buffering data),
switching of the channel to the TAP, and
sending of a PS-Poll frame to the TAP with PM = 0.
sending of a PS-Poll frame to the TAP with PM = 1,
switching of the channel back to the CAP, and
sending of a PS-Poll frame to the CAP with PM = 0 (forwarding data).
3.3 Three phases of pre-authentication
3.3.1 Pre-authentication initiation phase
Initially, the STA communicates with the CAP on the basis of the assumptions presented in Section 3.1. When an STA enters an HO region, it ascertains its location and mobility rate required for pre-authentication (described in Section 4.3. When the STA decides to begin pre-authentication, it requests and receives information regarding the TAP (i.e., service set identifier (SSID)) via the information server such as IEEE 802.21.
3.3.2 Pre-authentication execution phase
After the pre-authentication initiation phase, the STA initiates the pre-authentication execution phase by performing the CSP.begin operation with the CAP and TAP (operation 1 shown in Figure 4). In this phase, the STA transmits pre-authentication request message (same as the normal EAP request message) to the TAP, and the TAP then relays this message to the AAA to request for 802.1X/EAP authentication (operation 5). This message contains the STA authentication information that is required for standard 802.1X/EAP authentication . When the TAP receives an authentication request message from the STA, it begins EAP-AKA authentication on the basis of the messages received. Finally, the STA performs the CSP.end operation to switch back to the original channel and maintains the current session with the CAP. The average overall delay of the EAP-AKA authentication procedure was approximately 4.3 s in the 3G-WLAN downward HO (Table 1). Hence, until the authentication transactions are completed, the additional CSP manages the transactions, and subsequent messages are exchanged to complete the pre-authentication phase.
3.3.3 Completion and L2 HO phase
After the pre-authentication execution phase is successfully completed according to the standard authentication process, an EAP success message is transmitted to the AP along with authentication keying material such as pairwise master key (PMK). The AP buffers the received EAP success information so as to send it to the corresponding STA at the pre-defined LI during the next CSP. The STA periodically checks the TIM field for beacon frames coming from the TAP for receiving the result of authentication during each CSP (operation 7 in Figure 4). When the STA confirms that the TIM field in the beacon frame is set at a certain CSP, it immediately sends a PS-Poll frame to the TAP and receives all the frames it is expected to receive. Otherwise, the STA performs this operation (waiting and checking for beacon frame) periodically. After a specified number of iterations of the CSP, the STA can complete the transaction (operation 5). Thereafter, the STA detaches from the CAP while attaches to the TAP by using standard WLAN re-association procedures. That is, L2 HO is carried out from the CAP to the TAP. During this attachment process, the WLAN confirms that the STA is the pre-authenticated user from the previously received EAP success message. Therefore, the STA is able to communicate with the TAP via the WLAN Access Network (AN) immediately without any additional WLAN authentication process.
3.4 EAP-AKA example
The STA moves in a fixed path from domain A to domain B, as shown in Figure 6.
The user of the STA uses a real-time broadcasting service from an Internet website, continuously.
Parameters for Analysis 1
the number of EAP-AKA messages exchanged between an STA and HAAA
the number of EAP-AKA messages exchanged between an STA and WAAA
the number of authentication messages exchanged for inter-ESS HO
the number of authentication messages exchanged for intra-ESS HO
the number of CSP messages exchanged for inter-ESS HO
the average authentication size
Parameters for Analysis 2
Length of message
Average session connection time
Average WLAN cell resident time
Average number of movements in session, i.e., N m = ⌈T c /T r ⌉ - 1
Total number of CSP during HOs, i.e., n = ⌈T EAP /LI⌉
Bandwidth of wired link
Bandwidth of wireless link
Latency of wired link (propagation delay and L2 delay)
Latency of wireless link (propagation delay and L2 delay)
Routing table lookup and processing delay
The total length of EAP-AKA messages exchanged in wired link
The total length of EAP-AKA messages exchanged in wireless link
Average time need for CSP operations
Average time need for L2 HO
Average time need for 4-way handshake
Security context transferred from CAP to TAP
4.1 Total authentication delay
Equation (4) shows the basic 802.11 open system authentication (OSA) case without pre-authentication. The IEEE 802.11 takes a hard handoff break-before-make approach fundamentally, which means that an STA has to break its connection with its CAP before connecting to a TAP . That is, the connection is disrupted during every HO. Thus, the total authentication delay in this case is the largest. Equation (5) shows the case of the context transfer scheme such as the trial standard IEEE 802.11f IAPP withdrawn on 2006. In this protocol, break-before-make movements occur three times in inter-ESS HOs, and make-before-break movements occur four times in inter-subnet HOs. An STA should transfer the security context to the TAP via the CAP, beforehand. Equation (6) shows the standard 802.11i intra-ESS pre-authentication case referred to as RSNA. In this case, break-before-make movements occur three times in inter-ESS HOs, and make-before-break movements that perform pre-authentication using PMKSA via the CAP indirectly occur four times in intra-ESS HOs. Equation (7) mathematically describes the case of the proposed scheme, which performs pre-authentication with the TAP directly beyond the border of the ESS. In this case, only the CSP operation time is needed, and not the EAP processing time.
2 ~ 40 s
4.2 Authentication signaling cost
4.3 Mobility rate
In this section, we analyze the difference between direct and indirect pre-authentication in terms of the mobility rate (velocity). In scenarios where the STA moves at high speeds, the STA performs HOs frequently; it should be noted that the time between two HOs must be sufficiently long to allow the completion of pre-authentication. The duration between two successive HOs/hl depends on the size of the wireless cell and the speed of the moving STA. In the case of indirect pre-authentication, the STA cannot go beyond the radio coverage of CAPs to pre-authenticate the TAP. Contrarily, in the case of direct pre-authentication, the STA can go beyond the coverage area of the CAPs to perform pre-authentication. Because the valid radio coverage for pre-authentication is extended to the coverage area of TAPs, the STA could speed up higher than the STA based on the indirect pre-authentication relatively. The amount of time available for pre-authentication depends on both the degree of overlap between the coverage areas and the velocity of the STA. Here, we will analyze the impact of the radio coverage, time for pre-authentication, and the velocity of STAs.
4.4 Summary of performance analysis results
In this section, we summarize all the evaluation results based on the WLANs HH scenario shown in Figure 6 and provide a single metric to allow clear understanding of performance improvement.
Summary of performance analysis results
Mean delay time (ms)
Mean signaling cost (Kbyte)
Maximum speed of STA
Therefore, the proposed pre-authentication scheme can minimize the authentication delay that occurs during intra-and inter-ESS HOs in 3G-WLAN interworking environments. It was also proved that the proposed pre-authentication scheme is more efficient than the existing authentication protocols in terms of the signaling cost.
4.5 Issues for consideration in the proposed pre-authentication scheme
4.5.1 Relationship between the QoS and the CSP duration
where STACSP is the CSP of the STA, and HOdistance is the distance from the current point to the maximum coverage point of the TAPs. The STAspeed is the velocity of the STA. Equation (13) shows that STACSP is inversely proportional to STAspeed and directly proportional to HOdistance.
4.5.2 Security consideration
In this section, we cover specific threats introduced by the proposed pre-authentication scheme. Since our pre-authentication scheme involves the switching of channels between APs, we note the following security threats. First, a resource consumption denial-of-service attack is possible, where an attacker may send abnormal pre-authentication request messages to the candidate APs. As a result, the APs may spend computational and bandwidth resources on processing the pre-authentication messages sent by the attacker. To mitigate this attack, the candidate network or the authenticator (AP) may apply packet filtering so that only pre-authentication messages received from a specific set of serving networks or authenticators are processed.
Second, some consideration of the channel binding problem described in [27, 28] is needed, as a lack of channel binding may enable an AP to impersonate another AP or communicate incorrect information via out-of-band mechanisms (such as via AAA or lower-layer protocols) . Channel binding is a secure mechanism for ensuring that a subset of the parameters transmitted by the AP is agreed upon by the EAP peer and the server. It should be noted that it is easier to launch such an impersonation attack when using pre-authentication than when using normal authentication, as an attacker does not need to be on the same physical link as the legitimate peer to send a pre-authentication trigger to the peer. Meanwhile our proposed pre-authentication scheme does not provide any key management and context transfer schemes among an STA, APs, and AAA servers. The proposed scheme is carried out in the link layer of STAs. It means L2 security protocol such as 802.11i RSNA can protect the CSP messages which used in our scheme. Therefore our proposed scheme has an equivalent level of security to the security method used in EAP.
We proposed a novel pre-authentication scheme based on fast channel switching that performs direct pre-authentication with the next AP, in advance. This scheme minimized the authentication delay time during HOs, as was clearly shown in Section 4. Moreover, as shown in our evaluation and analysis, the signaling cost has been considerably reduced. In addition, the proposed scheme is efficient in inter-ESS and inter-domain HOs. Further, it can be easily implemented in WLANs by simply modifying the device driver of the STAs. In other words, if there is any change in the authentication and encryption methods, our pre-authentication scheme will still work correctly because it does not involve any modification and encryption methods. Finally, our scheme takes into account the effects caused by direct pre-authentication with TAP and can efficiently support high mobility, which is a property that has not been considered in existing standard protocols. Therefore, we can conclude that our proposed scheme is a novel pre-authentication scheme for IEEE 802.11 WLANs that support a 3G-WLAN interworking architecture.
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (2009-0076476).
- Choi H, Song O, Cho D: A seamless handoff scheme for UMTS-WLAN interworking. IEEE Globecom 2004 2004, 3: 1559-1564.View ArticleGoogle Scholar
- Choi H, Song O, Cho D: Seamless handoff Scheme based on pre-registration and pre-authentication for UMTS-WLAN interworking. Wirel. Personal Commun 2007, 41(3):345-364. 10.1007/s11277-006-9146-2View ArticleGoogle Scholar
- Ahmavaara K, Haverinen H, Pichna R: Interworking architecture between 3GPP and WLAN systems. IEEE Commun. Mag 2003, 41(11):74-81. 10.1109/MCOM.2003.1244926View ArticleGoogle Scholar
- 3GPP: 3GPP TS 23.234 (v10.0.0), 3GPP system to wireless local area network (WLAN) interworking; system description 2011, V10.0.0.Google Scholar
- Shidhani AAl, Leung VCM: Pre-authentication schemes for UMTS-WLAN interworking. EURASIP J. Wirel. Commun. Netw 2009. doi:10.1155/2009/806563Google Scholar
- Mishra A, Shin M, Arbaugh W: An empirical analysis of the IEEE 802.11 MAC layer handoff process. ACM SIGCOMM Comput Commun Rev 2003, 33(2):93-102. 10.1145/956981.956990View ArticleGoogle Scholar
- Ohba Y, Wu Q, Zorn G: Extensible authentication protocol (EAP) early authentication problem statement. RFC 5836 (Informational) . Internet Engineering Task Force 2010. [http://www.ietf.org/rfc/rfc5836.txt]Google Scholar
- Dutta A, Famolari D, Das S, Ohba Y, Fajardo V, Taniuchi K, Lopez R, Schulzrinne H: Media-independent pre-authentication supporting secure interdomain handoff optimization. IEEE Wirel. Commun 2008, 15(2):55-64.View ArticleGoogle Scholar
- Kwon H, Cheon K, Roh K, Park A: USIM based authentication test-bed for UMTS-WLAN handoff. In Proceedings of IEEE Infocom. Citeseer, Barcelona, Spain; 2006.Google Scholar
- Wu H, Tan K, Zhang Y, Zhang Q: Proactive scan: Fast handoff with smart triggers for 802.11 wireless LAN. In IEEE INFOCOM, IEEE Communications Society. Volume 7. Anchorage, Alaska; 2007:749-757.Google Scholar
- Murray D, Dixon M, Koziniec T: Scanning delays in 802.11 networks. In Proceedings of The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies. IEEE Computer Society, Wales, UK; 2007:255-260.Google Scholar
- Ramani I, Savage S: SyncScan: practical fast handoff for 802.11 infrastructure networks. IEEE INFOCOM, Citeseer 2005, 1: 675.Google Scholar
- Park S, Kim H, Park C, Kim J, Ko S: Selective channel scanning for fast handoff in wireless LAN using neighbor graph. Personal Wireless Communications, Springer 2004, 629-629.Google Scholar
- Seo S, Song J, Wu H, Zhang Y: Throughput-based MAC layer handoff in WLAN. In Proceedings of the 28th IEEE international conference on Computer Communications Workshops. IEEE Press; 2009:409-410.Google Scholar
- Baek J, Seo S, Song J: Multiple preauthentication schemes based on fast channel switching in public wireless LANs. In International Conference on Innovations in Information Technology. Al Ain, UAE; 2009:16-20.Google Scholar
- Kim H, Cho D: An Efficient power-saving protocol for internet traffic in wireless LANs. In IEEE VTS Vehicular Technology Conference, IEEE Vehicular Technology Society. Volume 62. Dallas, Texas, USA; 2005:784-788.Google Scholar
- IEEE trial-use recommended practice for multi-vendor access point interoperability via an inter-access point protocol across distribution systems supporting IEEE 802.11 operation IEEE Standard for local and metropolitan area networks 2003.Google Scholar
- Bargh M, Hulsebosch R, Eertink E, Prasad A, Wang H, Schoo P: Fast authentication methods for handovers between IEEE 802.11 wireless LANs. Proceedings of the 2nd ACM international workshop on Wireless mobile applications and services on WLAN hotspots, ACM 2004, 51-60.Google Scholar
- IEEE standard for information technology telecommunications and information exchange between systems local and metropolitan area networks specific requirements part 11: wireless LAN medium access control (MAC) and physical layer (PHY) specifications IEEE Std 802.11-2007 Revision of IEEE Std 802.11-1999 2007, 192-249.Google Scholar
- IEEE Std 802.11r-2008 (Amendment to IEEE Std 802.11-2007 as amended by IEEE Std 802.11k-2008) 2008, c1-108.Google Scholar
- Medium access control (MAC) and physical layer (PHY) specifications, IEEE standard 802.11-2007 IEEE Computer Society LAN MAN Standards Committee, Ed 2007.Google Scholar
- Naamany AAl, Shidhani AAl, Bourdoucen H: IEEE 802.11 wireless LAN security overview. IJCSNS6(5B) 2006, 138.Google Scholar
- Forsberg D, Ohba Y, Patil B, Tschofenig H, Yegin A: RFC 5191 protocol for carrying authentication for network access (PANA). Network Working Group 2008.Google Scholar
- 3GPP: 3GPP TS 33.234 (v11.0.0), 3G security; WLAN interworking security: System description. 2011.Google Scholar
- Chen J, Tseng Y, Lee H: A seamless handoff mechanism for IEEE 802.11 WLANs supporting IEEE 802.11 i security enhancements. IEEE Asia-Pacific Wireless Communications Symposium 2006.Google Scholar
- Lo S, Lee G, Chen W, Liu J: Architecture for mobility and QoS support in all-IP wireless networks. IEEE J. Sel. Areas Commun 2004, 22(4):691-705. 10.1109/JSAC.2004.825964View ArticleGoogle Scholar
- Aboba B, Simon D, Eronen P: RFC 5247-Extensible authentication protocol (EAP) key management framework. Network Working Group 2008.Google Scholar
- Williams N: RFC 5056-On the use of channel bindings to secure channels. Network Working Group 2007.Google Scholar
- Aboba B, Blunk L, Vollbrecht J, Carlson J, Levkowetz H: RFC 3748-Extensible authentication protocol (EAP). Network Working Group 2004.Google Scholar
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.