Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Design of Accounting and Security Sessions for IEEE 802.11 Network

무선랜 정보보호를 위한 accounting 및 보안 세션의 설계

  • 양대헌 (인하대학교 정보통신대학원 정보보호연구실) ;
  • 오경희 (한국전자통신연구원 무선인터넷보안연구팀) ;
  • 강유성 (한국전자통신연구원 무선인터넷보안연구팀) ;
  • 함영환 (한국전자통신연구원 무선인터넷보안연구팀) ;
  • 정병호 (한국전자통신연구원 무선인터넷보안연구팀)
  • Published : 2003.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

무선랜은 매체의 특성상 유선보다 메시지의 도청 및 변조가 쉬우므로, 안전한 무선랜의 사용을 위해 IEEE 802.11i, IEEE 802.1x/1aa 등의 표준이 마련되었다. 이들 프로토콜은 RADIUS, EAP-TLS 등과 함께 무선채널의 메시지 인증 및 기밀성을 보장하며 사용자 인증 및 접근제어를 담당한다. 이 논문에서는 무선랜의 상용서비스를 위한 accounting 세션을 IEEE 802.1x의 인증 세션을 이용해 구현하는 방법을 제안하고, 이를 이용해 accounting을 수행하는 state machine을 설계한다. 또한, 무선랜에서 AP와 스테이션간의 무선 보안 채널을 생성하기 위한 키교환 메커니즘을 제시한다. 이 키 교환 메커니즘은 IEEE 802.1aa와 연동이 되도록 설계하였다.

Keywords

References

  1. IEEE Std 802.11i/D5.0 Draft Amemdment to STANDARD FOR Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless Medium Access Control(MAC) and physical layer(PHY) specifications: Specification for Enhanced Security
  2. P802.1X/D11 Standards for Local and Metropolitan Area Networks: Standard for Port based Network Access Control
  3. IEEE Draft P802.1aa/D5 Draft IEEE Standard for Local and Metropolitan Area Networks-Port Based Network Access Control-Amendment 1: Tchnical and Editorial Corrections
  4. IEEE P802.11F/D5 Draft Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation
  5. RFC 2284 PPP Extensible Authentication Protocol(EAP) L.Blunk;J.Vollbrecht
  6. RFC 2716 PPP EAP TLS Authentication Protocol B.Aboba;D.Simon
  7. RFC 2138 Remote Authentication Dial In User Service (RADIUS) C.Rigney;A.Rubens;W.Simpson;S.Willens
  8. DIAMETER Base Protocol (Internet Draft) Pat R.Calhloun;John Loughney;Eric Guttman;Gien Zorn;Jari Arkko
  9. EAP Tunneled TLS Authentication Protocol(EAP-TTLS)(Internet Draft) Paul Funk;Simon BlakeWilson
  10. Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements Part 11: Wireless Medium Access Control(MAC) and physical layer(PHY) specifications
  11. Microsoft's PEAP (version 0) (Internet Draft) Vivek Kamath
  12. RFC 3078 Microsoft's Point-to-Point Encryption G.Pall;G.Zorn