• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.45-55
• /
• 2003

Wireless LAM has the advantage of extension, flexibility and easiness of installation and maintenance. However, due to the characteristics of wireless media, it is vulnerable to security attacks. PKI(Public Key Infrastructure) is estimated to be a good solution offering security function to wireless LAM including global roaming. It offers high security functions as authentication confidentiality and digital signature while it generates big overheads such as CRL search and certificate verification. The overheads can not be avoided during the initial authentication. However, when we consider the case of handoff, it can be minimized through the fast handoff. In this paper, we design a fast handoff authentication mechanism based on PKI in the wireless LAM and analyze the performance of the scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.85-96
• /
• 2003

Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.81-82
• /
• 2012

Wireless Mesh Network (WMN) functionality had been included into IEEE 802.11s. For WMN, the routing message is one of the most important parts that need to be protected. Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for WMN. In this paper, the attacks and vulnerabilities of HWMP had been identified and the requirements needed to protect HWMP had also been discussed. Existing HWMP security had been compared with the requirements.

• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.327-338
• /
• 2005

Since the IEEE 802.11 wireless LANs were known to have several critical weaknesses in the aspect of security, a lot of works have been done to reduce such weaknesses of the wireless LAN security, Among them IEEE 802.lli may be the ultimate long-term solution that requires new security platform with new wireless LAM products. However, it might not be the best solution for small organizations due to its high cost where the cost is a critical issue. This paper proposes FR-WEP, a light-weight key management for wireless LANs that can be used with small changes of the existing Products. FR-WEP is an extension to a lightweight key management, WEP'(9), which was proposed lately. It makes up for the weak points of WEP' by providing lightweight mutual authentication with both host keys and user keys, and seamless key-refresh for authenticated users with fast re-authentication. It would be a good alternative to the heavy standards for wireless LAN security, especially to small organizations hoping for better security.

• International Journal of Contents
• /
• v.1 no.1
• /
• pp.29-34
• /
• 2005

In this paper, we proposed an advanced authentication structure for reducing the certificate acquisition time which is one of the factors that should be improved in a conventional wireless PKI. A conventional key exchange method simply performs the key exchange setup step based on discrete algebraic subjects. But the mutual-authentication procedure of wireless PKI for reducing authentication time uses an elliptical curve for a key exchange setup step. We simulated and compared the authentication structure proposed by Sufatrio, K. Lam[4] and proposed authentication structure in terms of the authentication time. Simulation results show that the proposed method reduces the authentication time compared to the conventional wireless PKI authentication method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.107-112
• /
• 2003

Handover in IEEE 802.11 requires repeated authentication and key exchange procedures, which are an obstacle to seamless services of wireless LAM. We propose a fast authentication and key exchange mechanism using IEEE 802.11f. Especially, by proposing a modified version of the 4-way handshake of IEEE 802.11i, we solve the perfect forward secrecy problem that arises when the pre-authentication is adopted. The scheme can be implemented only using the Context Block of IEEE 802.11f and the 4-way handshake of IEEE 802.11i without involving authentications server's interaction or non-standard behavior between access points. Our scheme is applicable to devices not supporting the us-authentication of IEEE 802.11i and also, it can substitute the pre-authentication when the pre-authentication is failed.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.89-92
• /
• 2012

Wireless Mesh Network expanded the capability of the conventional wireless networking by allowing the nodes to operate in proactive mode, reactive mode or the combination of both, the hybrid mode in the multi-hopping nature. By doing so, the links between the nodes become much more robust and reliable because of the number of paths to reach a destination node from a source node can be more than 1 and do not need to rely on the access point (AP) alone to relay the messages. As there may be many possible ways to form an end-to-end link between 2 nodes, the routing security becomes another main concern of the 802.11s protocol. Besides its reliance on the 802.11i for the security measures, 802.11s also includes some new features such as the Mesh Temporal Key (MTK) and the Simultaneous Authentication of Equals (SAE). The authentication and key management (AKM) process of 802.11s were observed in this paper.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8B
• /
• pp.755-761
• /
• 2004

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAM access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802. 1x standards and related protocols likeEAPoL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG.(Intelligent Wireless Internet Gateway).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.11
• /
• pp.1996-2001
• /
• 2006

Open System Authentication Method, Shared Key Method, Mac Based Authentication Method are very hard to use in wireless network that needs security. So now, many researches have been performed about 802.1x and user authentication method applying PKI. but certificate verification protocol has been used abolished list called CRL since it's first usage of PKI, there were still has a problem about distribution point. This paper applied CVS to use CA direct not to use CRL and OSCP server in order to improve this problems. Also It suggested the system that can make authentication steps more shorter using authentication server and Mutual authentication system by public certificate(small size/low speed wireless terminal can access to wireless network fast and safely)

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.4
• /
• pp.798-803
• /
• 2005

This paper describes a design of AES(Advanced Encryption Standard)-based CCMP core for IEEE 802.1li wireless LAN security. To maximize its performance, two AES cores ate used, one is for counter mode for data confidentiality and the other is for CBC(Cipher Block Chaining) mode for authentication and data integrity. The S-box that requires the largest hardware in AES core is implemented using composite field arithmetic, and the gate count is reduced by about $20\%$ compared with conventional LUT(Lookup Table)-based design. The CCMP core designed in Verilog-HDL has 13,360 gates, and the estimated throughput is about 168 Mbps at 54-MHz clock frequency. The functionality of the CCMP core is verified by Excalibur SoC implementation.