**4.2. EAP-CRA re-authentication**

responsible to do a full authentication with its Home Network to obtain a fresh MSK. On the other hand, if the MSK is valid, the peer generates a random sequence number and encrypts the EMSKname of home network and the sequence number with the public Key of its HAS. The composed EAP-Response message will be sent to the FAP, which contains the encrypted message, Message Authentication Code, the realm of the home network and the random

**b.** *MN* →*FAP* : *EAPres Hostname*, *Realmh* , {*EMSKname*, *Seq* # }*UKh* , *MAC* Inline Formula

**c.** *FAP* →*FAS* : *ACCreq Hostname*, *Realmh* , {*EMSKname*, *Seq* # }*UKh* , *MAC* Inline Formu‐

**d.** *FAS* →*HAS* : *ACCreq Realm <sup>f</sup>* , {*Hostname*}*PK <sup>f</sup>* , {*EMSKname*, *Seq* # }*UKh* Inline Formula

FAP will encapsulate this EAP-Response message inside a RADIUS Packet and forward it to the foreign authentication server. The FAS will also utilize RADIUS for server-toserver communication. However before sending the received message, the FAP will add its domain name and encrypt the MSKname with its Private Key (message d in List 1). This enables the HAS to authenticate the FAS. Upon receiving the message from a for‐ eign network, HAS is able to check if the FAS is authorized based on the domain name of the FAS. The HAS can authenticate the FAS by verifying the contents of the signed message. Peer authentication will be managed by matching the MSKname with MSK, EMSK, Validation of key timer and the number of re-authentication of the peer. If the MSK is valid the HAS can combine the foreign domain name, sequence number and the

After updating the timer and counter values of the MSKname the HAS creates a RADIUS message which holds Access Accept, encrypted values of CRA-MSK and CRA-EMSK with FAS's Public Key, MAC and privately signed message of domain name – MSKname (message

FAS first checks the signed MSKname to validate the HAS, then stores the MSKname and CRA keys. In addition to these it calculates a new timer, counter and random re-authentication ID for local re-authentication in case the peer stays for longer time in the foreign network. These

**e.** *HAS* →*FAS* : *ACCres* {*Hostname*}*PKh* , {*MSKCRA*, *EMSKCRA*}*UK <sup>f</sup>* , *EAPsuccess*, *Seq* #

**f.** *FAS* →*FAP* : *ACCres MSKCRA*, *Realm <sup>f</sup>* , *ReID*, *Seq* # , *MAC* Inline Formula

**g.** *FAP* →*MN* : *EAPreq Realm <sup>f</sup>* , *ReID*, *Seq* # , *MAC* Inline Formula

**h.** *MN* →*FAS* : *EAPres ACK*, *Seq* # , MAC Inline Formula

previous EMSK to generate new CRA-MSK and CRA-EMSK.

**i.** *FAS* →*MN* : *EAPsuc* Inline Formula

identity of the peer (message b in List 1).

**a.** *FAP* →*MN* : *EAPreq ID* Inline Formula

la

120 Selected Topics in WiMAX

e in List 1).

Inline Formula

List 1: Messages Exchanged During CRA Full Authentication

In the previous section we described a roaming-enabled authentication mechanism for users who wish to get connected to a new network, using the security credentials that they use in their home network. Although we anticipate relatively faster CRA authentication, in situations where the user continues to work on a foreign network the need for re-authentication is anticipated.

This section will explain the re-authentication process that can occur due to handover within the same network, i.e. when a user moves from one access point to another. The Enhanced CRA full authentication generates CRA-MSK and CRA-EMSK for a secure communication. Possession of these keys by the supplicant and the FAS can quicken the process of re-authen‐ tication. The FAS, after the successful authentication of a supplicant distributes the reauthentication identity and the CRA\_Counter to the peer. The counter determines the number of re-authentications which can be acceptable.

The process of re-authentication will be initiated by the authenticator with EAP-Request for supplicant ID. In response the supplicant will check the time since last logon to verify the validity of CRA-MSK. In case the key is expired then a valid peer will fall back to request a full EAP-CRA authentication. On the other hand the supplicant sends its re-authentication ID and realm inside Kname-NAI, a random sequence number with a hashed value of the message. The key for the hash can be generated from the CRA-EMSK and sequence number. Here, the need for the sequence number arises to provide immunity against replay attacks. The authen‐ ticator will then forward the EAP-Response encapsulated as a RADIUS packet to the FAS (message c in List 2).

List 2: Messages Exchanged During CRA Re-Authentication


Upon receiving the message the FAS checks the Kname-NAI with its stored authentication information. If there is a match, the server generates the hash value to verify the validity of the message and update the CRA\_counter and CRA\_timer values. The FAS will then send MSK, MAC, SEQ number to the authenticator. The authenticator retains the MSK and sends the rest to the peer. In the final step, the peer sends an EAP-Response as an acknowledgment. At this point the client is able to calculate the keying material, however to start secure communication the peer waits until it received the EAP-success from the authenticator.

malicious node can continue to remain in between two legitimate nodes and subsequently masquerade as a legitimate node. During the EAP-CRA re-authentication process, MitM attacks are shunned with a Message Authentication Code (MAC). The MAC is simply a hash of the entire message that is attached to the original message. In this situation an attacker needs to have the knowledge of the hash key to revise the message and to re-calculate the hash. In case of full authentication, the use PKI certificate provides immunization against modification

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

http://dx.doi.org/10.5772/54837

123

**Hiding User identification**: The proposed method uses KeyName value as user's id during the full CRA process. This prevents from the real identity being revealed to an outsider. During the full authentication process, just before the EAP-Success message the FAS pass a reauthentication ID to the Peer in a secured message. Therefore when the peer requests for re-

**Mutual Authentication**:One of the essential features of every EAP method is mutual authen‐ tication. However, at the time of publishing EAP framework, the scope of EAP authentication was limited to peer-to-server authentication and the roaming attribute had not been consid‐ ered. EAP-ERP may satisfy the condition of mutual authentication between Home server and the supplicant, but it is lacking of bilateral proof of identity between the supplicant and a foreign server. More importantly it relies on the security of RADIUS for server-to-server authentication. In contrast, EAP-CRA reaps the advantages of PKI to satisfy this need during

As both EAP-CRA and EAP-ERP extend the scope of authentication process, the mutual authentication issue can be explored in three areas; between peer and home server, peer and foreign server, and the foreign and home servers. During full EAP-CRA authentication, the proof of possession of MSK (or a key generated from MSK) from the prior EAP authentication process validates the mutual identity between the peer and the home server. The mutual identity between the peer and the foreign server is realized by the foreign server generating a MAC from a key derived from the EMSK which both the foreign server and the peer are in possession. In return the peer also calculates a MAC value to place it inside the final message.

Mutual authentication between servers is realized by each server using its private key to encrypt their hostnames. In this view, both servers sign the MSKname to authenticate

In this section we compare the cost of communication and computation between Enhanced EAP-CRA and EAP-ERP. It should be noted that EAP-ERP performs a full authentication with the home server every time it enters a foreign network. For this purpose we use EAP-TLS as

EAP-CRA exchanges eight messages between the supplicant and the servers during full authentication. It also utilizes seven messages during the re-authentication process. In the case of ERP, a minimum of sixteen messages are exchanged between the supplicant and the servers.

authentication there is a new random identifier for the peer.

This same model is valid for re-authentication phase as well.

of messages.

each other.

**4.4. Cost consideration**

the home authentication method.

the full authentication process.

Two sequence numbers, one with HAS and other with FAS are maintained for replay protec‐ tion of EAP-CRA messages. The sequence number maintained by the supplicant and HAS is initialized to zero on generation of EMSK. The server sets the expected sequence number to the received sequence number plus one on every successful Re-authentication request, i.e. on generation of DSRK. Similarly, the supplicant and the FAS maintain a sequence number with the generation of rMSK while the supplicant is in the FAS's domain.
