**4.4. Cost consideration**

**d.** *FAS* →*FAP* : *ACCres MSKCRA*, *ReID*, *EAPsucces* Inline Formula

the peer waits until it received the EAP-success from the authenticator.

the generation of rMSK while the supplicant is in the FAS's domain.

between Enhanced EAP-CRA and its close competitor EAP-ERP.

Upon receiving the message the FAS checks the Kname-NAI with its stored authentication information. If there is a match, the server generates the hash value to verify the validity of the message and update the CRA\_counter and CRA\_timer values. The FAS will then send MSK, MAC, SEQ number to the authenticator. The authenticator retains the MSK and sends the rest to the peer. In the final step, the peer sends an EAP-Response as an acknowledgment. At this point the client is able to calculate the keying material, however to start secure communication

Two sequence numbers, one with HAS and other with FAS are maintained for replay protec‐ tion of EAP-CRA messages. The sequence number maintained by the supplicant and HAS is initialized to zero on generation of EMSK. The server sets the expected sequence number to the received sequence number plus one on every successful Re-authentication request, i.e. on generation of DSRK. Similarly, the supplicant and the FAS maintain a sequence number with

To substantiate the effectiveness our protocol we first examine the key security features of Enhanced CRA and then compare the cost involved in communication and computing

RFC-3748 [17] indicates mandatory properties and security constraints of an EAP method such as freshness of session key and resistance against replay, dictionary and man in middle attacks. These features can be used as a reference to analyze the protocol in compliance with the EAP frame work. In this section we present our analysis of our protocol against this criterion.

**Replay attacks**: Generally replay attacks are initiated by re-using captured PDUs. The captured PDUs have authentic ingredients and can be replayed influencing legitimate nodes to respond. The CRA responds to this threat by the use of sequence numbers that enables both the sender and the receiver to have a record of the received datagram. If a packet is out of order it can be dropped. In case of re-authentication the sequence number is generated by the peer. For the rest of the session the peer and the foreign server will increment the value of this sequence number. In the process of full authentication the peer and HAS can benefit from the same

**Man In The Middle (MitM) attacks**: In this category of attacks a rogue node introduces itself as a legitimate member in the communication. If there is no security mechanism in place the

**e.** *FAP* →*MN* : *EAPreq ReID*, *Seq* # , *MAC* Inline Formula

**f.** *MN* →*FAS* : *EAPres ACK*, *Seq* # , *MAC* Inline Formula

**g.** *FAS* →*MN* : *EAPsuc* Inline Formula

**4.3. Analysis**

122 Selected Topics in WiMAX

*4.3.1. Security consideration*

procedure to protect against reply attacks.

In this section we compare the cost of communication and computation between Enhanced EAP-CRA and EAP-ERP. It should be noted that EAP-ERP performs a full authentication with the home server every time it enters a foreign network. For this purpose we use EAP-TLS as the home authentication method.

EAP-CRA exchanges eight messages between the supplicant and the servers during full authentication. It also utilizes seven messages during the re-authentication process. In the case of ERP, a minimum of sixteen messages are exchanged between the supplicant and the servers. This is made up of seven messages that are specific to ERP and at least nine messages from EAP-TLS, since we consider EAP-TLS as the home authentication method. For simplicity we are considering the size of the messages during these exchanges. Table 3 lists the number of messages used in each authentication methods.

**CRA Full-auth CRARe-auth ERPInitial EAPRe-auth**

Hash(0) Encrypt(0) Decrypt(0)

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

Hash(0) Encrypt(0) Decrypt(0)

Hash(0) Encrypt(0) Decrypt(0)

Hash(2) Encrypt(0) Decrypt(0) 125

http://dx.doi.org/10.5772/54837

Hash(2) Encrypt(0) Decrypt(0)

Hash(0) Encrypt(0) Decrypt(0)

Hash(2) Encrypt(0) Decrypt(0)

Hash(2) Encrypt(0) Decrypt(0)

Hash(0) Encrypt(0) Decrypt(0)

The main advantage of the CRA mechanism is the use of only two messages to authenticate a wireless device in a FOREIGN network. Although the time taken between the FAS and the HAS may vary depending on the traffic and/or capacity of the wired network, the use of only two messages in a FOREIGN network makes the CRA mechanism very much reliable com‐ pared to other available techniques. Further, even if the foreign network uses a less secure authentication mechanism, it still will not affect the CRA clients since their MSKs are supplied

Another significant advantage of the CRA is its reliance on the HOME security credentials to secure its clients in the foreign network. Hence, it can be assured that the CRA clients will have the same security guarantee as in their home network in a foreign network. Further, in the case of EAP-TLS authentication with CA-signed PKI certificates, clients will need only one certificate signed by the CA and accepted by the HAS. There will be no need for clients to carry a number of different certificates to authenticate with different networks. Hence, in this context, the CRA facilitates EAP-TLS authentication and makes it more practical and viable.

Although there are many other techniques proposed for coordinated authentication, the triumph of the CRA technique is its simplicity, robustness and versatility. Unlike many other systems that require additional components such as a token management system or the Kerberos servers, the CRA depends only on the existing infrastructure, hence, assuring simplicity. The use of existing CA-signed PKI certificates without necessitating other authen‐ tication mechanisms such as tokens or smart cards enables the CRA mechanism to be confined. Further, the CRA mechanism is not limited to WLAN, WiMAX or 4G LTE, it can be effectively used with any wireless network, harnessing the unique security features of that particular wireless network. Furthermore, the authentication mechanism (EAP-TLS, EAP-TTLS, EAP-PEAP etc.) used by the wireless network does not influence the CRA mechanism because it

by the HASs not-withstanding the limitations of the foreign network.

does use any form of mappings between these protocols.

**Sup** Hash(2)

**FS** Hash(2)

**HS** Hash(0)

**Table 7.** Computational Cost

**5. Conclusion**

Encrypt(1) Decrypt(1)

Encrypt(1) Decrypt(1)

Encrypt(2) Decrypt(2)

When entering a foreign network, a station that uses EAP-ERP performs a full authentication with its home server. This process will be very time consuming due to the fact that all message exchanges should take place over the internet. This is a significant weakness of EAP-ERP compared to EAP-CRA for two reasons; 1) the number of messages and 2) the size of the messages. With regards to re-authentication, ERP re-authentication should take place much quicker as it uses only five messages. However, the actual time differences must be determined after the real setup of both protocols.


**Table 6.** Communication Cost.

To evaluate the computational cost of the protocols we investigate the number of Hashing, Encryption and Decryption operations performed. Table 6 presents these values for EAP-CRA and EAP-ERP. In case of EAP-CRA full authentication there are four hashing operations and eight encryption operations. Initial EAP-ERP does not involve any encryption or decryption but it should be noticed that there will be at least 16 message exchanged while there are just 8 messages for full EAP-CRA authentication. Moreover the encryption involved in the process will ensure the security of the supplicant while it is roaming to a foreign network. In case of Re-authentication, cost of both protocols will be very similar as they both will perform four hash operations.

From the above comparisons we can say that EAP-ERP has high communication costs and Enhanced EAP-CRA has high computing costs. Therefore, we are expecting reasonable per‐ formance for Enhanced EAP-CRA due to the fact that communication overheads are nor‐ mally more costly compared to the computational overheads.


**Table 7.** Computational Cost
