**2. Existing methods for integrating wireless networks**

Iyer et al. [10] claim that WLAN and WiMAX are particularly interesting in their ability towards mobile data oriented networking. They confirm that a scheme enabling mobility across these two would provide several advantages to end-users, wireless operators as well as Wireless Internet Service Providers (WISP). Further, they propose a technique with a common WLAN/WiMAX mobility service agent for use across WLAN and WiMAX access. By incorporating an acceptable mapping mechanism between WLAN and WiMAX, they interface a WLAN Access Point with the WiMAX Access Service Network (ASN) gateway. The mapping function inside WLAN access point maps all 802.11 events to the WiMAX events. For example the event association request will be mapped to WIMAX pre-attachment request.

Supplicant Authenticator

Message 1: EAPOL-Key (ANonce, Unicast)

Message 2: EAPOL-Key (SNonce, Unicast, MIC)

Message 3: EAPOL-Key (Install PTK, Unicast, MIC Encrypted GTK))

Message 4: EAPOL-Key (Unicast, MIC)

Install PTK and GTK Install PTK

Key (PMK) is Known Generate ANonce

Derive PTK if needed derive GTK

Key (PMK) is Known Generate SNonce

Derive PTK

106 Selected Topics in WiMAX

**Figure 2.** Establishing pairwise & group keys [6]

IEEE 802.1X Control Port Blocked for STA

In the case of roaming, an STA requesting (re)association followed by IEEE 802.1X or preshared key authentication, the STA repeats the same actions as for an initial contact association, but its Supplicant also deletes the PTK when it roams from the old AP. The STA's Supplicant also deletes the PTKSA when it disassociates / de-authenticates from all basic service set identifiers in the ESS. An STA already associated with the ESS can request its IEEE 802.1X Supplicant to authenticate with a new AP before associating to that new AP. The normal operation of the DS via the old AP provides communication between the STA and the new AP.

Iyer et al. [10] claim that WLAN and WiMAX are particularly interesting in their ability towards mobile data oriented networking. They confirm that a scheme enabling mobility across these two would provide several advantages to end-users, wireless operators as well as Wireless Internet Service Providers (WISP). Further, they propose a technique with a common WLAN/WiMAX mobility service agent for use across WLAN and WiMAX access. By incorporating an acceptable mapping mechanism between WLAN and WiMAX, they interface a WLAN Access Point with the WiMAX Access Service Network (ASN) gateway. The mapping

**2. Existing methods for integrating wireless networks**

In their architecture the problem of handling mobility across WLAN and WiMAX boils down to the problem of handling mobility across WiMAX base stations that already have concrete solutions. Also, the mapping function consumes 1.82 seconds for EAP-TLS authentication in comparison to few milliseconds in CRA. Further, their proposed architecture enables the same IP address to be used across both the WLAN and the WiMAX network interfaces, and keeps it seamless from an application perspective.

Distributed authentication scheme proposed by Machiraju et al. [11] relies on Base Stations (BS) to collectively store authentication information. To achieve the goal of single point of access they introduce the notion of tokens. The token contains the identity and other informa‐ tion regarding the user. Each mobile user has exactly one token that is stored at the base station where the mobile user is receiving service. When the mobile user moves between base stations, its token moves along with the user, thus, eliminating the need to maintain costly infrastructure required by traditional centralized scheme. They assert two main disadvantages of centralized authentication methods. Firstly, a server must be available. Without a server the authentication process cannot be completed. Secondly, there must be a highly reliable backhaul. The latter is due to the authentication process creating a large volume of traffic, usually of a higher priority than normal traffic. They further emphasize that their scheme is optimized for mobilityinduced handover re-authentication and, thereby reducing the authentication overheads. This study however, does not clarify how the base stations will initiate contact with each other. The security approach to establish a secure connection between the BS is not determined. Moreover the details to establish trust between base stations and actions taken in case of base stations being compromised are not provided. The capabilities required to perform the expected functionality of a BS are not addressed.

The EAP-FAMOS authentication method developed by Almus et at. [12] use the Kerberos based authentication in the existing EAP framework. It allows secure and true session mobility and requires the use of another EAP method, only for the initial authentication. It uses the keying material delivered by the other EAP method during the initial authentication for its Kerberos-based solution for fast re-authentication. Mobility is based on Mobile IPv4 and a sophisticated handover supported by a so-called Residential Gateway together with a Mobility Broker located in the ISP's backend network. Their performance studies show that Wi-Fi technology can be used in mobile scenarios where moving objects are limited to speeds below 15kmh. Further, they state that applications requiring very low delay and allowing only very short service interruptions can be supported by their technique.

OSNP is another EAP method based on Kerberos proposed by Huang et al. [13]. The protocol provides intra-domain and inter-domain authentication to a peer that already has its security association with the home network. The authors have proposed a hierarchal design for KDC servers with the Root KDC responsible for providing directory service to other KDC servers. In case of a request to a particular network other than the peer's Home network, the authen‐ tication server in the new network will obtain the authenticity of the peer from the home KDC. Although the authors suggest a quick password based authentication and roaming mecha‐ nism, they fail to provide details of the hierarchical design of KDC servers and the agreement between them. Moreover, all servers share a group key and in case of a key compromise, access points can masquerade as legitimate authenticators.

Increasing use of Mobile devices and new data capabilities on these devices suggest more attention for fast and secure handover. Authentication mechanisms such as EAP-AKA and

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

http://dx.doi.org/10.5772/54837

109

The principal notion behind the Coordinated Robust Authentication (CRA) [16] mechanism is that every wireless device will primarily be associated with one wireless network, which can be referred to as its HOME network. The credentials used by a wireless device to associate with its HOME network are assumed to be robust and specific to that network. Therefore, a wireless device must be able to use its authority in the HOME network to reliably associate with any other FOREIGN network. In this context, the AAA server that authorizes the wireless device in its home network is called as the HOME AAA Server and the AAA server in a foreign network is called as the FOREIGN AAA Server. Hence, in CRA, a wireless device will require only one set of credentials that it uses to access the home network to access any type of foreign networks. CRA considers both different types of networks and different authentication

Therefore, in this mechanism a wireless device will deal with one HOME network and a number of FOREIGN networks. It also assumes that the security mechanism used in the HOME network is the most effective that can be adapted to the type of wireless devices used in the network. Further, it is assumed that the HOME AAA server will have pre-arranged agreements with the FOREIGN AAA servers for secure communications by other means such as IPSec,

Figure 3 outlines the messages exchanged in CRA. As in the RSNA, the CRA also includes a discovery phase that comprises of the six 802.11 open system association messages. During this phase a wireless device that is in the FOREIGN network will advertise that it is capable of EAP-CRA together with other allowed EAP methods. Hence, an authenticator in the FOREIGN network can initiate EAP-CRA if it is capable of managing it. Once they both agree on the EAP-CRA mechanism, the authenticator can initiate the EAP-CRA by sending the EAP Request / Identity message to the supplicant (message 7 in Figure 3). The supplicant in return will reply with the EAP Response / Identity message (message 8). The Response / Identity message is passed to the FOREIGN AAA server as a RADIUS Access Request message. At this stage unlike in the other EAP authentication methods the AAA server will pass the Access Request message to the relevant HOME AAA server for validation. If the HOME AAA server successfully validates the Identity information sent by the wireless device, it then responds with an Access Accept message with the necessary keying material to the FOREIGN AAA server. The keying material, in-turn, is passed to the authenticator with the RADIUS Access Accept message. The authenticator can then use the keying material to initiate the 4-way handshake process to generate the TSK. Further details of the CRA protocol are explained in

EAP-SIM facilitate handover and re-authentication for 3GPP interworking.

mechanisms that may be specific and effective to that type of network.

**3. Coordinated Robust Authentication**

SSL etc.

the next section.

Apart from the high administrative costs in Kerberos based methods; their solution is mainly targeted at specific wireless networks and authentication mechanisms. Wireless service providers use different authentication schemes on their diverse types of wireless networks. For example, a WiMAX service provider may use the EAP-TLS authentication scheme on their custom Authentication Authorization and Accounting (AAA) server, whereas corporate entities may want to use EAP-TTLS authentication mechanism facilitating the use of their existing authentication databases such as Active Directory, LDAP, and SQL. Hence, for convergence of wireless networks it is significant to develop an authentication mechanism that is versatile and simple so that it can be effectively used in any type of wireless network.

Narayanan et al. [14] propose ERP, an extension to the EAP framework and an EAP key hierarchy to support Re-authentication. As specified in RSNA, MSK is generated on successful completion of the authentication phase (phase 2 of RSNA). Subsequently MSK is passed to the authenticator to generate the TSK (phase 3 of RSNA). The TSK is then used for data encryption between the supplicant and the authenticator. However, the EAP framework proposed by Narayanan et al. suggests two additional keys to be derived by all EAP methods: the Master Session Key (MSK) and the Extended MSK (EMSK) which forms the EAP key hierarchy. They make use of the EMSK for re-authentication and successive key derivations.

ERP defines two new EAP messages EAP-Initiate and EAP-Finish to facilitate Re-authentica‐ tion in two round trip messages. At the time of the initial EAP exchange, the peer and the server derive an EMSK along with the MSK. EMSK is used to derive a re-authentication Root Key (rRK). The rRK can also be derived from Domain-Specific Root Key (DSRK), which itself is derived from the EMSK. Further, a re-authentication Integrity Key (rIK) is derived from the rRK; the supplicant and the authentication server use the rIK to provide proof of possession while performing an ERP exchange. After verifying proof of possession and successful authentication, re-authentication MSK (rMSK) from the rRK is derived. rMSk is treated similar to MSK obtained during normal EAP authentication i.e. to generate TSK [15].

Apart from the few modifications to the EAP protocol due to the introduction of two new EAP codes, ERP integrates with the existing EAP framework very well. To demonstrate the possession, supplicant uses rIK to compute the integrity checksum over the EAP-Initiate message. The algorithm used to compute integrity checksum is selected by the peer and in case of server's policy does not allow the use of cipher suite selected by the peer; the server sends a list of acceptable cipher suites in the EAP-Finish / Re-auth message. In this case the peer has to re-start the ERP process by sending the EAP-Initiate message and the integrity checksum using the acceptable cipher suites. Furthermore ERP also recommends use of IPsec or TLS to protect the keying materials in transit. However, EAP-ERP requires a full EAP authentication at first when a user enters a foreign network. Further, if one supplicant for any reason has not been able to extract domain name of the foreign network then it should solicit it from its Home server, this can result in long authentication delays.

Increasing use of Mobile devices and new data capabilities on these devices suggest more attention for fast and secure handover. Authentication mechanisms such as EAP-AKA and EAP-SIM facilitate handover and re-authentication for 3GPP interworking.
