**3. Coordinated Robust Authentication**

nism, they fail to provide details of the hierarchical design of KDC servers and the agreement between them. Moreover, all servers share a group key and in case of a key compromise, access

Apart from the high administrative costs in Kerberos based methods; their solution is mainly targeted at specific wireless networks and authentication mechanisms. Wireless service providers use different authentication schemes on their diverse types of wireless networks. For example, a WiMAX service provider may use the EAP-TLS authentication scheme on their custom Authentication Authorization and Accounting (AAA) server, whereas corporate entities may want to use EAP-TTLS authentication mechanism facilitating the use of their existing authentication databases such as Active Directory, LDAP, and SQL. Hence, for convergence of wireless networks it is significant to develop an authentication mechanism that is versatile and simple so that it can be effectively used in any type of wireless network.

Narayanan et al. [14] propose ERP, an extension to the EAP framework and an EAP key hierarchy to support Re-authentication. As specified in RSNA, MSK is generated on successful completion of the authentication phase (phase 2 of RSNA). Subsequently MSK is passed to the authenticator to generate the TSK (phase 3 of RSNA). The TSK is then used for data encryption between the supplicant and the authenticator. However, the EAP framework proposed by Narayanan et al. suggests two additional keys to be derived by all EAP methods: the Master Session Key (MSK) and the Extended MSK (EMSK) which forms the EAP key hierarchy. They

ERP defines two new EAP messages EAP-Initiate and EAP-Finish to facilitate Re-authentica‐ tion in two round trip messages. At the time of the initial EAP exchange, the peer and the server derive an EMSK along with the MSK. EMSK is used to derive a re-authentication Root Key (rRK). The rRK can also be derived from Domain-Specific Root Key (DSRK), which itself is derived from the EMSK. Further, a re-authentication Integrity Key (rIK) is derived from the rRK; the supplicant and the authentication server use the rIK to provide proof of possession while performing an ERP exchange. After verifying proof of possession and successful authentication, re-authentication MSK (rMSK) from the rRK is derived. rMSk is treated similar

Apart from the few modifications to the EAP protocol due to the introduction of two new EAP codes, ERP integrates with the existing EAP framework very well. To demonstrate the possession, supplicant uses rIK to compute the integrity checksum over the EAP-Initiate message. The algorithm used to compute integrity checksum is selected by the peer and in case of server's policy does not allow the use of cipher suite selected by the peer; the server sends a list of acceptable cipher suites in the EAP-Finish / Re-auth message. In this case the peer has to re-start the ERP process by sending the EAP-Initiate message and the integrity checksum using the acceptable cipher suites. Furthermore ERP also recommends use of IPsec or TLS to protect the keying materials in transit. However, EAP-ERP requires a full EAP authentication at first when a user enters a foreign network. Further, if one supplicant for any reason has not been able to extract domain name of the foreign network then it should solicit it from its Home

make use of the EMSK for re-authentication and successive key derivations.

to MSK obtained during normal EAP authentication i.e. to generate TSK [15].

server, this can result in long authentication delays.

points can masquerade as legitimate authenticators.

108 Selected Topics in WiMAX

The principal notion behind the Coordinated Robust Authentication (CRA) [16] mechanism is that every wireless device will primarily be associated with one wireless network, which can be referred to as its HOME network. The credentials used by a wireless device to associate with its HOME network are assumed to be robust and specific to that network. Therefore, a wireless device must be able to use its authority in the HOME network to reliably associate with any other FOREIGN network. In this context, the AAA server that authorizes the wireless device in its home network is called as the HOME AAA Server and the AAA server in a foreign network is called as the FOREIGN AAA Server. Hence, in CRA, a wireless device will require only one set of credentials that it uses to access the home network to access any type of foreign networks. CRA considers both different types of networks and different authentication mechanisms that may be specific and effective to that type of network.

Therefore, in this mechanism a wireless device will deal with one HOME network and a number of FOREIGN networks. It also assumes that the security mechanism used in the HOME network is the most effective that can be adapted to the type of wireless devices used in the network. Further, it is assumed that the HOME AAA server will have pre-arranged agreements with the FOREIGN AAA servers for secure communications by other means such as IPSec, SSL etc.

Figure 3 outlines the messages exchanged in CRA. As in the RSNA, the CRA also includes a discovery phase that comprises of the six 802.11 open system association messages. During this phase a wireless device that is in the FOREIGN network will advertise that it is capable of EAP-CRA together with other allowed EAP methods. Hence, an authenticator in the FOREIGN network can initiate EAP-CRA if it is capable of managing it. Once they both agree on the EAP-CRA mechanism, the authenticator can initiate the EAP-CRA by sending the EAP Request / Identity message to the supplicant (message 7 in Figure 3). The supplicant in return will reply with the EAP Response / Identity message (message 8). The Response / Identity message is passed to the FOREIGN AAA server as a RADIUS Access Request message. At this stage unlike in the other EAP authentication methods the AAA server will pass the Access Request message to the relevant HOME AAA server for validation. If the HOME AAA server successfully validates the Identity information sent by the wireless device, it then responds with an Access Accept message with the necessary keying material to the FOREIGN AAA server. The keying material, in-turn, is passed to the authenticator with the RADIUS Access Accept message. The authenticator can then use the keying material to initiate the 4-way handshake process to generate the TSK. Further details of the CRA protocol are explained in the next section.

According to the EAP-CRA protocol, in response to the EAP-CRA Request Identity message (message 1 in Figure 4), the supplicant sends an EAP Response message with its *Identity* (EMSKname and Sequence number) encrypted with the public key of the HOME AAA server (message 2 in Figure 4) along with the unencrypted host name of the HOME AAA server. EMSKname is used to identify the corresponding EMSK and Sequence Number for Replay protection by the Home AAA server. The authenticator, having received the encrypted *Identity* will pass it to the FOREIGN AAA server as it is. The FOREIGN AAA server uses the fully qualified *Host Name* provided in EAP-CRA Response message to determine the Home AAA server. The FOREIGN AAA server will append its *Domain name* to the received message (EAP-CRA Response) and pass it to the HOME AAA server using the secure method described above

2. EAP-CRA Response/Identity

(rMSK)

The HOME AAA server will then have to do a double decryption to find the identity of the HOME wireless device. If the wireless device is positively identified, the HOME AAA server calculates *DSRK* (Domain Specific Re-authentication key). DRSK is calculated using *Domain Name* as an optional data in the key derivation specified in [15]. HOME AAA server will then send the *DSRK* to the FOREIGN AAA server after encrypting the message using the public key of the FOREIGN AAA server (message 4). This process is illustrated in Figure 5. The FOREIGN AAA server can use its private key to decrypt the received message to discover the *DSRK* and generate *rMSK* (Re-authentication Master Session Key). rMSK is calculated using a sequence number as an optional data specified in [14]. The *rMSK* can then be transferred to the authenticator with the RADIUS Access Accept message (message 5 in Figure 4). Finally the authenticator sends the EAP success message to the wireless device indicating the completion

Two sequence numbers, one with HOME AAA server and one with FOREIGN AAA server is maintained for replay protection of EAP-CRA messages. The sequence number maintained by the supplicant and HOME AAA server is initialized to zero on the generation of EMSK. The server sets the expected sequence number to the received sequence number plus one on every

of the CRA authentication and the beginning of the key distribution phase.

Host Name, EKUH(EMSKNAME, SEQ No.)

Foreign AAA Server

KUF(DSRK) 5. RADIUS Access Accept

Domain Name, E

E

KPF( Host Name, <sup>E</sup> KUH(EMSKNAME, SEQ No.) 3. RADIUS Access Request

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

http://dx.doi.org/10.5772/54837

111

4. RADIUS Access Accept

Home AAA Server

802.1X Authenticator

12. EAP Success

**Figure 4.** Coordinated Robust Authentication (CRA) Protocol.

1. EAP-CRA Request/Identity

(message 3).

802.1X Supplicant

**Figure 3.** Coordinated authentication message exchange
