**5. Conclusion**

This is made up of seven messages that are specific to ERP and at least nine messages from EAP-TLS, since we consider EAP-TLS as the home authentication method. For simplicity we are considering the size of the messages during these exchanges. Table 3 lists the number of

When entering a foreign network, a station that uses EAP-ERP performs a full authentication with its home server. This process will be very time consuming due to the fact that all message exchanges should take place over the internet. This is a significant weakness of EAP-ERP compared to EAP-CRA for two reasons; 1) the number of messages and 2) the size of the messages. With regards to re-authentication, ERP re-authentication should take place much quicker as it uses only five messages. However, the actual time differences must be determined

**Authentication Method No. of Messages**

CRA Full Authentication 7

CRA Re Authentication 8

ERP Re Authentication 5

ERP Initial 16

To evaluate the computational cost of the protocols we investigate the number of Hashing, Encryption and Decryption operations performed. Table 6 presents these values for EAP-CRA and EAP-ERP. In case of EAP-CRA full authentication there are four hashing operations and eight encryption operations. Initial EAP-ERP does not involve any encryption or decryption but it should be noticed that there will be at least 16 message exchanged while there are just 8 messages for full EAP-CRA authentication. Moreover the encryption involved in the process will ensure the security of the supplicant while it is roaming to a foreign network. In case of Re-authentication, cost of both protocols will be very similar as they both will perform four

From the above comparisons we can say that EAP-ERP has high communication costs and Enhanced EAP-CRA has high computing costs. Therefore, we are expecting reasonable per‐ formance for Enhanced EAP-CRA due to the fact that communication overheads are nor‐

mally more costly compared to the computational overheads.

messages used in each authentication methods.

124 Selected Topics in WiMAX

after the real setup of both protocols.

**Table 6.** Communication Cost.

hash operations.

The main advantage of the CRA mechanism is the use of only two messages to authenticate a wireless device in a FOREIGN network. Although the time taken between the FAS and the HAS may vary depending on the traffic and/or capacity of the wired network, the use of only two messages in a FOREIGN network makes the CRA mechanism very much reliable com‐ pared to other available techniques. Further, even if the foreign network uses a less secure authentication mechanism, it still will not affect the CRA clients since their MSKs are supplied by the HASs not-withstanding the limitations of the foreign network.

Another significant advantage of the CRA is its reliance on the HOME security credentials to secure its clients in the foreign network. Hence, it can be assured that the CRA clients will have the same security guarantee as in their home network in a foreign network. Further, in the case of EAP-TLS authentication with CA-signed PKI certificates, clients will need only one certificate signed by the CA and accepted by the HAS. There will be no need for clients to carry a number of different certificates to authenticate with different networks. Hence, in this context, the CRA facilitates EAP-TLS authentication and makes it more practical and viable.

Although there are many other techniques proposed for coordinated authentication, the triumph of the CRA technique is its simplicity, robustness and versatility. Unlike many other systems that require additional components such as a token management system or the Kerberos servers, the CRA depends only on the existing infrastructure, hence, assuring simplicity. The use of existing CA-signed PKI certificates without necessitating other authen‐ tication mechanisms such as tokens or smart cards enables the CRA mechanism to be confined. Further, the CRA mechanism is not limited to WLAN, WiMAX or 4G LTE, it can be effectively used with any wireless network, harnessing the unique security features of that particular wireless network. Furthermore, the authentication mechanism (EAP-TLS, EAP-TTLS, EAP-PEAP etc.) used by the wireless network does not influence the CRA mechanism because it does use any form of mappings between these protocols.

On the negative aspect, the effectiveness of the CRA mechanism will depend on the mu‐ tual trust established between the participating AAA servers. If the AAA servers do not have any form of prior agreement, it will be up to the discretion of FAS whether to ac‐ cept or deny a CRA request.

[10] Iyer, A. P, & Iyer, J. Handling mobility across WiFi and WiMAX", in *Proceedings of the 2009 international Conference on Wireless Communications and Mobile Computing: Connect‐*

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

http://dx.doi.org/10.5772/54837

127

[11] Machiraju, S, Chen, H, & Bolot, J. Distributed authentication for low-cost wireless networks", in *Proceedings of the 9th Workshop on Mobile Computing Systems and Applica‐*

[12] Almus, H, Brose, E, Rebensburg, K, & Kerberos-based, A. EAP method for re-authen‐ tication with integrated support for fast handover and IP mobility in wireless LANs", in *Proceedings of the 2nd international conference on communications and electronics,* ICCE

[13] Huang, Y. L, Lu, P. H, Tygar, J. D, & Joseph, A. D. OSNP: Secure Wireless Authentica‐ tion Protocol using one-time key", in *Proceedings of Computer and Security* (2009). ,

[14] Narayanan, V, & Dondeti, L. EAP Extensions for EAP Re- authentication Protocol

[15] Salowey, J, Dondeti, L, Narayanan, V, & Nakhjiri, M. Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)," RFC 5295, Internet Eng.

[16] Sithirasenan, E, Kumar, S, Ramezani, K, & Muthukkumarasamy, V. An EAP Frame‐ work For Unified Authentication in Wireless Networks". In TrustCom'11: *Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and*

[17] Blunk, L, & Vollbrecht, J. PPP Extensible Authentication Protocol (EAP)," RFC 3748,

[18] Stanke, M, & Sikic, M. (2008). *Comparison of the RADIUS and Diameter protocols.* Paper presented at the Information Technology Interfaces, 2008. ITI 2008. 30th International

[19] Aboba, B, & Simon, D. PPP EAP TLS Authentication Protocol," http://tools.ietf.orgwg/ pppext/draft-ietf-pppext-eaptls/draftietf-pppext-eaptls-06.txt, August (1999).

*ing the World Wirelessly*, IWCMC (2009). , 537-541.

(ERP)," RFC 5296, Internet Eng. Task Force, (2008).

*tions*, HotMobile (2008). , 55-59.

(2008). , 61-66.

Task Force, (2008).

Conference.

*Communications*, Nov. (2011). , 92-99.

Internet Eng. Task Force, (2004).

803-815.
