TY - GEN
T1 - A novel compromise-resilient authentication system for wireless mesh networks
AU - Lin, Xiaodong
AU - Lu, Rongxing
AU - Ho, Pin Han
AU - Shen, Xuemin
AU - Cao, Zhenfu
PY - 2007
Y1 - 2007
N2 - User authentication is essential in service-oriented communication networks to identify and reject any unauthorized network access. The state-of-the-art practice in securing wireless networks is based on the technique of authentication, authorization and accounting (AAA) framework where an AAA server is adopted to authenticate mobile users (MUs), handle authorization requests, and collect accounting data. However, the traditional AAA framework is by way of a single authentication server, and cannot tolerate AAA server failure due to various malicious attacks such as denial-of-service (DoS) attack, or any other failure event such that the authentication server is compromised due to misuse, misconfiguration and malicious access, etc. Thus, a more resilient approach is to adopt multiple authentication servers, where any authentication request is handled by more than one authentication servers in order to resist any compromise event of a authentication server. To meet this design objective, we introduce a novel compromise-resilient authentication system based on (t, n) threshold signature technique. With the proposed system, only t or more out of n authentication servers can cooperatively allow a MU to have network access, and any t -1 or less cannot. Case study of reliability analysis is conducted to demonstrate the effectiveness of the system. The proposed authentication system is expected to particularly contribute to wireless mesh networking (WMN) in metropolitan areas where thousands of nodes may coexist and are managed under a single control plane such that duplicated AAA servers are necessary.
AB - User authentication is essential in service-oriented communication networks to identify and reject any unauthorized network access. The state-of-the-art practice in securing wireless networks is based on the technique of authentication, authorization and accounting (AAA) framework where an AAA server is adopted to authenticate mobile users (MUs), handle authorization requests, and collect accounting data. However, the traditional AAA framework is by way of a single authentication server, and cannot tolerate AAA server failure due to various malicious attacks such as denial-of-service (DoS) attack, or any other failure event such that the authentication server is compromised due to misuse, misconfiguration and malicious access, etc. Thus, a more resilient approach is to adopt multiple authentication servers, where any authentication request is handled by more than one authentication servers in order to resist any compromise event of a authentication server. To meet this design objective, we introduce a novel compromise-resilient authentication system based on (t, n) threshold signature technique. With the proposed system, only t or more out of n authentication servers can cooperatively allow a MU to have network access, and any t -1 or less cannot. Case study of reliability analysis is conducted to demonstrate the effectiveness of the system. The proposed authentication system is expected to particularly contribute to wireless mesh networking (WMN) in metropolitan areas where thousands of nodes may coexist and are managed under a single control plane such that duplicated AAA servers are necessary.
KW - Authentication
KW - Bilinear pairing
KW - Security
KW - Threshold authentication
UR - https://www.scopus.com/pages/publications/36348949803
U2 - 10.1109/WCNC.2007.649
DO - 10.1109/WCNC.2007.649
M3 - 会议稿件
AN - SCOPUS:36348949803
SN - 1424406595
SN - 9781424406593
T3 - IEEE Wireless Communications and Networking Conference, WCNC
SP - 3544
EP - 3549
BT - 2007 IEEE Wireless Communications and Networking Conference, WCNC 2007
T2 - 2007 IEEE Wireless Communications and Networking Conference, WCNC 2007
Y2 - 11 March 2007 through 15 March 2007
ER -