Lightweight Authentication in Wireless Networks

Document type: Licentiates
Author(s): Henric Johnson
Title: Lightweight Authentication in Wireless Networks
Series: Blekinge Institute of Technology Licentiate Series
Year: 2004
Issue: 2
Pagination: 143
ISBN: 91-7295-034-x
ISSN: 1650-2140
Publisher: Blekinge Institute of Technology
City: Karlskrona
Organization: Blekinge Institute of Technology
Department: School of Engineering - Dept. of Telecommunication Systems (Sektionen för teknik – avd. för telekommunikationssystem)
School of Engineering S- 372 25 Ronneby
+46 455 38 50 00
http://www.tek.bth.se/
Authors e-mail: hjo@bth.se
Language: English
Abstract: In this thesis, we develop and analyse two novel authentication protocols well suited for wireless devices. iven that wireless devices have limited resources such as processing power, bandwidth, storage, and energy, the proposed authentication protocols need to be lightweight. Due to these limitations there is a tradeoff between security and performance.

To guarantee complete network access control the authentication is performed on a per-packet basis. Therefore, a Lightweight Authentication Code (LAC) is embedded in each packet as an authenticator. Authentication is necessary to guarantee the identity of a source since, with a wireless network, an adversary could easily inject traffic to get access to a network or launch a Denial-of-Service attack.

The protocols are designed to be generic and applicable to standards such as IEEE 802.11 and Bluetooth. In order to handle packet loss or an attack, synchronization algorithms are advanced and analysed to synchronize the sender's and the receiver's LACs.

We further propose to use the lightweight authentication protocol as part of a detection and response scheme to handle Denial-of-Service attacks such as resource exhaustion. Five Adaptive Packet Discard Mechanisms (APDMs) are presented, in which the lightweight authentication protocols function as a first line of defense to protect the second and much stronger security service from exhaustion. With these mechanisms, we believe it is possible to reduce, if not remove, the effects of a Denial-of-Service attack on complex security systems. Finally, we extend the applicability to secure usage-based accounting, in which lightweight authentication per-packet is necessary to utilize accounting resources efficiently and guarantee accounting correctness.
Subject: Telecommunications\General
Telecommunications\Network Security
URN: urn:nbn:se:bth-00257
Edit