Although the wireless technology nowadays provides satisfying bandwidth and higher speeds, it still lacks improvements with regard to handoff performance. Several studies have shown that the IEEE 802.11 scanning phase introduces most of the latency in pre-802.11i deployments. However, when IEEE 802.11i is used, link layer authentication based on the Extensible Authentication Protocol (EAP) can also introduce substantial delays.
There exist four main alternatives for reducing authentication delays during handoffs in IEEE 802.11 networks.
IEEE 802.1X pre-authentication
The IEEE 802.11i standard specifies how wireless stations can perform pre-authentication over the distribution system while still connected to their current access point. The idea is that if the station can perform authentication in advance, fewer exchanges will be needed during the handoff which reduces the handoff latency.
To initiate a pre-authentication, the station issues an IEEE 802.1X EAPOL-Start message destined to the target access point. This message is forwarded by the current access point to the target access point based on routing information embedded in the message. The target access point processes the EAPOl-Start message and initiates an IEEE 802.1X/EAP authentication. The result of a successful IEEE 802.1X/EAP pre-authentication is a security association shared between the station and the access point. When the station eventually decides to associate with the target access point the pre-established security association is used and the full EAP exchange is avoided.
Pairwise Master Key (PMK) caching
PMK caching is a basic handoff optimization technique that all IEEE 802.11i compliant wireless devices already support. Wireless stations and access points can store security credentials derived from a full EAP authentication. The stored security association can then be used later on if the wireless station comes back to the same location.
Opportunistic PMK pre-caching
The opportunistic PMK pre-caching technique works as follows: when a wireless station enters an access network, it uses IEEE 802.11i/EAP and establishes a fresh security association with the first access point it encounters. The controller of the local access network retrieves the security association from the first access point and forwards it to other access points in the access network. When the station moves to another access point, the pre-distributed security association is used to perform mutual authentication between the station and the access point without the need for using a full EAP exchange.
Fast BSS transitions : IEEE 802.11r
when an IEEE 802.11r compliant station enters an access network, it first performs authentication using EAP with the access network’s controller. The resulting keying materials are used by the station and the controller to derive a key called PMK-R0. PMK-R0 is then used to derive per-access-point keys. The name for such keys is PMK-R1. The controller finally sends the PMK-R1 keys to their corresponding access points. The controller that holds the PMK-R0 key is called ‘R0 Key Holder’ (R0KH), while the access points to which PMK-R1 keys are delivered are called ‘R1 Key Holders"(R1KH). After this initla key distribution phase, the wireless station is able to perform mutual authentication with any access point in the access network without the need for a full EAP exchange.
Be sure to check the latest information on wireless security and performance that will help you get more in depth in these topics.
Check out Best Mobile Hotspot device
Glocalme® G1 SIM-Free Global Free Roaming Mobile Wifi HotspotCheck PriceT-Mobile 4G Hotspot (T-Mobile)Check PriceNetgear Fuse – No Contract – Retail Packaging (BOOST)Check PriceZTE Z915 4G LTE Mobile Hotspot, T-MobileCheck PriceHuawei E5372s Mobile HotspotCheck Price
0 comments:
Post a Comment