An EAP Method with Biometrics Privacy Preserving in IEEE 802.11 Wireless LANs

Chen, Yung-Chih

15 August 2009

It is necessary to authenticate users when they want to access services in WLANs. Extensible Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLAN authentication have been defined in RFC 4017. Besides, low computation cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication. However, all EAP methods and authentication schemes designed for WLANs so far do not satisfy all of the above requirements. Therefore, we will propose an EAP method which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and 3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication server, and the server can flexibly decide whether passwords and biometrics are verified in each round or not.

Extensible Authentication Protocol (EAP)

Lightweight Computation

Wireless Local Area Networks (WLANs)

Three-Factor Authentication

Forward Secrecy

User Efficient Authentication Protocols with Provable Security Based on Standard Reduction and Model Checking

Lin, Yi-Hui

12 September 2012

Authentication protocols are used for two parties to authenticate each other and build a secure channel over wired or wireless public channels. However, the present standards of authentication protocols are either insufficiently secure or inefficient for light weight devices. Therefore, we propose two authentication protocols for improving the security and user efficiency in wired and wireless environments, respectively. Traditionally, TLS/SSL is the standard of authentication and key exchange protocols in wired Internet. It is known that the security of TLS/SSL is not enough due to all sorts of client side attacks. To amend the client side security, multi-factor authentication is an effective solution. However, this solution brings about the issue of biometric privacy which raises public concern of revealing biometric data to an authentication server. Therefore, we propose a truly three factor authentication protocol, where the authentication server can verify their biometric data without the knowledge of users¡¦ templates and samples. In the major wireless technologies, extensible Authentication Protocol (EAP) is an authentication framework widely used in IEEE 802.11 WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLANs authentication have been defined in RFC 4017. To achieve user efficiency and robust security, lightweight computation and forward secrecy, excluded in RFC 4017, are desired in WLAN authentication. However, all EAP methods and authentication protocols designed for WLANs so far do not satisfy all of the above properties. We will present a complete EAP method that utilizes stored secrets and passwords to verify users so that it can (1) meet the requirements of RFC 4017, (2) provide lightweight computation, and (3) allow for forward secrecy. In order to prove our proposed protocols completely, we apply two different models to examine their security properties: Bellare¡¦s model, a standard reduction based on computational model, that reduces the security properties to the computationally hard problems and the OFMC/AVISPA tool, a model checking approach based on formal model, that uses the concept of the search tree to systematically find the weaknesses of a protocol. Through adopting Bellare¡¦s model and OFMC/AVISPA tool, the security of our work is firmly established.

Wireless Local Area Networks (WLANs)

Wired and Wireless Security

Model Checking

Standard Reduction

Formal Security Proofs

Lightweight Devices

Authentication

Passwords

Smart Cards

Forward Secrecy

Extensible Authentication Protocol (EAP)

Biometric Privacy