How to Establish Secure Channels for Wireless Communications

摘要

The most fundamental security goals include authentication and confidentiality both of which can be achieved by an authenticated key establishment (so-called AKE) protocol where the involving parties authenticate each other and generate cryptographically-secure (but temporal) session keys for their subsequent secure channels. As AKE protocols for wireless security, the IEEE 802.1x standard committee employed the Extensible Authentication Protocol (EAP) methods: EAP-MD5, LEAP, EAP-SIM, EAP-AKA, EAP-TLS, EAP-TTLS and PEAP. In this paper, we first revisit the EAP methods considering the following practical situation: (1) a user, who communicates with many different servers, remembers only one password and has insecure mobile devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart servers have enormous computing power, but they are not perfectly secure against various attacks (e.g., virus or hacker); (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available. For the above situation, we introduce an RSA-based AKE (for short, RSA-AKE) protocol that satisfies both higher level of security and efficiency over their kinds.