Dynamic group-based authentication in wireless networks
2017-01-13T04:10:17Z (GMT) by
Authentication is an important part of any computer network. Authenticating individuals and groups of users and services securely and efficiently is challenging, especially in wireless networks. This is because users and services in wireless networks are vulnerable to attack due to the nature of wireless communication and the limitations of wireless devices. The problem is compounded by the need for authentication processes to also be scalable and flexible. Users and services in wireless networks are not only more dynamic than those of wired networks but also greater in number. Authentication processes also need to be able to employ different authentication protocols so that the requirements of different computer networks can be met. A good authentication model for wireless network users and services thus needs to have four desirable properties: security, efficiency, scalability and flexibility. Existing authentication models do not sufficiently possess these characteristics. This thesis presents a novel authentication model aimed to achieve these four major properties. The proposed authentication model consists of a collection of relationships, a group manager and an authentication controller. In this model, users and services are grouped into user groups and service groups respectively. The collection of relationships of users, services and their groups in this model is defined and classified in order to provide proper authentication for both individuals and groups of users and services. The group manager and the authentication controller are proposed in order to allow authentication with the four desirable properties to be achieved. In order to demonstrate the practical value of the proposed authentication model, an architecture is derived followed by a realization. The derived architecture has two layers: the key management layer and the authentication layer. Group management and authentication key distribution are conducted in the key management layer while authentication verification is performed in the authentication layer. We also propose the use of dynamic key technique and group key management in the authentication model. Membership-oriented group key management, adapted for wireless networks, is used to implement the group manager. A dynamic key generation scheme is proposed to create dynamic key sequences and dynamic keys are used to secure communications in both the key management layer and the authentication layer. In order to perform authentication verification, two authentication protocols (ticket-based and request-based) are proposed for the authentication verification of both individuals and groups of users and services and their merits are analysed. Our analysis and evaluation show that the application of the dynamic key scheme and group key management enable security and efficiency properties for authentication. At the same time, the two layers architecture and the proposed authentication model itself achieve flexibility and scalability. In summary, the proposed model, along with the derived architecture and its realisation using dynamic key theory and group key management, offers secure, efficient, scalable and flexible authentication for individuals and groups of users and services in dynamic and large wireless networks.